[SOLUCIONADO] Re: Imposible hacer funcionar fail2ban con owncloud en Debian Wheezy
El día 3 de marzo de 2015, 14:54, Ramses <ramses.sevilla@gmail.com> escribió:
> El 03/03/2015, a las 13:29, Maykel Franco <maykeldebian@gmail.com> escribió:
>
>> Buenas, he querido meter una capa más de seguridad a owncloud en mi
>> casa. He realizado lo siguiente para hacerlo funcionar con owncloud.
>>
>> He copiado el fichero jail.conf a jail.local puesto que por lo visto
>> cuando fail2ban actualiza, te machaca el fichero jail.conf.
>>
>> Una vez realizado esto, he añadido lo siguiente al fichero jail.local:
>>
>> [owncloud-login]
>> enabled = true
>> port = 8000
>> filter = owncloud-login
>> logpath = /var/lib/owncloud/data/owncloud.log
>> maxretry = 3
>
> ¿Porque te falta la Acción?
>
>
> Saludos,
>
> Ramses
>
>> Lo que me quedaba, era meter el filtro en filter.d, llamado
>> owncloud-login.conf (importante el .conf si no no te lo coge y da
>> error fail2ban, lógicamente).
>>
>>
>> [Definition]
>> failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login
>> failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For:
>> '.*'\)","level":2,"time":".*"}
>>
>> Si esto lo pruebo con el comando fail2ban-regex me funciona correctamente:
>>
>> Running tests
>> =============
>>
>> Use regex file : /etc/fail2ban/filter.d/owncloud-login.conf
>> Use log file : /var/lib/owncloud/data/owncloud.log
>>
>>
>> Results
>> =======
>>
>> Failregex
>> |- Regular expressions:
>> | [1] {"reqId":".*","remoteAddr":".*","app":"core","message":"Login
>> failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For:
>> '.*'\)","level":2,"time":".*"}
>> |
>> `- Number of matches:
>> [1] 95 match(es)
>>
>> Ignoreregex
>> |- Regular expressions:
>> |
>> `- Number of matches:
>>
>> Summary
>> =======
>>
>> Addresses found:
>> [1]
>> 192.168.0.33 (Mon Mar 02 15:31:12 2015)
>> 192.168.0.33 (Mon Mar 02 17:19:57 2015)
>> 192.168.0.33 (Mon Mar 02 17:20:04 2015)
>> 192.168.0.33 (Tue Mar 03 09:01:15 2015)
>> 192.168.0.33 (Tue Mar 03 09:01:19 2015)
>> 192.168.0.33 (Tue Mar 03 09:01:23 2015)
>> 192.168.0.33 (Tue Mar 03 09:01:28 2015)
>> 192.168.0.33 (Tue Mar 03 10:24:06 2015)
>> 192.168.0.33 (Tue Mar 03 10:24:17 2015)
>> 192.168.0.33 (Tue Mar 03 10:24:33 2015)
>> 192.168.0.33 (Tue Mar 03 10:37:44 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:25 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:31 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:35 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:37 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:39 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:42 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:43 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:54 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:55 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:57 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:58 2015)
>> 192.168.0.33 (Tue Mar 03 10:42:59 2015)
>> 192.168.0.33 (Tue Mar 03 10:43:00 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:33 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:36 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:37 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:39 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:41 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:42 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:44 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:45 2015)
>> 192.168.0.33 (Tue Mar 03 10:45:47 2015)
>> 192.168.0.33 (Tue Mar 03 10:58:55 2015)
>> 192.168.0.33 (Tue Mar 03 10:58:57 2015)
>> 192.168.0.33 (Tue Mar 03 10:58:59 2015)
>> 192.168.0.33 (Tue Mar 03 10:59:01 2015)
>> 192.168.0.33 (Tue Mar 03 10:59:05 2015)
>> 192.168.0.33 (Tue Mar 03 10:59:06 2015)
>> 192.168.0.33 (Tue Mar 03 10:59:09 2015)
>> 192.168.0.33 (Tue Mar 03 11:06:32 2015)
>> 192.168.0.33 (Tue Mar 03 11:06:38 2015)
>> 192.168.0.33 (Tue Mar 03 11:06:40 2015)
>> 192.168.0.33 (Tue Mar 03 11:06:41 2015)
>> 192.168.0.33 (Tue Mar 03 11:06:43 2015)
>> 192.168.0.33 (Tue Mar 03 11:06:44 2015)
>> 192.168.0.33 (Tue Mar 03 11:06:46 2015)
>> 192.168.0.33 (Tue Mar 03 11:07:11 2015)
>> 192.168.0.33 (Tue Mar 03 11:07:13 2015)
>> 192.168.0.33 (Tue Mar 03 11:07:14 2015)
>> 192.168.0.33 (Tue Mar 03 11:08:45 2015)
>> 192.168.0.33 (Tue Mar 03 11:08:47 2015)
>> 192.168.0.33 (Tue Mar 03 11:08:48 2015)
>> 192.168.0.33 (Tue Mar 03 11:08:50 2015)
>> 192.168.0.33 (Tue Mar 03 11:08:51 2015)
>> 192.168.0.33 (Tue Mar 03 11:08:53 2015)
>> 192.168.0.33 (Tue Mar 03 11:14:15 2015)
>> 192.168.0.33 (Tue Mar 03 11:14:17 2015)
>> 192.168.0.33 (Tue Mar 03 11:14:18 2015)
>> 192.168.0.33 (Tue Mar 03 12:09:13 2015)
>> 192.168.0.33 (Tue Mar 03 12:09:16 2015)
>> 192.168.0.33 (Tue Mar 03 12:09:22 2015)
>> 192.168.0.33 (Tue Mar 03 12:09:27 2015)
>> 192.168.0.33 (Tue Mar 03 12:09:33 2015)
>> 192.168.0.33 (Tue Mar 03 12:09:35 2015)
>> 192.168.0.33 (Tue Mar 03 12:09:58 2015)
>> 192.168.0.33 (Tue Mar 03 12:10:05 2015)
>> 192.168.0.33 (Tue Mar 03 12:10:32 2015)
>> 192.168.0.33 (Tue Mar 03 12:10:34 2015)
>> 192.168.0.33 (Tue Mar 03 12:14:14 2015)
>> 192.168.0.33 (Tue Mar 03 12:14:17 2015)
>> 192.168.0.33 (Tue Mar 03 12:14:19 2015)
>> 192.168.0.33 (Tue Mar 03 12:14:21 2015)
>> 192.168.0.33 (Tue Mar 03 12:14:55 2015)
>> 192.168.0.33 (Tue Mar 03 12:15:02 2015)
>> 192.168.0.33 (Tue Mar 03 12:15:04 2015)
>> 192.168.0.33 (Tue Mar 03 12:15:06 2015)
>> 192.168.0.33 (Tue Mar 03 12:15:08 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:35 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:38 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:40 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:41 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:42 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:44 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:46 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:47 2015)
>> 192.168.0.33 (Tue Mar 03 12:21:49 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:35 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:36 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:37 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:40 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:42 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:43 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:45 2015)
>> 192.168.0.33 (Tue Mar 03 12:22:46 2015)
>>
>> Date template hits:
>> 0 hit(s): MONTH Day Hour:Minute:Second
>> 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
>> 0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
>> 0 hit(s): Year/Month/Day Hour:Minute:Second
>> 0 hit(s): Day/Month/Year Hour:Minute:Second
>> 0 hit(s): Day/Month/Year Hour:Minute:Second
>> 0 hit(s): Day/MONTH/Year:Hour:Minute:Second
>> 0 hit(s): Month/Day/Year:Hour:Minute:Second
>> 0 hit(s): Year-Month-Day Hour:Minute:Second
>> 0 hit(s): Year.Month.Day Hour:Minute:Second
>> 0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
>> 0 hit(s): Day-Month-Year Hour:Minute:Second
>> 0 hit(s): TAI64N
>> 0 hit(s): Epoch
>> 33757 hit(s): ISO 8601
>> 0 hit(s): Hour:Minute:Second
>> 0 hit(s): <Month/Day/Year@Hour:Minute:Second>
>>
>> Success, the total number of match is 95
>>
>> However, look at the above section 'Running tests' which could contain important
>> information.
>>
>>
>> Pero el tema es que no me añade la regla en iptables... No entiendo
>> por qué...He aumentado el debug en fail2ban, y veo que detecta cambios
>> en el fichero de log de owncloud y demás pero no entiendo por qué no
>> me pone la regla en iptables...
>>
>> He probado con ssh en la instalación por defecto y me bloquea perfectamente...
>>
>> Alguna idea?
>>
>> Gracias de antemano.
>>
>> Saludos.
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-spanish-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>> Archive: [🔎] CAJ2aOA_LL-CXKfP72+cuJP3thjvxJfCtVtuNHSwJvaGxVxTVOg@mail.gmail.com">https://lists.debian.org/[🔎] CAJ2aOA_LL-CXKfP72+cuJP3thjvxJfCtVtuNHSwJvaGxVxTVOg@mail.gmail.com
>>
Gracias por contestar Ramses pero no era por eso. Era por lo que he
comentado del timezone. El action ahora le he añadido para enviar mail
de notificación.
Saludos.
Reply to: