stephdl
(Stéphane de Labrusse)
October 2, 2016, 6:34am
1
does some guys use fail2ban and nextcloud, curiously it seems that bad login are not logged until you specify something in the config files
nextcloud-fail2ban - WIP
https://joachim-wilke.de/blog/2016/06/24/fail2ban-nextcloud/
https://nanoscopic.de/2016/07/migrate-owncloud-to-nextcloud-and-protect-it-against-brute-force-attacks-with-fail2ban/
in short they speak to add in /path/to/Nextcloud/config/config.php something like that :
'logfile' => '/var/log/nextcloud.log',
'loglevel' => 2,
or
'logtimezone' => 'TIMEZONEHERE',
'log_type' => 'owncloud',
'logfile' => 'nextcloud.log',
It seems also that the nextcloud team has done at the php level a solution to block bad login.
So if you have something to share, it will be nice
2 Likes
Never tested yet but it looks interesting, maybe someone can test this configuration and let us know /cc @jackyes
GG_jr
(Gabriel GHEORGHIU)
October 4, 2016, 3:53pm
3
Never tested yet but it looks interesting, maybe someone can test this configuration and let us know
Hi Alessio,
I did modifications in Nextcloud config.php , but how can I add nextcloud.log in /var/log/ ?
Just manually create a new file? If is right, with what permissions?
Sorry but I don’t know!
TIA,
Gabriel
stephdl
(Stéphane de Labrusse)
October 4, 2016, 6:32pm
4
what are the permission and ownership of /usr/share/nextcloud files or in any other place ? I guess it could be the same owners !!!
GG_jr
(Gabriel GHEORGHIU)
October 4, 2016, 7:31pm
5
I think the only files related to Nextcloud are in /var/www/html/nextcloud.
Anyway, I have created a file, nextcloud.log , in /var/log/ , but nothing is written in, no matter what I do: login; logout; wrong login.
stephdl
(Stéphane de Labrusse)
October 4, 2016, 7:37pm
6
what a funny place, why not /usr/share, this should be the default and usual place for centos
@giacomo
@GG_jr did you restart apache , can you give the ownership of nextcloud.log to apache ???
of course never tried it
stephdl
(Stéphane de Labrusse)
October 4, 2016, 7:41pm
7
what a funny place, why not /usr/share, this should be the default and usual place for centos@giacomo
it was the same for owncloud, funny place /var/www/owncloud
GG_jr
(Gabriel GHEORGHIU)
October 4, 2016, 8:07pm
8
I have restart service httpd from Services UI .
can you give the ownership of nextcloud.log to apache ???
After that and restart httpd, nextcloud.log began to fill.
At the bottom, are 4 attempts to log in with wrong credentials.
What I have to do as F2B to react?
giacomo
(Giacomo Sanchietti)
October 5, 2016, 7:06am
9
what a funny place, why not /usr/share, this should be the default and usual place for centos
Yes it is, but ownCloud and NextCloud use /var/www … probably because it’s the same also in other distro
jackyes
(jack)
October 5, 2016, 2:12pm
10
Can’t test now… now i’m running only NS6… i will crate a VM for testing purpose in the next week
1 Like
Man, are you kidding me? Let’s install NethServer 7 and do your homework!
I’m joking, of course.
2 Likes
stephdl
(Stéphane de Labrusse)
October 5, 2016, 4:50pm
12
1 Like
stephdl
(Stéphane de Labrusse)
October 5, 2016, 4:55pm
13
I’m not a rpm guru, but there is a lot of macros that can be used to put the right file at the right place with the same srpm whatever the linux distros .
I should take a look to the srpm
stephdl
(Stéphane de Labrusse)
October 5, 2016, 10:31pm
14
@dev_team Is it possible to add something to create from start the log to catch bad login in nextcloud.
I mean something from this -> https://docs.nextcloud.com/server/9/admin_manual/configuration_server/occ_command.html#logging-commands-label
2 Likes
GG_jr
(Gabriel GHEORGHIU)
October 6, 2016, 2:42am
15
Thank you!
I will try today.
giacomo
(Giacomo Sanchietti)
October 6, 2016, 7:20am
16
Yes, but the rpm has been created after a private discussion with nextcloud team.
Basically, the aim of the rpm is to have an installation which looks like as a manual installation.
We also talked with James Hogarth, who is the actual maintainer of ownCloud package.
He already submitted a NextCloud packages to EPEL: 1360482 – Review Request: nextcloud - a private, secure way to share and access files
This rpm is built following all CentOS guidelines. I think we will switch to it, when available
Of course, anyone want to try the commands on a clean machine?
After the test, I can open an issue for the enhancement.
1 Like
GG_jr
(Gabriel GHEORGHIU)
October 6, 2016, 11:57am
17
cc: @giacomo
It works!
How I did (inspired from here: Migrate ownCloud to Nextcloud and protect it against brute force attacks with fail2ban – nanoscopic ):
I found in /etc/fail2ban/filter.d this file: owncloud-auth.conf
I have renamed owncloud-auth.conf in nextcloud.conf (I don’t know if was necessary but is the first time for me when …)
In /etc/fail2ban/ , I have modified jail.local by adding the following lines, after owncloud not installed on this server :
[nextcloud]
enabled = true
filter = nextcloud
banaction = iptables-allports
protocol = all
port = anyport
logpath = /var/log/nextcloud.log
findtime = 604800
bantime = 604800
maxretry = 3
I have restarted fail2ban service from Services UI .
Tested login in Nextcloud with wrong password and the IP was banned after 3 attempts!
Now, somebody who knows " How To" and of course wants, should make all the things good!
What I have done, I did it my way !
Thank you Stephane!
2 Likes
alefattorini
(Alessio Fattorini)
October 13, 2016, 7:12am
18
Great! You should write a small howto about this. How about?
1 Like
GG_jr
(Gabriel GHEORGHIU)
October 13, 2016, 10:35am
19
It was only a test.
I will learn how and where shall be created permanent config files, because after reboot or an update, the modifications are lost.
1 Like
stephdl
(Stéphane de Labrusse)
October 15, 2016, 1:47pm
20
Learning by errors, this is my personal favourit way to progress.
Take a look to my github account i added a specific jail for the server manager, the process is the same
1 Like