Configure fail2ban for Gitblit-SSH

This procedure uses fail2ban.

First, create a new filter file gitblit.conf in filter directory (Debian/CentOS: /etc/fail2ban/filter.d/) or into filter.conf file. Here is an example:

failregex =  Failed login attempt for .+, invalid credentials from <HOST>\s*$
             could not authenticate .*? \(/<HOST>:[0-9]*\) for SSH using the supplied password$
ignoreregex =

Then edit jail.conf to add "gitblit" service (Debian: /etc/fail2ban/jail.conf). For example:

enabled = true
port = 443,29418
protocol = tcp
filter = gitblit
logpath = /var/log/gitblit.log

Reload fail2ban config to apply (fail2ban-client reload).

Check the status of the gitblit fail2ban jail with fail2ban-client status gitblit