Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy

To: debian-user-spanish <debian-user-spanish@lists.debian.org>
Subject: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy
From: Maykel Franco <maykeldebian@gmail.com>
Date: Tue, 3 Mar 2015 13:29:18 +0100
Message-id: <[🔎] CAJ2aOA_LL-CXKfP72+cuJP3thjvxJfCtVtuNHSwJvaGxVxTVOg@mail.gmail.com>
Buenas, he querido meter una capa más de seguridad a owncloud en mi
casa. He realizado lo siguiente para hacerlo funcionar con owncloud.

He copiado el fichero jail.conf a jail.local puesto que por lo visto
cuando fail2ban actualiza, te machaca el fichero jail.conf.

Una vez realizado esto, he añadido lo siguiente al fichero jail.local:

[owncloud-login]
enabled   = true
port      = 8000
filter    = owncloud-login
logpath   = /var/lib/owncloud/data/owncloud.log
maxretry  = 3


Lo que me quedaba, era meter el filtro en filter.d, llamado
owncloud-login.conf (importante el .conf si no no te lo coge y da
error fail2ban, lógicamente).


[Definition]
failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login
failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For:
'.*'\)","level":2,"time":".*"}

Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente:

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf
Use log file   : /var/lib/owncloud/data/owncloud.log


