Buenas, he querido meter una capa más de seguridad a owncloud en mi casa. He realizado lo siguiente para hacerlo funcionar con owncloud.
He copiado el fichero jail.conf a jail.local puesto que por lo visto cuando fail2ban actualiza, te machaca el fichero jail.conf. Una vez realizado esto, he añadido lo siguiente al fichero jail.local: [owncloud-login] enabled = true port = 8000 filter = owncloud-login logpath = /var/lib/owncloud/data/owncloud.log maxretry = 3 Lo que me quedaba, era meter el filtro en filter.d, llamado owncloud-login.conf (importante el .conf si no no te lo coge y da error fail2ban, lógicamente). [Definition] failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"} Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente: Running tests ============= Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf Use log file : /var/lib/owncloud/data/owncloud.log Results ======= Failregex |- Regular expressions: | [1] {"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"} | `- Number of matches: [1] 95 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary ======= Addresses found: [1] 192.168.0.33 (Mon Mar 02 15:31:12 2015) 192.168.0.33 (Mon Mar 02 17:19:57 2015) 192.168.0.33 (Mon Mar 02 17:20:04 2015) 192.168.0.33 (Tue Mar 03 09:01:15 2015) 192.168.0.33 (Tue Mar 03 09:01:19 2015) 192.168.0.33 (Tue Mar 03 09:01:23 2015) 192.168.0.33 (Tue Mar 03 09:01:28 2015) 192.168.0.33 (Tue Mar 03 10:24:06 2015) 192.168.0.33 (Tue Mar 03 10:24:17 2015) 192.168.0.33 (Tue Mar 03 10:24:33 2015) 192.168.0.33 (Tue Mar 03 10:37:44 2015) 192.168.0.33 (Tue Mar 03 10:42:25 2015) 192.168.0.33 (Tue Mar 03 10:42:31 2015) 192.168.0.33 (Tue Mar 03 10:42:35 2015) 192.168.0.33 (Tue Mar 03 10:42:37 2015) 192.168.0.33 (Tue Mar 03 10:42:39 2015) 192.168.0.33 (Tue Mar 03 10:42:42 2015) 192.168.0.33 (Tue Mar 03 10:42:43 2015) 192.168.0.33 (Tue Mar 03 10:42:54 2015) 192.168.0.33 (Tue Mar 03 10:42:55 2015) 192.168.0.33 (Tue Mar 03 10:42:57 2015) 192.168.0.33 (Tue Mar 03 10:42:58 2015) 192.168.0.33 (Tue Mar 03 10:42:59 2015) 192.168.0.33 (Tue Mar 03 10:43:00 2015) 192.168.0.33 (Tue Mar 03 10:45:33 2015) 192.168.0.33 (Tue Mar 03 10:45:36 2015) 192.168.0.33 (Tue Mar 03 10:45:37 2015) 192.168.0.33 (Tue Mar 03 10:45:39 2015) 192.168.0.33 (Tue Mar 03 10:45:41 2015) 192.168.0.33 (Tue Mar 03 10:45:42 2015) 192.168.0.33 (Tue Mar 03 10:45:44 2015) 192.168.0.33 (Tue Mar 03 10:45:45 2015) 192.168.0.33 (Tue Mar 03 10:45:47 2015) 192.168.0.33 (Tue Mar 03 10:58:55 2015) 192.168.0.33 (Tue Mar 03 10:58:57 2015) 192.168.0.33 (Tue Mar 03 10:58:59 2015) 192.168.0.33 (Tue Mar 03 10:59:01 2015) 192.168.0.33 (Tue Mar 03 10:59:05 2015) 192.168.0.33 (Tue Mar 03 10:59:06 2015) 192.168.0.33 (Tue Mar 03 10:59:09 2015) 192.168.0.33 (Tue Mar 03 11:06:32 2015) 192.168.0.33 (Tue Mar 03 11:06:38 2015) 192.168.0.33 (Tue Mar 03 11:06:40 2015) 192.168.0.33 (Tue Mar 03 11:06:41 2015) 192.168.0.33 (Tue Mar 03 11:06:43 2015) 192.168.0.33 (Tue Mar 03 11:06:44 2015) 192.168.0.33 (Tue Mar 03 11:06:46 2015) 192.168.0.33 (Tue Mar 03 11:07:11 2015) 192.168.0.33 (Tue Mar 03 11:07:13 2015) 192.168.0.33 (Tue Mar 03 11:07:14 2015) 192.168.0.33 (Tue Mar 03 11:08:45 2015) 192.168.0.33 (Tue Mar 03 11:08:47 2015) 192.168.0.33 (Tue Mar 03 11:08:48 2015) 192.168.0.33 (Tue Mar 03 11:08:50 2015) 192.168.0.33 (Tue Mar 03 11:08:51 2015) 192.168.0.33 (Tue Mar 03 11:08:53 2015) 192.168.0.33 (Tue Mar 03 11:14:15 2015) 192.168.0.33 (Tue Mar 03 11:14:17 2015) 192.168.0.33 (Tue Mar 03 11:14:18 2015) 192.168.0.33 (Tue Mar 03 12:09:13 2015) 192.168.0.33 (Tue Mar 03 12:09:16 2015) 192.168.0.33 (Tue Mar 03 12:09:22 2015) 192.168.0.33 (Tue Mar 03 12:09:27 2015) 192.168.0.33 (Tue Mar 03 12:09:33 2015) 192.168.0.33 (Tue Mar 03 12:09:35 2015) 192.168.0.33 (Tue Mar 03 12:09:58 2015) 192.168.0.33 (Tue Mar 03 12:10:05 2015) 192.168.0.33 (Tue Mar 03 12:10:32 2015) 192.168.0.33 (Tue Mar 03 12:10:34 2015) 192.168.0.33 (Tue Mar 03 12:14:14 2015) 192.168.0.33 (Tue Mar 03 12:14:17 2015) 192.168.0.33 (Tue Mar 03 12:14:19 2015) 192.168.0.33 (Tue Mar 03 12:14:21 2015) 192.168.0.33 (Tue Mar 03 12:14:55 2015) 192.168.0.33 (Tue Mar 03 12:15:02 2015) 192.168.0.33 (Tue Mar 03 12:15:04 2015) 192.168.0.33 (Tue Mar 03 12:15:06 2015) 192.168.0.33 (Tue Mar 03 12:15:08 2015) 192.168.0.33 (Tue Mar 03 12:21:35 2015) 192.168.0.33 (Tue Mar 03 12:21:38 2015) 192.168.0.33 (Tue Mar 03 12:21:40 2015) 192.168.0.33 (Tue Mar 03 12:21:41 2015) 192.168.0.33 (Tue Mar 03 12:21:42 2015) 192.168.0.33 (Tue Mar 03 12:21:44 2015) 192.168.0.33 (Tue Mar 03 12:21:46 2015) 192.168.0.33 (Tue Mar 03 12:21:47 2015) 192.168.0.33 (Tue Mar 03 12:21:49 2015) 192.168.0.33 (Tue Mar 03 12:22:35 2015) 192.168.0.33 (Tue Mar 03 12:22:36 2015) 192.168.0.33 (Tue Mar 03 12:22:37 2015) 192.168.0.33 (Tue Mar 03 12:22:40 2015) 192.168.0.33 (Tue Mar 03 12:22:42 2015) 192.168.0.33 (Tue Mar 03 12:22:43 2015) 192.168.0.33 (Tue Mar 03 12:22:45 2015) 192.168.0.33 (Tue Mar 03 12:22:46 2015) Date template hits: 0 hit(s): MONTH Day Hour:Minute:Second 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second 0 hit(s): Year/Month/Day Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/Month/Year Hour:Minute:Second 0 hit(s): Day/MONTH/Year:Hour:Minute:Second 0 hit(s): Month/Day/Year:Hour:Minute:Second 0 hit(s): Year-Month-Day Hour:Minute:Second 0 hit(s): Year.Month.Day Hour:Minute:Second 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond] 0 hit(s): Day-Month-Year Hour:Minute:Second 0 hit(s): TAI64N 0 hit(s): Epoch 33757 hit(s): ISO 8601 0 hit(s): Hour:Minute:Second 0 hit(s): <Month/Day/Year@Hour:Minute:Second> Success, the total number of match is 95 However, look at the above section 'Running tests' which could contain important information. Pero el tema es que no me añade la regla en iptables... No entiendo por qué...He aumentado el debug en fail2ban, y veo que detecta cambios en el fichero de log de owncloud y demás pero no entiendo por qué no me pone la regla en iptables... He probado con ssh en la instalación por defecto y me bloquea perfectamente... Alguna idea? Gracias de antemano. Saludos. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj2aoa_ll-cxkfp72+cujp3thjvxjfctvtunhswjvagxvxt...@mail.gmail.com