Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy

2015-03-03 Por tema Maykel Franco 
Buenas, he querido meter una capa más de seguridad a owncloud en mi
casa. He realizado lo siguiente para hacerlo funcionar con owncloud.

He copiado el fichero jail.conf a jail.local puesto que por lo visto
cuando fail2ban actualiza, te machaca el fichero jail.conf.

Una vez realizado esto, he añadido lo siguiente al fichero jail.local:

[owncloud-login]
enabled   = true
port  = 8000
filter= owncloud-login
logpath   = /var/lib/owncloud/data/owncloud.log
maxretry  = 3


Lo que me quedaba, era meter el filtro en filter.d, llamado
owncloud-login.conf (importante el .conf si no no te lo coge y da
error fail2ban, lógicamente).


[Definition]
failregex={reqId:.*,remoteAddr:.*,app:core,message:Login
failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For:
'.*'\),level:2,time:.*}

Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente:

Running tests
=

Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf
Use log file   : /var/lib/owncloud/data/owncloud.log


Results
===

Failregex
|- Regular expressions:
|  [1] {reqId:.*,remoteAddr:.*,app:core,message:Login
failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For:
'.*'\),level:2,time:.*}
|
`- Number of matches:
   [1] 95 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
===

Addresses found:
[1]
192.168.0.33 (Mon Mar 02 15:31:12 2015)
192.168.0.33 (Mon Mar 02 17:19:57 2015)
192.168.0.33 (Mon Mar 02 17:20:04 2015)
192.168.0.33 (Tue Mar 03 09:01:15 2015)
192.168.0.33 (Tue Mar 03 09:01:19 2015)
192.168.0.33 (Tue Mar 03 09:01:23 2015)
192.168.0.33 (Tue Mar 03 09:01:28 2015)
192.168.0.33 (Tue Mar 03 10:24:06 2015)
192.168.0.33 (Tue Mar 03 10:24:17 2015)
192.168.0.33 (Tue Mar 03 10:24:33 2015)
192.168.0.33 (Tue Mar 03 10:37:44 2015)
192.168.0.33 (Tue Mar 03 10:42:25 2015)
192.168.0.33 (Tue Mar 03 10:42:31 2015)
192.168.0.33 (Tue Mar 03 10:42:35 2015)
192.168.0.33 (Tue Mar 03 10:42:37 2015)
192.168.0.33 (Tue Mar 03 10:42:39 2015)
192.168.0.33 (Tue Mar 03 10:42:42 2015)
192.168.0.33 (Tue Mar 03 10:42:43 2015)
192.168.0.33 (Tue Mar 03 10:42:54 2015)
192.168.0.33 (Tue Mar 03 10:42:55 2015)
192.168.0.33 (Tue Mar 03 10:42:57 2015)
192.168.0.33 (Tue Mar 03 10:42:58 2015)
192.168.0.33 (Tue Mar 03 10:42:59 2015)
192.168.0.33 (Tue Mar 03 10:43:00 2015)
192.168.0.33 (Tue Mar 03 10:45:33 2015)
192.168.0.33 (Tue Mar 03 10:45:36 2015)
192.168.0.33 (Tue Mar 03 10:45:37 2015)
192.168.0.33 (Tue Mar 03 10:45:39 2015)
192.168.0.33 (Tue Mar 03 10:45:41 2015)
192.168.0.33 (Tue Mar 03 10:45:42 2015)
192.168.0.33 (Tue Mar 03 10:45:44 2015)
192.168.0.33 (Tue Mar 03 10:45:45 2015)
192.168.0.33 (Tue Mar 03 10:45:47 2015)
192.168.0.33 (Tue Mar 03 10:58:55 2015)
192.168.0.33 (Tue Mar 03 10:58:57 2015)
192.168.0.33 (Tue Mar 03 10:58:59 2015)
192.168.0.33 (Tue Mar 03 10:59:01 2015)
192.168.0.33 (Tue Mar 03 10:59:05 2015)
192.168.0.33 (Tue Mar 03 10:59:06 2015)
192.168.0.33 (Tue Mar 03 10:59:09 2015)
192.168.0.33 (Tue Mar 03 11:06:32 2015)
192.168.0.33 (Tue Mar 03 11:06:38 2015)
192.168.0.33 (Tue Mar 03 11:06:40 2015)
192.168.0.33 (Tue Mar 03 11:06:41 2015)
192.168.0.33 (Tue Mar 03 11:06:43 2015)
192.168.0.33 (Tue Mar 03 11:06:44 2015)
192.168.0.33 (Tue Mar 03 11:06:46 2015)
192.168.0.33 (Tue Mar 03 11:07:11 2015)
192.168.0.33 (Tue Mar 03 11:07:13 2015)
192.168.0.33 (Tue Mar 03 11:07:14 2015)
192.168.0.33 (Tue Mar 03 11:08:45 2015)
192.168.0.33 (Tue Mar 03 11:08:47 2015)
192.168.0.33 (Tue Mar 03 11:08:48 2015)
192.168.0.33 (Tue Mar 03 11:08:50 2015)
192.168.0.33 (Tue Mar 03 11:08:51 2015)
192.168.0.33 (Tue Mar 03 11:08:53 2015)
192.168.0.33 (Tue Mar 03 11:14:15 2015)
192.168.0.33 (Tue Mar 03 11:14:17 2015)
192.168.0.33 (Tue Mar 03 11:14:18 2015)
192.168.0.33 (Tue Mar 03 12:09:13 2015)
192.168.0.33 (Tue Mar 03 12:09:16 2015)
192.168.0.33 (Tue Mar 03 12:09:22 2015)
192.168.0.33 (Tue Mar 03 12:09:27 2015)
192.168.0.33 (Tue Mar 03 12:09:33 2015)
192.168.0.33 (Tue Mar 03 12:09:35 2015)
192.168.0.33 (Tue Mar 03 12:09:58 2015)
192.168.0.33 (Tue Mar 03 12:10:05 2015)
192.168.0.33 (Tue Mar 03 12:10:32 2015)
192.168.0.33 (Tue Mar 03 12:10:34 2015)
192.168.0.33 (Tue Mar 03 12:14:14 2015)
192.168.0.33 (Tue Mar 03 12:14:17 2015)
192.168.0.33 (Tue Mar 03 12:14:19 2015)
192.168.0.33 (Tue Mar 03 12:14:21 2015)
192.168.0.33 (Tue Mar 03 12:14:55 2015)
192.168.0.33 (Tue Mar 03 12:15:02 2015)
192.168.0.33 (Tue Mar 03 12:15:04 2015)
192.168.0.33 (Tue Mar 03 12:15:06 2015)
192.168.0.33 (Tue Mar 03 12:15:08 2015)
192.168.0.33 (Tue Mar 03 12:21:35 2015)
192.168.0.33 (Tue Mar 03 12:21:38 2015)
192.168.0.33 (Tue Mar 03 12:21:40 2015)
192.168.0.33 (Tue Mar 03 12:21:41 2015)
192.168.0.33 (Tue Mar 03 12:21:42 2015)
192.168.0.33

