Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy
Buenas, he querido meter una capa más de seguridad a owncloud en mi casa. He realizado lo siguiente para hacerlo funcionar con owncloud. He copiado el fichero jail.conf a jail.local puesto que por lo visto cuando fail2ban actualiza, te machaca el fichero jail.conf. Una vez realizado esto, he añadido lo siguiente al fichero jail.local: [owncloud-login] enabled = true port = 8000 filter= owncloud-login logpath = /var/lib/owncloud/data/owncloud.log maxretry = 3 Lo que me quedaba, era meter el filtro en filter.d, llamado owncloud-login.conf (importante el .conf si no no te lo coge y da error fail2ban, lógicamente). [Definition] failregex={reqId:.*,remoteAddr:.*,app:core,message:Login failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For: '.*'\),level:2,time:.*} Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente: Running tests = Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf Use log file : /var/lib/owncloud/data/owncloud.log Results === Failregex |- Regular expressions: | [1] {reqId:.*,remoteAddr:.*,app:core,message:Login failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For: '.*'\),level:2,time:.*} | `- Number of matches: [1] 95 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary === Addresses found: [1] 192.168.0.33 (Mon Mar 02 15:31:12 2015) 192.168.0.33 (Mon Mar 02 17:19:57 2015) 192.168.0.33 (Mon Mar 02 17:20:04 2015) 192.168.0.33 (Tue Mar 03 09:01:15 2015) 192.168.0.33 (Tue Mar 03 09:01:19 2015) 192.168.0.33 (Tue Mar 03 09:01:23 2015) 192.168.0.33 (Tue Mar 03 09:01:28 2015) 192.168.0.33 (Tue Mar 03 10:24:06 2015) 192.168.0.33 (Tue Mar 03 10:24:17 2015) 192.168.0.33 (Tue Mar 03 10:24:33 2015) 192.168.0.33 (Tue Mar 03 10:37:44 2015) 192.168.0.33 (Tue Mar 03 10:42:25 2015) 192.168.0.33 (Tue Mar 03 10:42:31 2015) 192.168.0.33 (Tue Mar 03 10:42:35 2015) 192.168.0.33 (Tue Mar 03 10:42:37 2015) 192.168.0.33 (Tue Mar 03 10:42:39 2015) 192.168.0.33 (Tue Mar 03 10:42:42 2015) 192.168.0.33 (Tue Mar 03 10:42:43 2015) 192.168.0.33 (Tue Mar 03 10:42:54 2015) 192.168.0.33 (Tue Mar 03 10:42:55 2015) 192.168.0.33 (Tue Mar 03 10:42:57 2015) 192.168.0.33 (Tue Mar 03 10:42:58 2015) 192.168.0.33 (Tue Mar 03 10:42:59 2015) 192.168.0.33 (Tue Mar 03 10:43:00 2015) 192.168.0.33 (Tue Mar 03 10:45:33 2015) 192.168.0.33 (Tue Mar 03 10:45:36 2015) 192.168.0.33 (Tue Mar 03 10:45:37 2015) 192.168.0.33 (Tue Mar 03 10:45:39 2015) 192.168.0.33 (Tue Mar 03 10:45:41 2015) 192.168.0.33 (Tue Mar 03 10:45:42 2015) 192.168.0.33 (Tue Mar 03 10:45:44 2015) 192.168.0.33 (Tue Mar 03 10:45:45 2015) 192.168.0.33 (Tue Mar 03 10:45:47 2015) 192.168.0.33 (Tue Mar 03 10:58:55 2015) 192.168.0.33 (Tue Mar 03 10:58:57 2015) 192.168.0.33 (Tue Mar 03 10:58:59 2015) 192.168.0.33 (Tue