Fail2ban/Nextcloud: Unterschied zwischen den Versionen
K Dirkwagner verschob die Seite Nextcloud/Installation/AIO/fail2ban nach Fail2ban/Nextcloud |
|||
| (15 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
== Standardinstallation == | |||
; Installieren Sie das Paket fail2ban | |||
<syntaxhighlight lang="bash" highlight="1" copy="" line=""> | |||
sudo apt install fail2ban | sudo apt install fail2ban | ||
</syntaxhighlight> | </syntaxhighlight> | ||
; /etc/fail2ban/filter.d/nextcloud.conf erstellen | |||
<syntaxhighlight lang="ini" copy="" line=""> | |||
[Definition] | [Definition] | ||
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) | _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) | ||
| Zeile 9: | Zeile 13: | ||
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. | ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. | ||
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" | datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
; /etc/fail2ban/jail.d/nextcloud.local erstellen | |||
<syntaxhighlight lang="ini" copy="" line=""> | |||
[nextcloud] | |||
backend = auto | |||
enabled = true | |||
port = 80,443 | |||
protocol = tcp | |||
filter = nextcloud | |||
maxretry = 5 | |||
bantime = 1h | |||
findtime = 3m | |||
logpath = /var/log/nextcloud.log | |||
</syntaxhighlight> | |||
; Fail2ban neu laden | |||
<syntaxhighlight lang="bash" highlight="1" copy="" line=""> | |||
sudo fail2ban-client reload | |||
</syntaxhighlight> | |||
; Überprüfen des Status von Nextcloud Jail | |||
<syntaxhighlight lang="bash" highlight="1" copy="" line=""> | |||
sudo fail2ban-client status nextcloud | |||
</syntaxhighlight> | |||
== Nextcloud AIO == | |||
Das Autorisierungsprotokoll für die Webschnittstelle von Nextcloud AIO befindet sich unter dem Mount-Pfad des Volumes | |||
<syntaxhighlight lang="bash" highlight="1" copy="" line=""> | |||
/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log | |||
</syntaxhighlight> | |||
; Installieren Sie das Paket fail2ban | |||
<syntaxhighlight lang="bash" highlight="1" copy="" line=""> | |||
sudo apt install fail2ban | |||
</syntaxhighlight> | |||
; /etc/fail2ban/filter.d/nextcloud.conf erstellen | |||
<syntaxhighlight lang="ini" copy="" line=""> | |||
[Definition] | |||
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) | |||
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed: | |||
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. | |||
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" | |||
</syntaxhighlight> | |||
; /etc/fail2ban/jail.d/nextcloud.local erstellen | |||
<syntaxhighlight lang="ini" copy="" line=""> | |||
[nextcloud] | [nextcloud] | ||
backend = auto | backend = auto | ||
| Zeile 17: | Zeile 69: | ||
filter = nextcloud | filter = nextcloud | ||
maxretry = 2 | maxretry = 2 | ||
bantime = | bantime = 1h | ||
findtime = 5m | findtime = 5m | ||
logpath = /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log | logpath = /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log | ||
chain=DOCKER-USER | chain=DOCKER-USER | ||
action = iptables-multiport[name=nextcloud, port="80,443", chain="DOCKER-USER"] | action = iptables-multiport[name=nextcloud, port="80,443", chain="DOCKER-USER"] | ||
</syntaxhighlight> | </syntaxhighlight> | ||
sudo | |||
</syntaxhighlight><noinclude> | ; Fail2ban neu laden | ||
<syntaxhighlight lang="bash" highlight="1" copy="" line=""> | |||
sudo fail2ban-client reload | |||
</syntaxhighlight> | |||
; Überprüfen des Status der Nextcloud Jail | |||
<syntaxhighlight lang="bash" highlight="1" copy="" line=""> | |||
sudo fail2ban-client status nextcloud | |||
</syntaxhighlight> | |||
[[Kategorie:Nextcloud/Sicherheit]] | |||
[[Kategorie:Fail2ban]] | |||
<noinclude> | |||
Aktuelle Version vom 30. Dezember 2025, 11:52 Uhr
Standardinstallation
- Installieren Sie das Paket fail2ban
sudo apt install fail2ban
- /etc/fail2ban/filter.d/nextcloud.conf erstellen
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
- /etc/fail2ban/jail.d/nextcloud.local erstellen
[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 5
bantime = 1h
findtime = 3m
logpath = /var/log/nextcloud.log
- Fail2ban neu laden
sudo fail2ban-client reload
- Überprüfen des Status von Nextcloud Jail
sudo fail2ban-client status nextcloud
Nextcloud AIO
Das Autorisierungsprotokoll für die Webschnittstelle von Nextcloud AIO befindet sich unter dem Mount-Pfad des Volumes
/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log
- Installieren Sie das Paket fail2ban
sudo apt install fail2ban
- /etc/fail2ban/filter.d/nextcloud.conf erstellen
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
- /etc/fail2ban/jail.d/nextcloud.local erstellen
[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 2
bantime = 1h
findtime = 5m
logpath = /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log
chain=DOCKER-USER
action = iptables-multiport[name=nextcloud, port="80,443", chain="DOCKER-USER"]
- Fail2ban neu laden
sudo fail2ban-client reload
- Überprüfen des Status der Nextcloud Jail
sudo fail2ban-client status nextcloud