what are the permission and ownership of /usr/share/nextcloud files or in any other place ? I guess it could be the same owners !!!
I think the only files related to Nextcloud are in /var/www/html/nextcloud.
Anyway, I have created a file, nextcloud.log, in /var/log/, but nothing is written in, no matter what I do: login; logout; wrong login.
what a funny place, why not /usr/share, this should be the default and usual place for centos
@giacomo
@GG_jr did you restart apache , can you give the ownership of nextcloud.log to apache ???
of course never tried it
it was the same for owncloud, funny place /var/www/owncloud
I have restart service httpd from Services UI.
After that and restart httpd, nextcloud.log began to fill.
At the bottom, are 4 attempts to log in with wrong credentials.
What I have to do as F2B to react?
Yes it is, but ownCloud and NextCloud use /var/www … probably because it’s the same also in other distro
Can’t test now… now i’m running only NS6… i will crate a VM for testing purpose in the next week
Man, are you kidding me? Let’s install NethServer 7 and do your homework!
I’m joking, of course.
I’m not a rpm guru, but there is a lot of macros that can be used to put the right file at the right place with the same srpm whatever the linux distros .
I should take a look to the srpm
@dev_team Is it possible to add something to create from start the log to catch bad login in nextcloud.
I mean something from this -> https://docs.nextcloud.com/server/9/admin_manual/configuration_server/occ_command.html#logging-commands-label
Thank you!
I will try today.
Yes, but the rpm has been created after a private discussion with nextcloud team.
Basically, the aim of the rpm is to have an installation which looks like as a manual installation.
We also talked with James Hogarth, who is the actual maintainer of ownCloud package.
He already submitted a NextCloud packages to EPEL: 1360482 – Review Request: nextcloud - a private, secure way to share and access files
This rpm is built following all CentOS guidelines. I think we will switch to it, when available
Of course, anyone want to try the commands on a clean machine?
After the test, I can open an issue for the enhancement.
cc: @giacomo
It works!
How I did (inspired from here: Migrate ownCloud to Nextcloud and protect it against brute force attacks with fail2ban – nanoscopic ):
- I found in /etc/fail2ban/filter.d this file: owncloud-auth.conf
- I have renamed owncloud-auth.conf in nextcloud.conf (I don’t know if was necessary but is the first time for me when …)
- In /etc/fail2ban/, I have modified jail.local by adding the following lines, after owncloud not installed on this server :
[nextcloud]
enabled = true
filter = nextcloud
banaction = iptables-allports
protocol = all
port = anyport
logpath = /var/log/nextcloud.log
findtime = 604800
bantime = 604800
maxretry = 3
- I have restarted fail2ban service from Services UI.
Tested login in Nextcloud with wrong password and the IP was banned after 3 attempts!
Now, somebody who knows " How To" and of course wants, should make all the things good!
What I have done, I did it my way!
Thank you Stephane!
Great! You should write a small howto about this. How about?
It was only a test.
I will learn how and where shall be created permanent config files, because after reboot or an update, the modifications are lost.
Learning by errors, this is my personal favourit way to progress.
Take a look to my github account i added a specific jail for the server manager, the process is the same
the nextcloud jail is added now for the NS7 version of nethserver-fail2ban
Glad to hear this!!