Mar 03 10:59:01 2015) 192.168.0.33 (Tue Mar 03 10:59:05 2015) 192.168.0.33 (Tue Mar 03 10:59:06 2015) 192.168.0.33 (Tue Mar 03 10:59:09 2015) 192.168.0.33 (Tue Mar 03 11:06:32 2015) 192.168.0.33 (Tue Mar 03 11:06:38 2015) 192.168.0.33 (Tue Mar 03 11:06:40 2015) 192.168.0.33 (Tue Mar 03 11:06:41 2015) 192.168.0.33 (Tue Mar 03 11:06:43 2015) 192.168.0.33 (Tue Mar 03 11:06:44 2015) 192.168.0.33 (Tue Mar 03 11:06:46 2015) 192.168.0.33 (Tue Mar 03 11:07:11 2015) 192.168.0.33 (Tue Mar 03 11:07:13 2015) 192.168.0.33 (Tue Mar 03 11:07:14 2015) 192.168.0.33 (Tue Mar 03 11:08:45 2015) 192.168.0.33 (Tue Mar 03 11:08:47 2015) 192.168.0.33 (Tue Mar 03 11:08:48 2015) 192.168.0.33 (Tue Mar 03 11:08:50 2015) 192.168.0.33 (Tue Mar 03 11:08:51 2015) 192.168.0.33 (Tue Mar 03 11:08:53 2015) 192.168.0.33 (Tue Mar 03 11:14:15 2015) 192.168.0.33 (Tue Mar 03 11:14:17 2015) 192.168.0.33 (Tue Mar 03 11:14:18 2015) 192.168.0.33 (Tue Mar 03 12:09:13 2015) 192.168.0.33 (Tue Mar 03 12:09:16 2015) 192.168.0.33 (Tue Mar 03 12:09:22 2015) 192.168.0.33 (Tue Mar 03 12:09:27 2015) 192.168.0.33 (Tue Mar 03 12:09:33 2015) 192.168.0.33 (Tue Mar 03 12:09:35 2015) 192.168.0.33 (Tue Mar 03 12:09:58 2015) 192.168.0.33 (Tue Mar 03 12:10:05 2015) 192.168.0.33 (Tue Mar 03 12:10:32 2015) 192.168.0.33 (Tue Mar 03 12:10:34 2015) 192.168.0.33 (Tue Mar 03 12:14:14 2015) 192.168.0.33 (Tue Mar 03 12:14:17 2015) 192.168.0.33 (Tue Mar 03 12:14:19 2015) 192.168.0.33 (Tue Mar 03 12:14:21 2015) 192.168.0.33 (Tue Mar 03 12:14:55 2015) 192.168.0.33 (Tue Mar 03 12:15:02 2015) 192.168.0.33 (Tue Mar 03 12:15:04 2015) 192.168.0.33 (Tue Mar 03 12:15:06 2015) 192.168.0.33 (Tue Mar 03 12:15:08 2015) 192.168.0.33 (Tue Mar 03 12:21:35 2015) 192.168.0.33 (Tue Mar 03 12:21:38 2015) 192.168.0.33 (Tue Mar 03 12:21:40 2015) 192.168.0.33 (Tue Mar 03 12:21:41 2015) 192.168.0.33 (Tue Mar 03 12:21:42 2015) 192.168.0.33
[SOLUCIONADO] Re: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy
2015-03-03 13:29 GMT+01:00 Maykel Franco maykeldeb...@gmail.com: Buenas, he querido meter una capa más de seguridad a owncloud en mi casa. He realizado lo siguiente para hacerlo funcionar con owncloud. He copiado el fichero jail.conf a jail.local puesto que por lo visto cuando fail2ban actualiza, te machaca el fichero jail.conf. Una vez realizado esto, he añadido lo siguiente al fichero jail.local: [owncloud-login] enabled = true port = 8000 filter= owncloud-login logpath = /var/lib/owncloud/data/owncloud.log maxretry = 3 Lo que me quedaba, era meter el filtro en filter.d, llamado owncloud-login.conf (importante el .conf si no no te lo coge y da error fail2ban, lógicamente). [Definition] failregex={reqId:.*,remoteAddr:.*,app:core,message:Login failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For: '.