ban notice on log but no actual banning in facts #158
Unanswered
radioheadgerelafougere
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
First of all thank you for developping this app.
I managed to make it work well for ssh access (on the host).
Now I am trying to make it work for nextcloud (in a docker container).
I do get ban notices on fail2ban container logs, but no actual banning is done.
filter.d/nextcloud.conf
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+)))
failregex = ^{%(_groupsre)s,?\s"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed:
^{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error.
^{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
jail.d/nextcloud.local
[nextcloud]
chain = INPUT
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 86400
findtime = 43200
logpath = /var/log/nextcloud.log
I am pretty sure it's the chain mentionned in the jail.d file that needs to be changed.
I tried DOCKER-USER but I get this on fail2ban log when it's trying to ban an address:
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- exec: { iptables -w -C f2b-nextcloud -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-nextcloud || true; iptables -w -A f2b-nextcloud -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C DOCKER-USER -p $proto -m multiport --dports 80,443 -j f2b-nextcloud >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports 80,443 -j f2b-nextcloud; }
done
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- stderr: 'iptables: No chain/target/match by that name.'
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- returned 1
Beta Was this translation helpful? Give feedback.
All reactions