[GUIDE] fail2ban and owncloud
-
- OMV 1.0
- happyreacer
-
-
I can see owncloud show invalid log-in, but it didn't ban me from the IP I'm logged in.
I enabled Fail2Ban, but when I went to services in OMV, it said: "Failed to execute command 'fail2ban-client status".... -
-
I found the errors that caused my fail2ban service unable to turn on.
Fail2Ban only allow the following jails turn on at the same time:
1. apache-noscript
2. owncloud
3. sshMeaning I can only have these three jails running at the same time.
If I turn on additional jails filter, fail2ban will not run for me.The fail2ban is now working, but there is a glitch.
My filter is set to ban bad-login IP for 15 min.
However, after 15 min, it worked.
Then I restart OMV, somehow fail2ban automatically re-ban the previous IP again without anybody try to log in.
In order for me to fix this, I have to clear the owncloud.log. -
Hi
Source : http://www.rojtberg.net/711/secure-owncloud-server/
You can change your owncloud jail file by this :/etc/fail2ban/filter.d/owncloud.conf
Code[Definition] failregex = {"app":"core","message":"Login failed:(.*) , wrong password, IP:<HOST>","level":2,"time":".*"} {"app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"} {"reqId":".*","remoteAddr":"<HOST>","app":"core","message":"Login failed: .*","level":2,"time":".*"} ignoreregex =
The first line is for owncloud <= 7.0.1. (for 6.0.4 openMediaVault-owncloud 1.4)
The second for owncloud 7.0.2-7.05
and the bottom one for owncloud 8. -
>The fail2ban is now working, but there is a glitch.
>My filter is set to ban bad-login IP for 15 min.
>However, after 15 min, it worked.
It is bizard, have you restart fail2ban service ?
whats's 'service fail2ban status show' ?
whats's 'fail2ban-client status show' ?>Then I restart OMV, somehow fail2ban automatically re-ban the previous IP again without anybody try to log in.In order for me to fix this, I have to clear the owncloud.log.
It is normal, you have to clear the log file if it's a good ip ...
You can add good ip on IgnoreIp : 127.0.0.1 192.168.0.1 192.168.0.2 -
Code
Status |- Number of jail: 3 `- Jail list: owncloud, apache-noscript, ssh `- action |- Currently banned: 1 | `- IP list: 192.111.000.141 `- Total banned: 1
I notice that your OC v8 code is different from happyreacer's code:
Codefailregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>\)","level":2,"time":".*"}
I just want to confirm that this code for OC v8 is working for me:
Codefailregex = {"reqId":".*","remoteAddr":"<HOST>","app":"core","message":"Login failed: .*","level":2,"time":".*"}
Thanks, pr_bond. -
For info openmediavault-fai2ban 1.1.4 have now owncloud jail included
-
Zitat
For info openmediavault-fai2ban 1.1.4 have now owncloud jail included
Thanks!
only for the plugin owncloud version! -
So your F2B jail is for only owncloud plugin, not the one we install manually?
I just tested F2B on OMV and OwnCloud, and I found out this:
Fail2Ban recorded & email me all the details that I need for OwnCloud's incorrect login attempts such as IP, time stamp, ...
However, for OMW admin's failed log in, it's only banned , and send me the recorded the time stamp, but it didn't give me the IP or the device info.
I modified the OMV F2B's jail to ban for 15 mins, but it din't work.
It's only banned for 3 minutes.How do I change OMV failed to ban longer than 3 mins, and record failed IP login?
I got these notifications in my email from OMV:
Zitat
Too many failed login attempts from user 'admin' [server.mydomain.com]
User 'admin' has been banned at Aug 20 19:41:04 after 14 failed login attempts. Access is denied for 3 minutes. After that time, the user is able to log in again with the correct password.
User 'admin' has been banned at Aug 20 19:38:33 after 13 failed login attempts. Access is denied for 3 minutes. After that time, the user is able to log in again with the correct password. -
No fail2ban is not only for owncloud ..
Fail2ban is for ftp, ssh, apache, nginx ... a lot servicesYou should change ban time for jail you want.
900 / 60 = 15 min is right, you save and apply modification.It Is strange, could you deactivate fail2ban and reactivate it.
See Status in : Diagnostic->services->Fail2ban
-
I'll try.
But do I need to keep this settings or remove it since F2B have owncloud jail now?