Results
=======

Failregex
|- Regular expressions:
|  [1] {"reqId":".*","remoteAddr":".*","app":"core","message":"Login
failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For:
'.*'\)","level":2,"time":".*"}
|
`- Number of matches:
   [1] 95 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]
    192.168.0.33 (Mon Mar 02 15:31:12 2015)
    192.168.0.33 (Mon Mar 02 17:19:57 2015)
    192.168.0.33 (Mon Mar 02 17:20:04 2015)
    192.168.0.33 (Tue Mar 03 09:01:15 2015)
    192.168.0.33 (Tue Mar 03 09:01:19 2015)
    192.168.0.33 (Tue Mar 03 09:01:23 2015)
    192.168.0.33 (Tue Mar 03 09:01:28 2015)
    192.168.0.33 (Tue Mar 03 10:24:06 2015)
    192.168.0.33 (Tue Mar 03 10:24:17 2015)
    192.168.0.33 (Tue Mar 03 10:24:33 2015)
    192.168.0.33 (Tue Mar 03 10:37:44 2015)
    192.168.0.33 (Tue Mar 03 10:42:25 2015)
    192.168.0.33 (Tue Mar 03 10:42:31 2015)
    192.168.0.33 (Tue Mar 03 10:42:35 2015)
    192.168.0.33 (Tue Mar 03 10:42:37 2015)
    192.168.0.33 (Tue Mar 03 10:42:39 2015)
    192.168.0.33 (Tue Mar 03 10:42:42 2015)
    192.168.0.33 (Tue Mar 03 10:42:43 2015)
    192.168.0.33 (Tue Mar 03 10:42:54 2015)
    192.168.0.33 (Tue Mar 03 10:42:55 2015)
    192.168.0.33 (Tue Mar 03 10:42:57 2015)
    192.168.0.33 (Tue Mar 03 10:42:58 2015)
    192.168.0.33 (Tue Mar 03 10:42:59 2015)
    192.168.0.33 (Tue Mar 03 10:43:00 2015)
    192.168.0.33 (Tue Mar 03 10:45:33 2015)
    192.168.0.33 (Tue Mar 03 10:45:36 2015)
    192.168.0.33 (Tue Mar 03 10:45:37 2015)
    192.168.0.33 (Tue Mar 03 10:45:39 2015)
    192.168.0.33 (Tue Mar 03 10:45:41 2015)
    192.168.0.33 (Tue Mar 03 10:45:42 2015)
    192.168.0.33 (Tue Mar 03 10:45:44 2015)
    192.168.0.33 (Tue Mar 03 10:45:45 2015)
    192.168.0.33 (Tue Mar 03 10:45:47 2015)
    192.168.0.33 (Tue Mar 03 10:58:55 2015)
    192.168.0.33 (Tue Mar 03 10:58:57 2015)
    192.168.0.33 (Tue Mar 03 10:58:59 2015)
    192.168.0.33 (Tue Mar 03 10:59:01 2015)
    192.168.0.33 (Tue Mar 03 10:59:05 2015)
    192.168.0.33 (Tue Mar 03 10:59:06 2015)
    192.168.0.33 (Tue Mar 03 10:59:09 2015)
    192.168.0.33 (Tue Mar 03 11:06:32 2015)
    192.168.0.33 (Tue Mar 03 11:06:38 2015)
    192.168.0.33 (Tue Mar 03 11:06:40 2015)
    192.168.0.33 (Tue Mar 03 11:06:41 2015)
    192.168.0.33 (Tue Mar 03 11:06:43 2015)
    192.168.0.33 (Tue Mar 03 11:06:44 2015)
    192.168.0.33 (Tue Mar 03 11:06:46 2015)
    192.168.0.33 (Tue Mar 03 11:07:11 2015)
    192.168.0.33 (Tue Mar 03 11:07:13 2015)
    192.168.0.33 (Tue Mar 03 11:07:14 2015)
    192.168.0.33 (Tue Mar 03 11:08:45 2015)
    192.168.0.33 (Tue Mar 03 11:08:47 2015)
    192.168.0.33 (Tue Mar 03 11:08:48 2015)
    192.168.0.33 (Tue Mar 03 11:08:50 2015)
    192.168.0.33 (Tue Mar 03 11:08:51 2015)
    192.168.0.33 (Tue Mar 03 11:08:53 2015)
    192.168.0.33 (Tue Mar 03 11:14:15 2015)
    192.168.0.33 (Tue Mar 03 11:14:17 2015)
    192.168.0.33 (Tue Mar 03 11:14:18 2015)
    192.168.0.33 (Tue Mar 03 12:09:13 2015)
    192.168.0.33 (Tue Mar 03 12:09:16 2015)
    192.168.0.33 (Tue Mar 03 12:09:22 2015)
    192.168.0.33 (Tue Mar 03 12:09:27 2015)
    192.168.0.33 (Tue Mar 03 12:09:33 2015)
    192.168.0.33 (Tue Mar 03 12:09:35 2015)
    192.168.0.33 (Tue Mar 03 12:09:58 2015)
    192.168.0.33 (Tue Mar 03 12:10:05 2015)
    192.168.0.33 (Tue Mar 03 12:10:32 2015)
    192.168.0.33 (Tue Mar 03 12:10:34 2015)
    192.168.0.33 (Tue Mar 03 12:14:14 2015)
    192.168.0.33 (Tue Mar 03 12:14:17 2015)
    192.168.0.33 (Tue Mar 03 12:14:19 2015)
    192.168.0.33 (Tue Mar 03 12:14:21 2015)
    192.168.0.33 (Tue Mar 03 12:14:55 2015)
    192.168.0.33 (Tue Mar 03 12:15:02 2015)
    192.168.0.33 (Tue Mar 03 12:15:04 2015)
    192.168.0.33 (Tue Mar 03 12:15:06 2015)
    192.168.0.33 (Tue Mar 03 12:15:08 2015)
    192.168.0.33 (Tue Mar 03 12:21:35 2015)
    192.168.0.33 (Tue Mar 03 12:21:38 2015)
    192.168.0.33 (Tue Mar 03 12:21:40 2015)
    192.168.0.33 (Tue Mar 03 12:21:41 2015)
    192.168.0.33 (Tue Mar 03 12:21:42 2015)
    192.168.0.33 (Tue Mar 03 12:21:44 2015)
    192.168.0.33 (Tue Mar 03 12:21:46 2015)
    192.168.0.33 (Tue Mar 03 12:21:47 2015)
    192.168.0.33 (Tue Mar 03 12:21:49 2015)
    192.168.0.33 (Tue Mar 03 12:22:35 2015)
    192.168.0.33 (Tue Mar 03 12:22:36 2015)
    192.168.0.33 (Tue Mar 03 12:22:37 2015)
    192.168.0.33 (Tue Mar 03 12:22:40 2015)
    192.168.0.33 (Tue Mar 03 12:22:42 2015)
    192.168.0.33 (Tue Mar 03 12:22:43 2015)
    192.168.0.33 (Tue Mar 03 12:22:45 2015)
    192.168.0.33 (Tue Mar 03 12:22:46 2015)

Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
33757 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 95

However, look at the above section 'Running tests' which could contain important
information.


Pero el tema es que no me añade la regla en iptables... No entiendo
por qué...He aumentado el debug en fail2ban, y veo que detecta cambios
en el fichero de log de owncloud y demás pero no entiendo por qué no
me pone la regla en iptables...

He probado con ssh en la instalación por defecto y me bloquea perfectamente...

Alguna idea?

Gracias de antemano.

Saludos.
Reply to:
Prev by Date: Re: [Solucionado] Consulta tiempo de actualización squeeze a wheezy
Next by Date: [SOLUCIONADO] Re: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy
Previous by thread: Re: sobre samba3
Next by thread: [SOLUCIONADO] Re: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy
Index(es):
- Date
- Thread