From ee4e9e9836ad05279647b04eb1e8a3a4b0e16568 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 23 Jan 2020 05:33:17 +0100
Subject: Improve/harden fail2ban configuration.

 * Use nftables sets with a timeout
 * Start daemon with a hardened unit file and restricted Capability
   Bounding Set.  (This requires to change the log path to
   /var/log/fail2ban/*.)
 * Skip database as we don't care about persistence.
 * Refactor jail.local
---
 roles/common/files/etc/fail2ban/filter.d/nextcloud.conf | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 roles/common/files/etc/fail2ban/filter.d/nextcloud.conf

(limited to 'roles/common/files/etc/fail2ban/filter.d/nextcloud.conf')

diff --git a/roles/common/files/etc/fail2ban/filter.d/nextcloud.conf b/roles/common/files/etc/fail2ban/filter.d/nextcloud.conf
new file mode 100644
index 0000000..22305d6
--- /dev/null
+++ b/roles/common/files/etc/fail2ban/filter.d/nextcloud.conf
@@ -0,0 +1,6 @@
+# Source: https://github.com/nextcloud/vm/blob/master/apps/fail2ban.sh
+
+[Definition]
+failregex=(?:^{|,)\"message\":\"Login failed: <F-USER>.*?</F-USER> \(Remote IP: '<HOST>'\)\"(:?,|}$)
+          (?:^{|,)\"message\":\"Login failed: <F-USER>.*?</F-USER> \(Remote IP: <HOST>\)\"(:?,|}$)
+          (?:^{|,)\"remoteAddr\":\"<HOST>\",.*Trusted domain error
-- 
cgit v1.2.3