*'\),level:2,time:.*} Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente: Running tests = Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf Use log file : /var/lib/owncloud/data/owncloud.log Results === Failregex |- Regular expressions: | [1] {reqId:.*,remoteAddr:.*,app:core,message:Login failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For: '.*'\),level:2,time:.*} | `- Number of matches: [1] 95 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary === Addresses found: [1] 192.168.0.33 (Mon Mar 02 15:31:12 2015) 192.168.0.33 (Mon Mar 02 17:19:57 2015) 192.168.0.33 (Mon Mar 02 17:20:04 2015) 192.168.0.33 (Tue Mar 03 09:01:15 2015) 192.168.0.33 (Tue Mar 03 09:01:19 2015) 192.168.0.33 (Tue Mar 03 09:01:23 2015) 192.168.0.33 (Tue Mar 03 09:01:28 2015) 192.168.0.33 (Tue Mar 03 10:24:06 2015) 192.168.0.33 (Tue Mar 03 10:24:17 2015) 192.168.0.33 (Tue Mar 03 10:24:33 2015) 192.168.0.33 (Tue Mar 03 10:37:44 2015) 192.168.0.33 (Tue Mar 03 10:42:25 2015) 192.168.0.33 (Tue Mar 03 10:42:31 2015) 192.168.0.33 (Tue Mar 03 10:42:35 2015) 192.168.0.33 (Tue Mar 03 10:42:37 2015) 192.168.0.33 (Tue Mar 03 10:42:39 2015) 192.168.0.33 (Tue Mar 03 10:42:42 2015) 192.168.0.33 (Tue Mar 03 10:42:43 2015) 192.168.0.33 (Tue Mar 03 10:42:54 2015) 192.168.0.33 (Tue Mar 03 10:42:55 2015) 192.168.0.33 (Tue Mar 03 10:42:57 2015) 192.168.0.33 (Tue Mar 03 10:42:58 2015) 192.168.0.33 (Tue Mar 03 10:42:59 2015) 192.168.0.33 (Tue Mar 03 10:43:00 2015) 192.168.0.33 (Tue Mar 03 10:45:33 2015) 192.168.0.33 (Tue Mar 03 10:45:36 2015) 192.168.0.33 (Tue Mar 03 10:45:37 2015) 192.168.0.33 (Tue Mar 03 10:45:39 2015) 192.168.0.33 (Tue Mar 03 10:45:41 2015) 192.168.0.33 (Tue Mar 03 10:45:42 2015) 192.168.0.33 (Tue Mar 03 10:45:44 2015) 192.168.0.33 (Tue Mar 03 10:45:45 2015) 192.168.0.33 (Tue Mar 03 10:45:47 2015) 192.168.0.33 (Tue Mar 03 10:58:55 2015) 192.168.0.33 (Tue Mar 03 10:58:57 2015) 192.168.0.33 (Tue Mar 03 10:58:59 2015) 192.168.0.33 (Tue Mar 03 10:59:01 2015) 192.168.0.33 (Tue Mar 03 10:59:05 2015) 192.168.0.33 (Tue Mar 03 10:59:06 2015) 192.168.0.33 (Tue Mar 03 10:59:09 2015) 192.168.0.33 (Tue Mar 03 11:06:32 2015) 192.168.0.33 (Tue Mar 03 11:06:38 2015) 192.168.0.33 (Tue Mar 03 11:06:40 2015) 192.168.0.33 (Tue Mar 03 11:06:41 2015) 192.168.0.33 (Tue Mar 03 11:06:43 2015) 192.168.0.33 (Tue Mar 03 11:06:44 2015) 192.168.0.33 (Tue Mar 03 11:06:46 2015) 192.168.0.33 (Tue Mar 03 11:07:11 2015) 192.168.0.33 (Tue Mar 03 11:07:13 2015) 192.168.0.33 (Tue Mar 03 11:07:14 2015) 192.168.0.33 (Tue Mar 03 11:08:45 2015) 192.168.0.33 (Tue Mar 03 11:08:47 2015) 192.168.0.33 (Tue Mar 03 11:08:48 2015) 192.168.0.33 (Tue Mar 03 11:08:50 2015) 192.168.0.33 (Tue Mar 03 11:08:51 2015) 192.168.0.33 (Tue Mar 03 11:08:53 2015) 192.168.0.33 (Tue Mar 03 11:14:15 