Zitatlog on your omv system
go in to the config.php from owncloud like so:
Source Code
nano /media/UUID from the disk/owncloud/config/config.phpadd code for example in Germany:
Source Code
'logtimezone' => 'Europe/Berlin',
'log_type' => 'owncloud' ,
'log_authfailip' => true,save and go out from the config.php
make a filter for fail2ban:
Source Code
nano /etc/fail2ban/filter.d/owncloud.confcopy for owncloud 8.1 the lines in the owncloud.conf:
Source Code
[Definition]
failregex = {"reqId":".*","remoteAddr":"<HOST>","app":"core","message":"Login failed: .*","level":2,"time":".*"} -
Zitat
log on your omv system
go in to the config.php from owncloud like so:
Source Code
nano /media/UUID from the disk/owncloud/config/config.phpadd code for example in Germany:
Source Code
'logtimezone' => 'Europe/Berlin',
'log_type' => 'owncloud' ,
'log_authfailip' => true,save and go out from the config.php
make a filter for fail2ban:
Source Code
nano /etc/fail2ban/filter.d/owncloud.confcopy for owncloud 8.1 the lines in the owncloud.conf:
Source Code
[Definition]
failregex = {"reqId":".*","remoteAddr":"<HOST>","app":"core","message":"Login failed: .*","level":2,"time":".*"}The owncloud jail is included now for you
-
I just removed the /etc/fail2ban/filter.d/owncloud.conf , but Fail2Ban is unable to run.
Edit: So, I have to re-added the owncloud.conf, F2B is now running fine.CodeError #4000: exception 'OMVException' with message 'Failed to execute command 'fail2ban-client status 2>&1': ERROR Unable to contact server. Is it running?' in /usr/share/openmediavault/engined/rpc/fail2ban.inc:368 Stack trace: #0 [internal function]: OMVRpcServiceFail2ban->getStats(NULL, Array) #1 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array) #2 /usr/share/php/openmediavault/rpc.inc(79): OMVRpcServiceAbstract->callMethod('getStats', NULL, Array) #3 /usr/sbin/omv-engined(500): OMVRpc::exec('Fail2Ban', 'getStats', NULL, Array, 1) #4 {main}
Code$ sudo fail2ban-client start WARNING 'findtime' not defined in 'ssh'. Using default value WARNING 'findtime' not defined in 'ssh-ddos'. Using default value WARNING 'findtime' not defined in 'apache-noscript'. Using default value WARNING 'findtime' not defined in 'apache-404'. Using default value WARNING 'findtime' not defined in 'proftp'. Using default value WARNING 'findtime' not defined in 'owncloud'. Using default value ERROR /etc/fail2ban/filter.d/owncloud.conf and /etc/fail2ban/filter.d/owncloud.local do not exist ERROR Unable to read the filter ERROR Errors in jail 'owncloud'. Skipping...
-
hi there, same issue here:
root@raspberrypi:~# fail2ban-client start
WARNING 'findtime' not defined in 'ssh'. Using default value
WARNING 'findtime' not defined in 'dropbear'. Using default value
WARNING 'findtime' not defined in 'pam-generic'. Using default value
WARNING 'findtime' not defined in 'xinetd-fail'. Using default value
WARNING 'findtime' not defined in 'ssh-ddos'. Using default value
WARNING 'findtime' not defined in 'apache'. Using default value
WARNING 'findtime' not defined in 'apache-multiport'. Using default value
WARNING 'findtime' not defined in 'apache-noscript'. Using default value
WARNING 'findtime' not defined in 'apache-overflows'. Using default value
WARNING 'findtime' not defined in 'vsftpd'. Using default value
WARNING 'findtime' not defined in 'proftpd'. Using default value
WARNING 'findtime' not defined in 'pure-ftpd'. Using default value
WARNING 'findtime' not defined in 'wuftpd'. Using default value
WARNING 'findtime' not defined in 'postfix'. Using default value
WARNING 'findtime' not defined in 'couriersmtp'. Using default value
WARNING 'findtime' not defined in 'courierauth'. Using default value
WARNING 'findtime' not defined in 'sasl'. Using default value
WARNING 'findtime' not defined in 'dovecot'. Using default value
WARNING 'findtime' not defined in 'named-refused-tcp'. Using default value
2015-09-06 12:11:28,360 fail2ban.server : INFO Starting Fail2ban v0.8.6
2015-09-06 12:11:28,362 fail2ban.server : INFO Starting in daemon modeit looks like the f2b still takes all the conf files from the /etc/fail2ban/filter.d/ directory
-
There is an app called "ExtraSecurity" on OwnCloud.
Anybody knows if this will have any conflict when using with Fail2Ban OC jail?
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!