[SOLUCIONADO] Re: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy

2015-03-03 Por tema Maykel Franco 
2015-03-03 13:29 GMT+01:00 Maykel Franco maykeldeb...@gmail.com:
 Buenas, he querido meter una capa más de seguridad a owncloud en mi
 casa. He realizado lo siguiente para hacerlo funcionar con owncloud.

 He copiado el fichero jail.conf a jail.local puesto que por lo visto
 cuando fail2ban actualiza, te machaca el fichero jail.conf.

 Una vez realizado esto, he añadido lo siguiente al fichero jail.local:

 [owncloud-login]
 enabled   = true
 port  = 8000
 filter= owncloud-login
 logpath   = /var/lib/owncloud/data/owncloud.log
 maxretry  = 3


 Lo que me quedaba, era meter el filtro en filter.d, llamado
 owncloud-login.conf (importante el .conf si no no te lo coge y da
 error fail2ban, lógicamente).


 [Definition]
 failregex={reqId:.*,remoteAddr:.*,app:core,message:Login
 failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For:
 '.*'\),level:2,time:.*}

 Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente:

 Running tests
 =

 Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf
 Use log file   : /var/lib/owncloud/data/owncloud.log


 Results
 ===

 Failregex
 |- Regular expressions:
 |  [1] {reqId:.*,remoteAddr:.*,app:core,message:Login
 failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For:
 '.*'\),level:2,time:.*}
 |
 `- Number of matches:
[1] 95 match(es)

 Ignoreregex
 |- Regular expressions:
 |
 `- Number of matches:

 Summary
 ===

 Addresses found:
 [1]
 192.168.0.33 (Mon Mar 02 15:31:12 2015)
 192.168.0.33 (Mon Mar 02 17:19:57 2015)
 192.168.0.33 (Mon Mar 02 17:20:04 2015)
 192.168.0.33 (Tue Mar 03 09:01:15 2015)
 192.168.0.33 (Tue Mar 03 09:01:19 2015)
 192.168.0.33 (Tue Mar 03 09:01:23 2015)
 192.168.0.33 (Tue Mar 03 09:01:28 2015)
 192.168.0.33 (Tue Mar 03 10:24:06 2015)
 192.168.0.33 (Tue Mar 03 10:24:17 2015)
 192.168.0.33 (Tue Mar 03 10:24:33 2015)
 192.168.0.33 (Tue Mar 03 10:37:44 2015)
 192.168.0.33 (Tue Mar 03 10:42:25 2015)
 192.168.0.33 (Tue Mar 03 10:42:31 2015)
 192.168.0.33 (Tue Mar 03 10:42:35 2015)
 192.168.0.33 (Tue Mar 03 10:42:37 2015)
 192.168.0.33 (Tue Mar 03 10:42:39 2015)
 192.168.0.33 (Tue Mar 03 10:42:42 2015)
 192.168.0.33 (Tue Mar 03 10:42:43 2015)
 192.168.0.33 (Tue Mar 03 10:42:54 2015)
 192.168.0.33 (Tue Mar 03 10:42:55 2015)
 192.168.0.33 (Tue Mar 03 10:42:57 2015)
