I use owncloud like the Instructions from Owncloud 8 and MySQL: alternative approach
Can i use fail2ban with thes and how can i use?
EDIT:
I have found a solution and i will write down here
I use owncloud like the Instructions from Owncloud 8 and MySQL: alternative approach
Can i use fail2ban with thes and how can i use?
EDIT:
I have found a solution and i will write down here
You need a working Owncloud like the guid from Owncloud 8 and MySQL: alternative approach
and the fail2ban plugin.
I have test it with owncloud 8.0.4 and 8.1 but it is for 8.2 too
[Definition]
failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}
ignoreregex =
for owncloud 8.1 the lines in the owncloud.conf:
[Definition]
failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>\)","level":2,"time":".*"}
ignoreregex =
copy for owncloud 8.0.x the lines in the owncloud.conf:
[Definition]
failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"}
ignoreregex =
it is different to owncloud 7
you can test the jail on your omv system with:
Hi, i try to configue file2ban with you guide, but have some troubles.
File: /etc/fail2ban/jail.conf
chain = INPUTaction_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(c$action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%$%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", cha$action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="$%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, $action = %(action_mwl)s[owncloud]enabled = yesport = 80, 443filter = owncloudlogpath = /var/log/owncloud.logbantime = 3600maxretry = 3
owncloud.conf
[Definition]
failregex={"app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '$
{"reqId":".*","remoteAddr":"<HOST>","app":"core","message":"Login failed: .*","level"$
owncloud config.php
'logtimezone' => 'Europe/Kiev',
'log_type' => 'owncloud',
'log_authfailip' => true,
'logfile' => '/var/log/owncloud.log',
'loglevel' => '2',
file2ban.log
2015-07-10 22:07:29,222 fail2ban.server : INFO Stopping all jails
2015-07-10 22:07:29,779 fail2ban.jail : INFO Jail 'owncloud' stopped
2015-07-10 22:07:29,780 fail2ban.server : INFO Exiting Fail2ban
2015-07-10 22:07:30,221 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.lo$
2015-07-10 22:07:30,222 fail2ban.jail : INFO Creating new jail 'owncloud'
2015-07-10 22:07:30,223 fail2ban.jail : INFO Jail 'owncloud' uses poller
2015-07-10 22:07:30,256 fail2ban.filter : INFO Added logfile = /var/log/owncloud.log
2015-07-10 22:07:30,257 fail2ban.filter : INFO Set maxRetry = 3
2015-07-10 22:07:30,259 fail2ban.filter : INFO Set findtime = 600
2015-07-10 22:07:30,260 fail2ban.actions: INFO Set banTime = 3600
2015-07-10 22:07:30,281 fail2ban.jail : INFO Jail 'owncloud' started
2015-07-10 22:07:30,292 fail2ban.actions.action: ERROR iptables -N fail2ban-owncloud
iptables -A fail2ban-owncloud -j RETURN
iptables -I INPUT -p tcp -m multiport --dports 80, 443 -j fail2ban-owncloud returned 200
Alles anzeigen
owncloud.log
{"reqId":"p1S\/cQhXxUG8AZty7VYL","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdg' (Remote IP: '::ffff:192.168.20.143)","leve$
{"reqId":"JqOjJ9w34+XBV8QdctMq","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdg' (Remote IP: '::ffff:192.168.20.143)","level$
{"reqId":"w80\/RpVvyZ1USK\/Y\/cXq","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjg' (Remote IP: '::ffff:192.168.20.143)$
{"reqId":"NnnhtzAlyTsiRcVJ9\/li","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjg' (Remote IP: '::ffff:192.168.20.143)",$
{"reqId":"1L2jcXZPO1yGWPHVTmZs","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$
{"reqId":"F+061eL29K2t\/HLuxO6W","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.$
{"reqId":"XErrVvzPEGUMfAgEkH1Q","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$
{"reqId":"Np7RpNHDSMqxQUJRtEMZ","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$
{"reqId":"Vfz2y14i1rviPZFHWoVH","remoteAddr":"::ffff:192.168.20.143","app":"core","message":"Login failed: 'dfgfdgjghjgertert' (Remote IP: '::ffff:192.168.20.1$
and test of fail2ban
root@openmediavault:~# fail2ban-regex /var/log/owncloud.log /etc/fail2ban/filter.d/owncloud.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/owncloud.conf
Use log file : /var/log/owncloud.log
Results
=======
Failregex
|- Regular expressions:
| [1] {"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"}
|
`- Number of matches:
[1] 0 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Sorry, no match
Look at the above section 'Running tests' which could contain important
information.
Alles anzeigen
PLS help me to configue fail2ban plugin
how version of owncloud do you use?
ownCloud 8.1.0 (stable)
sorry, i don't test fail2ban with owncloud 8.1. I have other errors in owncloud 8.1 and i down't know to fix it (see Owncloud 8 and MySQL: alternative approach )
I need a Fail2Ban guide for OC v8.1.0.
Thanks 'happyreacer'.
I'll try it out tonight.
I wish you success
I tested new regex, and it work, but fail2ban dont blocking IP-s with fail logins
Status
|- Number of jail: 1
`- Jail list: owncloud
Status for the jail: owncloud
|- filter
| |- File list: /var/log/owncloud.log
| |- Currently failed: 2
| `- Total failed: 22
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
================================================================================
= OS/Debian information
================================================================================
Distributor ID: debian
Description: Debian GNU/Linux 7 (wheezy)
Release: 7.8
Codename: wheezy
================================================================================
= OpenMediaVault information
================================================================================
Release: 2.1.1
Codename: Stone burner
max retry: 3
ban time: 3600
@grekazrail please give me a feedback
ok, i try to login via web gui, insert many times, more than 10 whith pause in 5-10sec. In log
Status
|- Number of jail: 1
`- Jail list: owncloud
Status for the jail: owncloud
|- filter
| |- File list: /var/log/owncloud.log
| |- Currently failed: 2
| `- Total failed: 25
`- action
|- Currently banned: 1
| `- IP list: 192.168.20.143
`- Total banned: 1
I see that Currently failed dont changes more then 2, and total failed is +1 avery times when i failed login/
And, |- Currently banned: 1| `- IP list: 192.168.20.143`- Total banned: 1 - this IP of my host, but I can access to owncloud web gui logon page every time
ok, may be its work, but I can access to owncloud web gui from banned IP.
May be I must write something to iptables?
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!