Why doesn't fail2ban ban ip if owncloud login/password is wrong?

A

arbrspb2019-08-18 21:27:21

linux

arbrspb, 2019-08-18 21:27:21

Ubuntu Linux system 18.04.2
Linux kernel 4.15.0-58-generic on x86_64
ownCloud version 10.2.1 (stable)
owncloud runs over https on port 45320
etc/fail2ban/jail.conf
[owncloud]
enabled=true
port=https
logpath= /var/log/owncloud-acces.log
ignoreip = 192.168.1.59
action = iptables[name=owncloud, port=45320, protocol=tcp]
____________________________________________________________________________
etc/fail2ban/filter.d/ownCloud.conf
[Definition]
failregex = {" reqId":".*","level":2,"time":".*","remoteAddr":".*","user":"--","app":"core"," method":".*","message":"Login failed: '.*' $Remote IP: ''$"}
ignoreregex =
______________________________________________________________________________
[email protected]:~$ sudo fail2ban-client status owncloud
Status for the jail: owncloud
|- Filter
| |- Currently failed: 1
| |- Total failed: 47
| `- File list: /var/log/owncloud-acces.log
`- Actions
|- Currently banned: 1
|- Total banned: 3
`- Banned IP list: 192.168.1.166
[email protected]:~
$ adds Ip to firewall
____________________________________________________________
sudo iptables -L -n --line
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination arbrspb
@nas: ~
$ /en/post/255019/

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry, 2019-08-19
@q2digger

Well, in the dock of ownCloud itself, there is a slightly different rule for fail2ban:
ownCloud & fail2ban

[Definition]
failregex={.*Login failed: \'.*\' \(Remote IP: \'<HOST>\'\)"}
ignoreregex =