 192.168.0.33 (Tue Mar 03 10:42:58 2015)
 192.168.0.33 (Tue Mar 03 10:42:59 2015)
 192.168.0.33 (Tue Mar 03 10:43:00 2015)
 192.168.0.33 (Tue Mar 03 10:45:33 2015)
 192.168.0.33 (Tue Mar 03 10:45:36 2015)
 192.168.0.33 (Tue Mar 03 10:45:37 2015)
 192.168.0.33 (Tue Mar 03 10:45:39 2015)
 192.168.0.33 (Tue Mar 03 10:45:41 2015)
 192.168.0.33 (Tue Mar 03 10:45:42 2015)
 192.168.0.33 (Tue Mar 03 10:45:44 2015)
 192.168.0.33 (Tue Mar 03 10:45:45 2015)
 192.168.0.33 (Tue Mar 03 10:45:47 2015)
 192.168.0.33 (Tue Mar 03 10:58:55 2015)
 192.168.0.33 (Tue Mar 03 10:58:57 2015)
 192.168.0.33 (Tue Mar 03 10:58:59 2015)
 192.168.0.33 (Tue Mar 03 10:59:01 2015)
 192.168.0.33 (Tue Mar 03 10:59:05 2015)
 192.168.0.33 (Tue Mar 03 10:59:06 2015)
 192.168.0.33 (Tue Mar 03 10:59:09 2015)
 192.168.0.33 (Tue Mar 03 11:06:32 2015)
 192.168.0.33 (Tue Mar 03 11:06:38 2015)
 192.168.0.33 (Tue Mar 03 11:06:40 2015)
 192.168.0.33 (Tue Mar 03 11:06:41 2015)
 192.168.0.33 (Tue Mar 03 11:06:43 2015)
 192.168.0.33 (Tue Mar 03 11:06:44 2015)
 192.168.0.33 (Tue Mar 03 11:06:46 2015)
 192.168.0.33 (Tue Mar 03 11:07:11 2015)
 192.168.0.33 (Tue Mar 03 11:07:13 2015)
 192.168.0.33 (Tue Mar 03 11:07:14 2015)
 192.168.0.33 (Tue Mar 03 11:08:45 2015)
 192.168.0.33 (Tue Mar 03 11:08:47 2015)
 192.168.0.33 (Tue Mar 03 11:08:48 2015)
 192.168.0.33 (Tue Mar 03 11:08:50 2015)
 192.168.0.33 (Tue Mar 03 11:08:51 2015)
 192.168.0.33 (Tue Mar 03 11:08:53 2015)
 192.168.0.33 (Tue Mar 03 11:14:15 2015)
 192.168.0.33 (Tue Mar 03 11:14:17 2015)
 192.168.0.33 (Tue Mar 03 11:14:18 2015)
 192.168.0.33 (Tue Mar 03 12:09:13 2015)
 192.168.0.33 (Tue Mar 03 12:09:16 2015)
 192.168.0.33 (Tue Mar 03 12:09:22 2015)
 192.168.0.33 (Tue Mar 03 12:09:27 2015)
 192.168.0.33 (Tue Mar 03 12:09:33 2015)
 192.168.0.33 (Tue Mar 03 12:09:35 2015)
 192.168.0.33 (Tue Mar 03 12:09:58 2015)
 192.168.0.33 (Tue Mar 03 12:10:05 2015)
 192.168.0.33 (Tue Mar 03 12:10:32 2015)
 192.168.0.33 (Tue Mar 03 12:10:34 2015)
 192.168.0.33 (Tue Mar 03 12:14:14 2015)
 192.168.0.33 (Tue Mar 03 12:14:17 2015)
 192.168.0.33 (Tue Mar 03 12:14:19 2015)
 192.168.0.33 (Tue Mar 03 12:14:21 2015)
 192.168.0.33 (Tue Mar 03 12:14:55 2015)
 192.168.0.33 (Tue Mar 03 12:15:02 2015)
 192.168.0.33 (Tue Mar 03 12:15:04 2015)
 192.168.0.33 (Tue Mar 03 12:15:06 2015)
 192.168.0.33 (Tue Mar 03 12:15:08 2015)
 192.168.0.33 (Tue Mar 03 12:21:35 2015)