2015) 192.168.0.33 (Tue Mar 03 11:14:17 2015) 192.168.0.33 (Tue Mar 03 11:14:18 2015) 192.168.0.33 (Tue Mar 03 12:09:13 2015) 192.168.0.33 (Tue Mar 03 12:09:16 2015) 192.168.0.33 (Tue Mar 03 12:09:22 2015) 192.168.0.33 (Tue Mar 03 12:09:27 2015) 192.168.0.33 (Tue Mar 03 12:09:33 2015) 192.168.0.33 (Tue Mar 03 12:09:35 2015) 192.168.0.33 (Tue Mar 03 12:09:58 2015) 192.168.0.33 (Tue Mar 03 12:10:05 2015) 192.168.0.33 (Tue Mar 03 12:10:32 2015) 192.168.0.33 (Tue Mar 03 12:10:34 2015) 192.168.0.33 (Tue Mar 03 12:14:14 2015) 192.168.0.33 (Tue Mar 03 12:14:17 2015) 192.168.0.33 (Tue Mar 03 12:14:19 2015) 192.168.0.33 (Tue Mar 03 12:14:21 2015) 192.168.0.33 (Tue Mar 03 12:14:55 2015) 192.168.0.33 (Tue Mar 03 12:15:02 2015) 192.168.0.33 (Tue Mar 03 12:15:04 2015) 192.168.0.33 (Tue Mar 03 12:15:06 2015) 192.168.0.33 (Tue Mar 03 12:15:08 2015) 192.168.0.33 (Tue Mar 03 12:21:35 2015)
[SOLUCIONADO] Re: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy
El día 3 de marzo de 2015, 14:54, Ramses ramses.sevi...@gmail.com escribió: El 03/03/2015, a las 13:29, Maykel Franco maykeldeb...@gmail.com escribió: Buenas, he querido meter una capa más de seguridad a owncloud en mi casa. He realizado lo siguiente para hacerlo funcionar con owncloud. He copiado el fichero jail.conf a jail.local puesto que por lo visto cuando fail2ban actualiza, te machaca el fichero jail.conf. Una vez realizado esto, he añadido lo siguiente al fichero jail.local: [owncloud-login] enabled = true port = 8000 filter= owncloud-login logpath = /var/lib/owncloud/data/owncloud.log maxretry = 3 ¿Porque te falta la Acción? Saludos, Ramses Lo que me quedaba, era meter el filtro en filter.d, llamado owncloud-login.conf (importante el .conf si no no te lo coge y da error fail2ban, lógicamente). [Definition] failregex={reqId:.*,remoteAddr:.*,app:core,message:Login failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For: '.*'\),level:2,time:.*} Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente: Running tests = Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf Use log file : /var/lib/owncloud/data/owncloud.log Results === Failregex |- Regular expressions: | [1] {reqId:.*,remoteAddr:.*,app:core,message:Login failed: '.*' \(Remote IP: 'HOST', X-Forwarded-For: '.*'\),level:2,time:.*} | `- Number of matches: [1] 95 match(es) Ignoreregex |- Regular expressions: | `- Number of matches: Summary === Addresses found: [1] 192.168.0.33 (Mon Mar 02 15:31:12 2015) 192.168.0.33 (Mon Mar 02 17:19:57 2015) 192.168.0.33 (Mon Mar 02 17:20:04 2015) 192.168.0.33 (Tue Mar 03 09:01:15 2015) 192.168.0.33 (Tue Mar 03 09:01:19 2015) 192.168.0.33 (Tue Mar 03 09:01:23 2015) 192.168.0.33 (Tue Mar 03 09:01:28 2015) 192.168.0.33 (Tue Mar 03 10:24:06 2015) 192.168.0.33 (Tue Mar 03 10:24:17 2015) 192.168.0.33 (Tue Mar 03 10:24:33 2015) 192.168.0.33 (Tue Mar 03 10:37:44 2015) 192.168.0.33 (Tue Mar 03 10:42:25 2015) 192.168.0.33 (Tue Mar 03 10:42:31 2015) 192.168.0.33 (Tue Mar 03 10:42:35 2015) 192.168.0.33 (Tue Mar 03 10:42:37 2015) 192.168.0.33 (Tue Mar 03 10:42:39 2015) 192.168.0.33 (Tue Mar 03 10:42:42 2015) 192.168.0.33 (Tue Mar 03 10:42:43 2015) 192.168.0.33 (Tue Mar 03 10:42:54 2015) 192.168.0.33 (Tue Mar 03 10:42:55 2015) 192.168.0.33 (Tue Mar 03 10:42:57 2015) 192.168.0.33 (Tue Mar 03 10:42:58 2015) 192.168.0.33 (Tue Mar 03 10:42:59 2015) 192.168.0.33 (Tue Mar 03 10:43:00 2015) 192.168.0.33 (Tue Mar 03 10:45:33 2015) 192.168.0.33 (Tue Mar 03 10:45:36 2015) 192.168.0.33 (Tue Mar 03 10:45:37 2015) 192.168.0.33 (Tue Mar 03 10:45:39 2015) 192.168.0.33 (Tue Mar 03 10:45:41 2015) 192.168.0.33 (Tue Mar 03 10:45:42 2015) 192.168.0.33 (Tue Mar 03 10:45:44 2015) 192.168.0.33 (Tue Mar 03 10:45:45 2015) 192.168.0.33 (Tue Mar 03 10:45:47 2015) 192.168.0.33 (Tue Mar 03 10:58:55 2015) 192.168.0.33 (Tue Mar 03 10:58:57 2015) 192.168.0.33 (Tue Mar 03 10:58:59 2015) 192.168.0.33 (Tue Mar 03 10:59:01 2015) 192.168.0.33 (Tue Mar 03 10:59:05 2015) 192.168.0.33 (Tue Mar 03 10:59:06 2015) 192.168.0.33 (Tue Mar 03 10:59:09 2015) 192.168.0.33 (Tue Mar 03 11:06:32 2015) 192.168.0.33 (Tue Mar 03 11:06:38 2015) 192.168.0.33 (Tue Mar 03 11:06:40 2015) 192.168.0.33 (Tue Mar 03 11:06:41 2015) 192.168.0.33 (Tue Mar 03 11:06:43 2015) 192.168.0.33 (Tue Mar 03 11:06:44 2015) 192.168.0.33 (Tue Mar 03 11:06:46 2015) 192.168.0.33 (Tue Mar 03 11:07:11 2015) 192.168.0.33 (Tue Mar 03 11:07:13 2015) 192.168.0.33 (Tue Mar 03 11:07:14 2015) 192.168.0.33 (Tue Mar 03 11:08:45 2015) 192.168.0.33 (Tue Mar 03 11:08:47 2015) 192.168.0.33 (Tue Mar 03 11:08:48 2015) 192.168.0.33 (Tue Mar 03 11:08:50 2015) 192.168.0.33 (Tue Mar 03 11:08:51 2015) 192.168.0.33 (Tue Mar 03 11:08:53 2015) 192.168.0.33 (Tue Mar 03 11:14:15 2015) 192.168.0.33 (Tue Mar 03 11:14:17 2015) 192.168.0.33 (Tue Mar 03 11:14:18 2015) 192.168.0.33 (Tue Mar 03 12:09:13 2015) 192.168.0.33 (Tue Mar 03 12:09:16 2015) 192.168.0.33 (Tue Mar 03 12:09:22 2015) 192.168.0.33 (Tue Mar 03 12:09:27 2015) 192.168.0.33 (Tue Mar 03 12:09:33 2015) 192.168.0.33 (Tue Mar 03 12:09:35 2015) 192.168.0.33 (Tue Mar 03 12:09:58 2015) 192.168.0.33 (Tue Mar 03 12:10:05 2015) 192.168.0.33 (Tue Mar 03 12:10:32 2015) 192.168.0.33 (Tue Mar 03 12:10:34 2015) 192.168.0.33 (Tue Mar 03 12:14:14 2015) 192.168.0.33 (Tue Mar 03 12:14:17 2015) 192.168.0.33 (Tue Mar 03 12:14:19 2015) 192.168.0.33 (Tue Mar 03 12:14:21 2015) 192.168.0.33 (Tue Mar 03 12:14:55 2015) 192.168.0.33 (Tue Mar 03 12:15:02 2015) 192.168.0.33 (Tue Mar 03 12:15:04 2015) 192.168.0.33 (Tue Mar 03 12:15:06 2015) 192.168.0.33 (Tue Mar 03 12:15:08