Fail2ban on NextCloud

what are the permission and ownership of /usr/share/nextcloud files or in any other place ? I guess it could be the same owners !!!

I think the only files related to Nextcloud are in /var/www/html/nextcloud.

Anyway, I have created a file, nextcloud.log, in /var/log/, but nothing is written in, no matter what I do: login; logout; wrong login.

what a funny place, why not /usr/share, this should be the default and usual place for centos

@GG_jr did you restart apache , can you give the ownership of nextcloud.log to apache ???

of course never tried it

it was the same for owncloud, funny place /var/www/owncloud

I have restart service httpd from Services UI.

After that and restart httpd, nextcloud.log began to fill.

At the bottom, are 4 attempts to log in with wrong credentials.

What I have to do as F2B to react?

Yes it is, but ownCloud and NextCloud use /var/www … probably because it’s the same also in other distro :slight_smile:

Can’t test now… now i’m running only NS6… i will crate a VM for testing purpose in the next week :cry:

1 Like

Man, are you kidding me? Let’s install NethServer 7 and do your homework! :point_right:

I’m joking, of course. :upside_down:


now a jail needs to be created see

1 Like

I’m not a rpm guru, but there is a lot of macros that can be used to put the right file at the right place with the same srpm whatever the linux distros .

I should take a look to the srpm

@dev_team Is it possible to add something to create from start the log to catch bad login in nextcloud.

I mean something from this ->


Thank you!
I will try today.

Yes, but the rpm has been created after a private discussion with nextcloud team.
Basically, the aim of the rpm is to have an installation which looks like as a manual installation.

We also talked with James Hogarth, who is the actual maintainer of ownCloud package.
He already submitted a NextCloud packages to EPEL:

This rpm is built following all CentOS guidelines. I think we will switch to it, when available :slight_smile:

Of course, anyone want to try the commands on a clean machine?
After the test, I can open an issue for the enhancement.

1 Like

cc: @giacomo

It works!

How I did (inspired from here: ):

  • I found in /etc/fail2ban/filter.d this file: owncloud-auth.conf
  • I have renamed owncloud-auth.conf in nextcloud.conf (I don’t know if was necessary but is the first time for me when …)
  • In /etc/fail2ban/, I have modified jail.local by adding the following lines, after #owncloud not installed on this server :

enabled = true
filter = nextcloud
banaction = iptables-allports
protocol = all
port = anyport
logpath = /var/log/nextcloud.log
findtime = 604800
bantime = 604800
maxretry = 3

  • I have restarted fail2ban service from Services UI.

Tested login in Nextcloud with wrong password and the IP was banned after 3 attempts!

Now, somebody who knows " How To" and of course wants, should make all the things good!

What I have done, I did it my way!

Thank you Stephane!


Great! You should write a small howto about this. How about?

1 Like

It was only a test.
I will learn how and where shall be created permanent config files, because after reboot or an update, the modifications are lost.

1 Like


Learning by errors, this is my personal favourit way to progress.

Take a look to my github account i added a specific jail for the server manager, the process is the same

1 Like

the nextcloud jail is added now for the NS7 version of nethserver-fail2ban


Glad to hear this!! :thumbsup:

4 posts were merged into an existing topic: Nethserver-fail2ban needs testers