[SOLUCIONADO] Re: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy

2015-03-03 Por tema Maykel Franco 
El día 3 de marzo de 2015, 14:54, Ramses ramses.sevi...@gmail.com escribió:
 El 03/03/2015, a las 13:29, Maykel Franco maykeldeb...@gmail.com escribió:

 Buenas, he querido meter una capa más de seguridad a owncloud en mi
 casa. He realizado lo siguiente para hacerlo funcionar con owncloud.

 He copiado el fichero jail.conf a jail.local puesto que por lo visto
 cuando fail2ban actualiza, te machaca el fichero jail.conf.

 Una vez realizado esto, he añadido lo siguiente al fichero jail.local:

 [owncloud-login]
 enabled   = true
 port  = 8000
 filter= owncloud-login
 logpath   = /var/lib/owncloud/data/owncloud.log
 maxretry  = 3

 ¿Porque te falta la Acción?


 Saludos,

 Ramses

 Lo que me quedaba, era meter el filtro en filter.d, llamado
 owncloud-login.conf (importante el .conf si no no te lo coge y da
 error fail2ban, lógicamente).


 [Definition]
 failregex={reqId:.*,remoteAddr:.*,app:core,message:Login
 failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For:
 '.*'\),level:2,time:.*}

 Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente:

 Running tests
 =

 Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf
 Use log file   : /var/lib/owncloud/data/owncloud.log


 Results
 ===

 Failregex
 |- Regular expressions:
 |  [1] {reqId:.*,remoteAddr:.*,app:core,message:Login
 failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For:
 '.*'\),level:2,time:.*}
 |
 `- Number of matches:
   [1] 95 match(es)

 Ignoreregex
 |- Regular expressions:
 |
 `- Number of matches:

