Fail2ban и Nextcloud. Защита от подбора пароля с помощью

_{Вся информация и фото, взяты с https://2keep.net/fail2ban-nextcloud/}

Автор: Андрей Торженов

VKFacebookTwitterOdnoklassnikiLiveJournalTelegramViberWhatsApp

CentOS Linux release 7.7.1908 (Core)
Fail2ban 0.10.5
Nextcloud 18.0.3

Образец лога

# /var/www/html/nextcloud/data/nextcloud.log

...
{"reqId":"XpXlj81rpTusoAevHhk7xwAAAAQ","level":2,"time":"2020-04-14T19:32:17+03:00","remoteAddr":"94.43.175.122","user":"--","app":"no app in context","method":"POST","url":"/login","message":"Login failed: oceanww (Remote IP: 94.43.175.122)","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0","version":"18.0.3.0"}

/etc/fail2ban/filter.d/nextcloud.conf

123	[Definition]failregex=^{.*Login failed: .* \(Remote IP: <HOST>\).*}$ignoreregex =

/etc/fail2ban/jail.conf

123456789101112131415161718

...## JAILS#[nextcloud]enabled  = truefilter   = nextcloudport     = httpsaction   = iptables[name=Nextcloud, port=https, protocol=tcp]logpath  = /var/www/html/nextcloud/data/nextcloud.log## если в течении 10 часа:findtime    = 36000## произведено 3 неудачных попыток логина:maxretry = 3## то банить IP на 30 днейbantime  = 2592000

Пример работы

1234567

# tail -f /var/log/fail2ban.log...2020-04-14 19:38:42,208 fail2ban.filter         [7402]: INFO    [nextcloud] Found 94.43.175.122 - 2020-04-14 19:38:412020-04-14 19:39:07,476 fail2ban.filter         [7402]: INFO    [nextcloud] Found 94.43.175.122 - 2020-04-14 19:39:072020-04-14 19:39:32,124 fail2ban.filter         [7402]: INFO    [nextcloud] Found 94.43.175.122 - 2020-04-14 19:39:312020-04-14 19:39:32,269 fail2ban.actions        [7402]: NOTICE  [nextcloud] Ban 94.43.175.122