Fail2ban and OC 10


#1

Hi.

I've been using fail2ban since version 8x to harden my server. Now after upgrading to version 10 my f2b has stopped working. My understanding is there has been some change in owncloud logging syntax in OC 10. Can someone tell me how to change my f2b configuration so it understands OC10?

My current .conf for fail2ban is like this

failregex={"reqId":".","remoteAddr":"","app":"core","message":"Login failed: .","level":2,"time":".*"}

How should I change it?


#2

Your failregex is not quite correct from what i can see and doesn't match the ones for 8.x and 9.x provided at [1]. In oC 10.0 only the order of the entries changed [2], [3] so it should be easy to apply those changes to the failregex listed at [1] and just re-order the failregex to match the new syntax / order.

[1]

[2]

[3]


#3

Thanks, got it working! My syntax is now like this:

[Definition]
failregex={"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":"core","method":"POST","url":".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)"}

#4

Nice. Some one seems to also have already picked this up for the documentation: