Fail2Ban

# ##############################################################################################################
#

## install fail2ban ##
- @apt-get update
- @apt-get install fail2ban

## edit nextcloud config.php ##
- @nano /var/www/nextcloud/config/config.php

'log_type' => 'file',
  'logtimezone' => 'Europe/Berlin',
  'logfile' => '/var/log/nextcloud.log',
  'loglevel' => 2,
  'syslog_tag' => 'Nextcloud',
## prepare logfile ##
- @touch /var/log/nextcloud.log
- @chown -R www-data:www-data /var/log/nextcloud.log
- @chmod -R 755 /var/log/nextcloud.log
## create the Nextcloud-filter ##
- @nano /etc/fail2ban/filter.d/nextcloud.conf

[Definition]
failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
               ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
               ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$

## create new jail Port. Hinweis: port ändern wenn Nextcloud (Apache Server) auf einen anderen Port lauscht als 80 und 443##
- @nano /etc/fail2ban/jail.d/nextcloud.local
[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 36000
findtime = 36000
logpath = /var/log/nextcloud.log

## restart fail2ban ##
- @service fail2ban restart

## test fail2ban ##
- @fail2ban-client status

- @fail2ban-regex /var/log/nextcloud.log /etc/fail2ban/filter.d/nextcloud.conf

=> "macthed" should be ≠ 0
# 
# #############################################################################################################