Owncloud + Fail2ban + Ubuntu 14.04.03
Install manual for Fail2ban with Owncloud on Ubuntu 14.04.03
I suppose , that you already have Owncloud 9.0 installed.
1. sudo apt-get install fail2ban
2. Edit Owncloud config file :
! Make sure , that timezone fits your location.
sudo nano /var/www/owncloud/config/config.php
'logtimezone' => 'Europe/Riga',
'logfile' => '/var/log/owncloud.log',
'loglevel' => 2,
'log_authfailip' => true,
3. Make fail2ban configuration files:
sudo nano /etc/fail2ban/jail.d/owncloud.conf
[owncloud]
enabled = true
filter = owncloud
port = http,https
sudo nano /etc/fail2ban/filter.d/owncloud.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = owncloud
[Definition]
failregex = {"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}
ignoreregex =
4. Add this configuration where "JAILS" begins. ( before [ssh] )
sudo nano /etc/fail2ban/jail.conf
[owncloud]
enabled = true
port = 80,443
filter = owncloud
maxretry = 3
logpath = /var/log/owncloud.log
5. Restart fail2ban. Make few failed logins and test your regex.
sudo service fail2ban restart
sudo fail2ban-regex /var/log/owncloud.log /etc/fail2ban/filter.d/owncloud.conf
If regex is OK , you must get something like this :
Running tests ============= Use failregex file : /etc/fail2ban/filter.d/owncloud.conf Use log file : /var/log/owncloud.log Results ======= Lines: 18 lines, 0 ignored,18 matched, 0 missed
6. Test if fail2ban is working :
sudo fail2ban-client status owncloud
Output must be :
Status for the jail: owncloud |- filter | |- File list: /var/log/owncloud.log | |- Currently failed: 0 | `- Total failed: 3 `- action |- Currently banned: 0 | `- IP list: `- Total banned:1
Also , you can view this in log :
sudo tail -f /var/log/fail2ban.log
Output :
2016-03-20 19:53:32,373 fail2ban.jail : INFO Jail 'ssh' uses pyinotify 2016-03-20 19:53:32,384 fail2ban.jail : INFO Initiated 'pyinotify' backend 2016-03-20 19:53:32,387 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2016-03-20 19:53:32,389 fail2ban.filter : INFO Set maxRetry = 6 2016-03-20 19:53:32,392 fail2ban.filter : INFO Set findtime = 600 2016-03-20 19:53:32,393 fail2ban.actions: INFO Set banTime = 600 2016-03-20 19:53:32,504 fail2ban.jail : INFO Jail 'owncloud' started 2016-03-20 19:53:32,510 fail2ban.jail : INFO Jail 'ssh' started 2016-03-20 19:54:32,636 fail2ban.actions: WARNING [owncloud]Ban 10.0.2.22016-03-20 20:04:32,703 fail2ban.actions: WARNING [owncloud]Unban 10.0.2.2
7. There can be a wrong time value for timezone in owncloud.log. (Tested with Owncloud 9.0)
To fix that :
sudo nano /var/www/owncloud/lib/private/log/owncloud.php
Find lines with code :
$time = DateTime::createFromFormat("U.u", number_format(microtime(true), 4, ".", ""), $timezone);
if ($time === false) {
$time = new DateTime(null, $timezone);
}
And change to :
{
$time = new DateTime(null, $timezone);
}
Restart apache:
sudo service apache2 restart
To unban IP:
sudo fail2ban-client set owncloud unbanip xxx.xxx.xxx.xxx
Hello!
ReplyDeleteThank you for your manual.
After I made changes to this file
/var/www/owncloud/lib/private/log/owncloud.php
I've received this type of error in my log
{"reqId":"+PkdveXP4Nyv0Iea4Fan","remoteAddr":"HIDEN_IP_ADDRESS","app":"PHP","message":"Undefined variable: time at \/var\/www\/owncloud\/lib\/private\/log\/owncloud.php#79","level":3,"time":"2016-08-07T22:05:43+02:00"}
Is it ok?
You use version 9.0 or 9.1.0? This manual is tested for 9.0.
ReplyDelete