GitLab

Created by: Elethiomel

A major issue for us is that we require that any software that is outward facing has brute-force attack prevention. We generally implement this via fail2ban which monitors system/application logfiles and drops in an ipchains ban. Unfortunately gitlab doesn't seem to log failed logins at all.

The general format that fail2ban expects is a log line containing a timestamp and a source ip/hostname. More verbose logging such as the username attempted would be beneficial too.