[GUIDE] fail2ban and owncloud

  • I use owncloud like the Instructions from Owncloud 8 and MySQL: alternative approach
    Can i use fail2ban with thes and how can i use?


    EDIT:
    I have found a solution and i will write down here

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

    Edited 2 times, last by happyreacer ().

  • You need a working Owncloud like the guid from Owncloud 8 and MySQL: alternative approach
    and the fail2ban plugin.
    I have test it with owncloud 8.0.4 and 8.1 but it is for 8.2 too

    • log on your omv system
    • go in to the config.php from owncloud like so:

      Code
      nano /media/UUID from the disk/owncloud/config/config.php


    • add code for example in Germany:

      Code
      'logtimezone' => 'Europe/Berlin',
      'log_type' => 'owncloud' ,
      'log_authfailip' => true,
    • save and go out from the config.php
    • make a filter for fail2ban:

      Code
      nano /etc/fail2ban/filter.d/owncloud.conf


    • copy for owncloud 8.2 the lines in the owncloud.conf:

      Code
      [Definition]
      failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}
      ignoreregex =


      for owncloud 8.1 the lines in the owncloud.conf:

      Code
      [Definition]
      failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>\)","level":2,"time":".*"}
      ignoreregex =


      copy for owncloud 8.0.x the lines in the owncloud.conf:

      Code
      [Definition]
      failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"}
      ignoreregex =


      it is different to owncloud 7

    • save and go out.
    • go in the OMV GUI to the fail2ban plugin
    • go to jails tab an add a new one
      name: owncloud
      Ports: the ports do you use for owncloud. perhaps 90,50443
      max retry: perhaps 3
      ban time: perhaps -1
      filter: owncloud
      log path: The path to your owncloud.log --> for example /media/UUID from the disk/owncloud/data/owncloud.log
    • activate the jail and fail2ban ;-)

    you can test the jail on your omv system with:

    Code
    fail2ban-regex /media/UUID from the disk/owncloud/data/owncloud.log /etc/fail2ban/filter.d/owncloud.conf

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

    Edited 9 times, last by happyreacer ().

  • Hi, i try to configue file2ban with you guide, but have some troubles.
    File: /etc/fail2ban/jail.conf

    Code
    chain = INPUTaction_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(c$action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%$%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", cha$action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="$%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, $action = %(action_mwl)s[owncloud]enabled = yesport = 80, 443filter = owncloudlogpath = /var/log/owncloud.logbantime = 3600maxretry = 3


    owncloud.conf

    Code
    [Definition]
    failregex={"app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '$
    {"reqId":".*","remoteAddr":"<HOST>","app":"core","message":"Login failed: .*","level"$


    owncloud config.php

    Code
    'logtimezone' => 'Europe/Kiev',
    'log_type' => 'owncloud',
    'log_authfailip' => true,
    'logfile' => '/var/log/owncloud.log',
    'loglevel' => '2',


    file2ban.log


    owncloud.log

    Code
    {"reqId":"p1S\/cQhXxUG8AZty7VYL","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdg' (Remote IP: '::ffff:192.168.20.143)","leve$
    {"reqId":"JqOjJ9w34+XBV8QdctMq","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdg' (Remote IP: '::ffff:192.168.20.143)","level$
    {"reqId":"w80\/RpVvyZ1USK\/Y\/cXq","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjg' (Remote IP: '::ffff:192.168.20.143)$
    {"reqId":"NnnhtzAlyTsiRcVJ9\/li","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjg' (Remote IP: '::ffff:192.168.20.143)",$
    {"reqId":"1L2jcXZPO1yGWPHVTmZs","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$
    {"reqId":"F+061eL29K2t\/HLuxO6W","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.$
    {"reqId":"XErrVvzPEGUMfAgEkH1Q","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$
    {"reqId":"Np7RpNHDSMqxQUJRtEMZ","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$
    {"reqId":"Vfz2y14i1rviPZFHWoVH","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$


    and test of fail2ban


    PLS help me to configue fail2ban plugin

  • how version of owncloud do you use?

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • sorry, i don't test fail2ban with owncloud 8.1. I have other errors in owncloud 8.1 and i down't know to fix it (see Owncloud 8 and MySQL: alternative approach )

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • same changes like the first therd only an other filter:


    OC 8.1:

    Code
    [Definition]
    failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>\)","level":2,"time":".*"}
    ignoreregex =


    we can make an own forumchannel for owncloud in omv ;)

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • I wish you success :thumbup:

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • can you post your config? MySQL sqlite / omv 1.x or 2.x / oc version...
    how looks your status in your omv service fail2ban?

    Code
    | |- Currently failed: 1
    | `- Total failed: 2
    `- action
    |- Currently banned: 0
    | `- IP list:
    `- Total banned: 0


    can you see a number on total failed ?

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • Status
    |- Number of jail: 1
    `- Jail list: owncloud


    Status for the jail: owncloud
    |- filter
    | |- File list: /var/log/owncloud.log
    | |- Currently failed: 2
    | `- Total failed: 22
    `- action
    |- Currently banned: 0
    | `- IP list:
    `- Total banned: 0


    ================================================================================
    = OS/Debian information
    ================================================================================
    Distributor ID: debian
    Description: Debian GNU/Linux 7 (wheezy)
    Release: 7.8
    Codename: wheezy


    ================================================================================
    = OpenMediaVault information
    ================================================================================
    Release: 2.1.1
    Codename: Stone burner

  • what does your option from the jail in omv have?

    Code
    max retry:
    ban time:

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

    Edited once, last by happyreacer ().

  • and you test it with minimum 3 wrong passwords in owncloud WebGUI?
    I see you have only

    Code
    | |- Currently failed: 2


    tested

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • @grekazrail please give me a feedback

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

  • ok, i try to login via web gui, insert many times, more than 10 whith pause in 5-10sec. In log
    Status
    |- Number of jail: 1
    `- Jail list: owncloud


    Status for the jail: owncloud
    |- filter
    | |- File list: /var/log/owncloud.log
    | |- Currently failed: 2
    | `- Total failed: 25
    `- action
    |- Currently banned: 1
    | `- IP list: 192.168.20.143
    `- Total banned: 1


    I see that Currently failed dont changes more then 2, and total failed is +1 avery times when i failed login/
    And, |- Currently banned: 1| `- IP list: 192.168.20.143`- Total banned: 1 - this IP of my host, but I can access to owncloud web gui logon page every time

  • ah, okay... hmmm

    Code
    | |- Currently failed: 2

    is an other thing what i meen. sorry, but i think it work. You have banned ip.

    omv 5.x | 64 bit | omvextrasorg 5.x | kernel 5.4
    used plugins: omv-extras | portainer | rsnapshot | antivirus
    used container: portainer/portainer | linuxserver/nextcloud | linuxserver/letsencrypt | linuxserver/mariadb | jellyfin/jellyfin | doliana/logitech-media-server | v2tec/watchtower | instrumentisto/coturn

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!