/etc/fail2ban/filter.d/nextcloud.conf
mit folgendem Inhalt erstellt:[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
/etc/fail2ban/jail.d/nextcloud.local
mit folgendem Inhalt erstellt:[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 5
bantime = 3600
findtime = 36000
logpath = /var/log/nextcloud.log
service fail2ban restart
fail2ban-client status nextcloud
zeigt mir folgendes an:Status for the jail: nextcloud
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/nextcloud.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:
{"reqId":"hjchXP5SWUzbRJ6DDjdV","level":2,"time":"January 05, 2021 17:14:29","remoteAddr":"95.211.230.211","user":"--","app":"no app in context","method":"POST","url":"/index.php/login","message":"Login failed: u (Remote IP: 95.211.230.211)","userAgent":"Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0","version":"21.0.0.11"}