 Summary
 ===

 Addresses found:
 [1]
192.168.0.33 (Mon Mar 02 15:31:12 2015)
192.168.0.33 (Mon Mar 02 17:19:57 2015)
192.168.0.33 (Mon Mar 02 17:20:04 2015)
192.168.0.33 (Tue Mar 03 09:01:15 2015)
192.168.0.33 (Tue Mar 03 09:01:19 2015)
192.168.0.33 (Tue Mar 03 09:01:23 2015)
192.168.0.33 (Tue Mar 03 09:01:28 2015)
192.168.0.33 (Tue Mar 03 10:24:06 2015)
192.168.0.33 (Tue Mar 03 10:24:17 2015)
192.168.0.33 (Tue Mar 03 10:24:33 2015)
192.168.0.33 (Tue Mar 03 10:37:44 2015)
192.168.0.33 (Tue Mar 03 10:42:25 2015)
192.168.0.33 (Tue Mar 03 10:42:31 2015)
192.168.0.33 (Tue Mar 03 10:42:35 2015)
192.168.0.33 (Tue Mar 03 10:42:37 2015)
192.168.0.33 (Tue Mar 03 10:42:39 2015)
192.168.0.33 (Tue Mar 03 10:42:42 2015)
192.168.0.33 (Tue Mar 03 10:42:43 2015)
192.168.0.33 (Tue Mar 03 10:42:54 2015)
192.168.0.33 (Tue Mar 03 10:42:55 2015)
192.168.0.33 (Tue Mar 03 10:42:57 2015)
192.168.0.33 (Tue Mar 03 10:42:58 2015)
192.168.0.33 (Tue Mar 03 10:42:59 2015)
192.168.0.33 (Tue Mar 03 10:43:00 2015)
192.168.0.33 (Tue Mar 03 10:45:33 2015)
192.168.0.33 (Tue Mar 03 10:45:36 2015)
192.168.0.33 (Tue Mar 03 10:45:37 2015)
192.168.0.33 (Tue Mar 03 10:45:39 2015)
192.168.0.33 (Tue Mar 03 10:45:41 2015)
192.168.0.33 (Tue Mar 03 10:45:42 2015)
192.168.0.33 (Tue Mar 03 10:45:44 2015)
192.168.0.33 (Tue Mar 03 10:45:45 2015)
192.168.0.33 (Tue Mar 03 10:45:47 2015)
192.168.0.33 (Tue Mar 03 10:58:55 2015)
192.168.0.33 (Tue Mar 03 10:58:57 2015)
192.168.0.33 (Tue Mar 03 10:58:59 2015)
192.168.0.33 (Tue Mar 03 10:59:01 2015)
192.168.0.33 (Tue Mar 03 10:59:05 2015)
192.168.0.33 (Tue Mar 03 10:59:06 2015)
192.168.0.33 (Tue Mar 03 10:59:09 2015)
192.168.0.33 (Tue Mar 03 11:06:32 2015)
192.168.0.33 (Tue Mar 03 11:06:38 2015)
192.168.0.33 (Tue Mar 03 11:06:40 2015)
192.168.0.33 (Tue Mar 03 11:06:41 2015)
192.168.0.33 (Tue Mar 03 11:06:43 2015)
192.168.0.33 (Tue Mar 03 11:06:44 2015)
192.168.0.33 (Tue Mar 03 11:06:46 2015)
192.168.0.33 (Tue Mar 03 11:07:11 2015)
192.168.0.33 (Tue Mar 03 11:07:13 2015)
192.168.0.33 (Tue Mar 03 11:07:14 2015)
192.168.0.33 (Tue Mar 03 11:08:45 2015)
192.168.0.33 (Tue Mar 03 11:08:47 2015)
192.168.0.33 (Tue Mar 03 11:08:48 2015)
192.168.0.33 (Tue Mar 03 11:08:50 2015)
192.168.0.33 (Tue Mar 03 11:08:51 2015)
192.168.0.33 (Tue Mar 03 11:08:53 2015)
192.168.0.33 (Tue Mar 03 11:14:15 2015)
192.168.0.33 (Tue Mar 03 11:14:17 2015)
192.168.0.33 (Tue Mar 03 11:14:18 2015)
192.168.0.33 (Tue Mar 03 12:09:13 2015)
192.168.0.33 (Tue Mar 03 12:09:16 2015)
192.168.0.33 (Tue Mar 03 12:09:22 2015)
192.168.0.33 (Tue Mar 03 12:09:27 2015)
192.168.0.33 (Tue Mar 03 12:09:33 2015)
192.168.0.33 (Tue Mar 03 12:09:35 2015)
192.168.0.33 (Tue Mar 03 12:09:58 2015)
192.168.0.33 (Tue Mar 03 12:10:05 2015)
192.168.0.33 (Tue Mar 03 12:10:32 2015)
192.168.0.33 (Tue Mar 03 12:10:34 2015)
192.168.0.33 (Tue Mar 03 12:14:14 2015)
192.168.0.33 (Tue Mar 03 12:14:17 2015)
192.168.0.33 (Tue Mar 03 12:14:19 2015)
192.168.0.33 (Tue Mar 03 12:14:21 2015)
192.168.0.33 (Tue Mar 03 12:14:55 2015)
192.168.0.33 (Tue Mar 03 12:15:02 2015)
192.168.0.33 (Tue Mar 03 12:15:04 2015)
192.168.0.33 (Tue Mar 03 12:15:06 2015)
192.168.0.33 (Tue Mar 03 12:15:08