[Solved} Fail2ban: Jail 'Nextcloud' skipped, because of wrong configuration: Unable to read the filter 'Nextcloud'

1. offizieller Beitrag
    • Neu

    Hi there,


    I was not able to find a solution for my specific problem. I just installed fail2ban service in my OMV (v 6.9.15-2) and activated the pre-defined jail nginx-404.

    So far so good - it's working.


    But when I add a new jail I get the error as you can see in the title of the thread. Can only be seen in fail2ban log via commad line. In OMV-GUI it looks OK.

    Only hint is when email is sent that only the nginx-404 jail is started.


    2024-05-06 12:42:41,751 fail2ban.server [42746]: INFO --------------------------------------------------

    2024-05-06 12:42:41,751 fail2ban.server [42746]: INFO Starting Fail2ban v0.11.2

    2024-05-06 12:42:41,752 fail2ban.observer [42746]: INFO Observer start...

    2024-05-06 12:42:41,762 fail2ban.database [42746]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'

    2024-05-06 12:42:41,763 fail2ban.transmitter [42746]: ERROR Jail 'Nextcloud' skipped, because of wrong configuration: Unable to read the filter 'Nextcloud'

    2024-05-06 12:42:41,764 fail2ban.jail [42746]: INFO Creating new jail 'nginx-404'

    2024-05-06 12:42:41,768 fail2ban.jail [42746]: INFO Jail 'nginx-404' uses poller {}

    2024-05-06 12:42:41,768 fail2ban.jail [42746]: INFO Initiated 'polling' backend

    2024-05-06 12:42:41,770 fail2ban.filter [42746]: INFO maxRetry: 3

    2024-05-06 12:42:41,771 fail2ban.filter [42746]: INFO findtime: 604800

    2024-05-06 12:42:41,771 fail2ban.actions [42746]: INFO banTime: -1

    2024-05-06 12:42:41,772 fail2ban.filter [42746]: INFO Added logfile: '/var/log/fail2ban.log' (pos = 4529, hash = 7ca0b5073b3ed34d846be143333e541a48b356f5)

    2024-05-06 12:42:41,774 fail2ban.jail [42746]: INFO Jail 'nginx-404' started


    The config files are there:


    root@omv:/etc/fail2ban/jail.d# ls -l

    insgesamt 28

    -rw-r--r-- 1 root root 98 6. Mai 12:42 openmediavault-36b96e6c-9187-4b93-b0c6-05c6d3e29dc3.conf.disabled

    -rw-r--r-- 1 root root 108 6. Mai 12:42 openmediavault-40e58b78-848c-4488-987d-2da577df78de.conf

    -rw-r--r-- 1 root root 121 6. Mai 12:42 openmediavault-4e3a2d25-326c-4dc8-bc05-22f303a62b75.conf

    -rw-r--r-- 1 root root 104 6. Mai 12:42 openmediavault-59650e01-5e07-4076-9b15-ce352f4b4356.conf.disabled

    -rw-r--r-- 1 root root 118 6. Mai 12:42 openmediavault-5f2b2d25-726c-5dc8-ac05-79f303a62b35.conf.disabled

    -rw-r--r-- 1 root root 139 6. Mai 12:42 openmediavault-6e3a7d25-326c-4dc8-bc05-63f303a62b21.conf.disabled

    -rw-r--r-- 1 root root 122 6. Mai 12:42 openmediavault-7e9a7d35-326c-4dc8-bc05-35f308a62b78.conf.disabled



    What can I do to add customized jails?


    Thanks for any hint.


    Regards

  • ryecoaaron

    Hat das Thema freigeschaltet.
    • Neu

    What does the nextcloud jail file look like?


    In addition to the guide that I have posted for fail2ban with nginx proxy manager: NGINX Proxy Manager with fail2ban guide


    I run fail2ban for nextcloud in a dedicated lxc. Here is what the jail and filter files look like for that:


    Code: nextcloud filter - nextcloud.conf
    [Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
    • Neu

    Well... I found out that Fail2ban inside OMV is pretty much ueseless (for me!).

    There is no option to define a filter with OMV-Gui. It's not a special question regarding nextcloud. I also run a OSCam server on my NAS (of course unkown to OMV) and also would like to define a filter via OMV-Webinterface to block unwanted access. But that's not possible with OMV fail2ban plugin.


    Thing is that you have to create a /etc/fail2ban/jail.local and and a filter in filter.d manually. Not a big problem.

    I thought this could be done comfortably by using OMV-Web-Gui.

  • AlBundy001

    Hat den Titel des Themas von „Fail2ban: Jail 'Nextcloud' skipped, because of wrong configuration: Unable to read the filter 'Nextcloud'“ zu „[Solved} Fail2ban: Jail 'Nextcloud' skipped, because of wrong configuration: Unable to read the filter 'Nextcloud'“ geändert.
    • Neu
    Zitat von AlBundy001

    Well... I found out that Fail2ban inside OMV is pretty much ueseless (for me!).

    There is no option to define a filter with OMV-Gui. It's not a special question regarding nextcloud. I also run a OSCam server on my NAS (of course unkown to OMV) and also would like to define a filter via OMV-Webinterface to block unwanted access. But that's not possible with OMV fail2ban plugin.


    Thing is that you have to create a /etc/fail2ban/jail.local and and a filter in filter.d manually. Not a big problem.

    I thought this could be done comfortably by using OMV-Web-Gui.

    If you look at that guide I posted about using fail2ban with nginx proxy manager, it uses a docker caontainer for both of them. If you give the fail2ban container access to the log directory you need to monitor and it can be used to block access to the host system with the right action definition, just like the fail2ban from the plugin, but using a docker will keep OMV from changing something if there is a further change made in the interface.


    If you are using these services on the internet, it is recommended to use a reverse proxy so that you don't have to open a bunch of ports on your server and thereby reduce your attack "footprint"


    I don't know how you deployed nextcloud or the OSCam server, as you didn't say, but if you did them directly on the underlying debian os and not in a docker or vm, you are asking for problems. OMV is not designed to "share" the host os with other server softwares.


    There are guides available on the guides section of the forum fornextcloud docker deployment, or if you prefer to be more "in control" of the install, you can do as I do and run nextcloud in an lxc with a docker database or even on a full vm. I personally choose the lxc route for the "control" of a manual install with the speed of docker, while a vm will be slower but offer even more isolation from the host.


    Neither of these options have the potential to "pollute" the underlying debian os that OMV tends to take partial control of, and will avoid breaking OMV.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden