I agree but if you delegate the access to the server-manager by an offical way and not a tricky way as i did with the module…the user with a granted access must be able to see the dashboard since something wrong is maybe occuring and he is not aware because he lacks the system overview
From my point of view it is a bug inherited from the past.
(When we take in managing an informatic system, we take full responsibility for what is happening with that system.
Therefore, the only ones who take the decisions are the system administrators appointed by me.
None of the customers users is not entitled to make changes or to have access to the core of the system (servers, routers, …) throughout the management contract.)
Regarding the dashboard, we are experimenting a bit on 7. At the moment, the idea is to have a single page dashboard (no tabs) and move all tabs to separate menu on the left side, under a collapsible Status menu.
I think this will solve the access problem.
The idea behind the read-only dashboard remains, but we could add some actions to some Status entries (the new Services allows start/stop/restart).
Yeah i reached the goal but i’m not satisfied since i won’t have translations (I simply call a bash script in the panel). If I want translations i must create an e-smith database to store banned ip with informations (which jails has banned, date of ban, IP NUMBER…), the database will be filled by an action when an ip will be banned or unbanned by fail2ban.
Like this I will have a big database that i can sort in many ways and translations in the panel.
Nous allons créer un nouveau filtre pour fail2ban dans /etc/fail2ban/filter.d/owncloud.conf :
[Definition]
#Pour owncloud <8
failregex = {"app":"core","message":"Login failed:(.*)IP: '<HOST>'
#Pour owncloud 8
failregex = {"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"}
Si l'accès est contrôlé par un proxy, on pourra modifier la règle pour repérer l'adresse IP associée au champ X-Forwarded-for :
[Definition]
#Pour owncloud <8
failregex = {"app":"core","message":"Login failed:(.*)X-Forwarded-For: '<HOST>'
#Pour owncloud 8
failregex = {"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '.*', X-Forwarded-For: '<HOST>'\)","level":2,"time":".*"}
On peut alors créer une nouvelle règle dans /etc/fail2ban/jail.local :
[owncloud]
enabled = true
port = http,https
filter = owncloud
logpath = /var/www/owncloud/data/owncloud.log
maxretry = 6
Nope, fail2ban works with some ‘grep filters’ in logs, once a rule matches something, an action is triggered. If owncloud would use the default logs of apache, we won’t need a special rule.
the logs of owncloud is /var/www/html/owncloud/data/owncloud.log and none of apache jails look something there.
It is the same issue with roundcubemail/sogo and their specific logs