just before Fedora 24 I wanted to check out Ubuntu 16.04 LTS and the Gnome flavor.. basically same as last time it feels like 3 years in the past from fedora.
anyway, SystemD is now default and let’s see if I can get it to work as before
One Bummer: Fail2Ban doesn’t work with default settings!
it says in the log that it blocked but I could still connect…
solution: (in jail.local)
backend = systemd
this re-enables the functionality and I verified it works!
WIP:
http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
repeated offenders block – seems a little more elegant than my below solution
now about some more quirks:
UPDATE: Needs: Nextcloud…
owncloud:
set up the filter in /etc/fail2ban/filter.d/owncloud.conf
[Definition]
failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '
ignoreregex =
create the jail in /etc/fail2ban/jail.local:
[owncloud]
enabled = true
filter = owncloud
# select http, https or both, depending on which you use:
port = http,https
# edit the logpath to your needs:
logpath = /var/www/owncloud/data/owncloud.log
edit config.php and make sure your timezone matches:
/**
* The default timezone for logfiles is UTC. You may change this; see
* http://php.net/manual/en/timezones.php
*/
'logtimezone' => 'Europe/Berlin',
PROBLEM: IPv6 blocking doesn’t work!
sources:
https://forum.owncloud.org/viewtopic.php?t=28678
https://github.com/owncloud/core/blob/v8.0.4/config/config.sample.php#L494-L498
how about plex, too?
logs are here.. need to write regex…
/var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/
more ideas:
add a long-term ban for repeated offenders by walking through the fail2ban log file itself:
# Fail2Ban configuration file for subsequent bans
first create this rule:
/etc/fail2ban/filter.d/f2b-loop.conf
#
[INCLUDES]
before = common.conf
[Definition]
failregex = \]\s+Ban\s+
ignoreregex = \[f2b-loop.*\]\s+Ban\s+
#
# Author: Walter Heitman Jr. http://blog.shanock.com
and add this to the jail.local:
[DEFAULT]
bantime = 10800 ;3 hours
findtime = 86400 ;1 day
maxretry = 5
[f2b-loop2]
enabled = true
filter = f2b-loop
bantime = 86400 ;1 day
findtime = 604800 ;1 week
logpath = /var/log/fail2ban.log
maxretry = 2
[f2b-loop3]
enabled = true
filter = f2b-loop
bantime = 604800 ;1 week
findtime = 2592000 ;1 month
logpath = /var/log/fail2ban.log
maxretry = 3
[f2b-loop4]
enabled = true
filter = f2b-loop
bantime = 2592000 ;1 month
findtime = 15552000 ;6 months
logpath = /var/log/fail2ban.log
maxretry = 6
[f2b-loop5]
enabled = true
filter = f2b-loop
bantime = 15552000 ;6 months
findtime = 31536000 ;1 year
logpath = /var/log/fail2ban.log
maxretry = 9