Improve/harden fail2ban configuration.

* Use nftables sets with a timeout * Start daemon with a hardened unit file and restricted Capability Bounding Set. (This requires to change the log path to /var/log/fail2ban/*.) * Skip database as we don't care about persistence. * Refactor jail.local
author: Guilhem Moulin <guilhem@fripost.org> 2020-01-23 05:33:17 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2020-01-25 01:57:05 +0100
commit: ee4e9e9836ad05279647b04eb1e8a3a4b0e16568 (patch)
tree: d4e566a7b535f7d62e4fd6fd1a521ea6d7563d21 /roles/common/files/etc/fail2ban/filter.d/nextcloud.conf
parent: 7641a5d5d152db349082b1d0ec93a40888b2ef8e (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/common/files/etc/fail2ban/filter.d/nextcloud.conf b/roles/common/files/etc/fail2ban/filter.d/nextcloud.conf
new file mode 100644
index 0000000..22305d6
--- /dev/null
+++ b/roles/common/files/etc/fail2ban/filter.d/nextcloud.conf
@@ -0,0 +1,6 @@
+# Source: https://github.com/nextcloud/vm/blob/master/apps/fail2ban.sh
+
+[Definition]
+failregex=(?:^{|,)\"message\":\"Login failed: <F-USER>.*?</F-USER> \(Remote IP: '<HOST>'\)\"(:?,|}$)
+          (?:^{|,)\"message\":\"Login failed: <F-USER>.*?</F-USER> \(Remote IP: <HOST>\)\"(:?,|}$)
+          (?:^{|,)\"remoteAddr\":\"<HOST>\",.*Trusted domain error
author	Guilhem Moulin <guilhem@fripost.org>	2020-01-23 05:33:17 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2020-01-25 01:57:05 +0100
commit	ee4e9e9836ad05279647b04eb1e8a3a4b0e16568 (patch)
tree	d4e566a7b535f7d62e4fd6fd1a521ea6d7563d21 /roles/common/files/etc/fail2ban/filter.d/nextcloud.conf
parent	7641a5d5d152db349082b1d0ec93a40888b2ef8e (diff)