Nethserver and Fail2ban

Hello @support_team,

I’ve installed Guacamole on Nethserver. I then installed fail2ban Nethserver and enabled fail2ban for 5 login attempts using Incremental ban time. I then tried logging in from my phone (not on wifi so it’s outsie our network) and I can see my phone IP banned.

I also have Nextcloud installed on my Nethserver and from outside our network I tried accessing Nextcloud but the IP on my phone does not get banned. What I did see is I get a Nextcloud message that to many login attempts have occurred and I have to wait 30 seconds.

Is there a settting for Nextcloud that will allow fail2ban to ban an IP like what happened for my Guacamole?

Thank you.

Have you have created and enabled the Fail2Ban jail described here.

IIRC nextcloud should be enabled by default, we need to check if the jail is enabled and if fail2ban catch the bad attempts in logs

fail2ban-client status

This should gives back all enabled jails

you can test your jail with fail2ban-regex

fail2ban-regex /var/lib/nethserver/nextcloud/nextcloud.log /etc/fail2ban/filter.d/nextcloud-auth.conf --print-all-matched

this will print all match against bad attempts seen by fail2ban

For what I tested it should work, at least on my server


Hello @stephdl,

Apologies for the delay in responding. Thank you for your reply.

I’ve tried the commands you listed. I see nextcloud-auth when checking status:

[root@nethserver2 ~]# fail2ban-client status
|- Number of jail: 21
`- Jail list: apache-auth, apache-badbots, apache-fakegooglebot, apache-modsecurity, apache-nohome, apache-noscript, apache-overflows, apache-scan, apache-shellshock, guacamole, httpd-admin, mysqld-auth, nextcloud-auth, pam-generic, pam-generic-nethserver, phpmyadmin, postfix, postfix-ddos, postfix-sasl-abuse, rspamd, sshd

And secondly, I’m not sure if this means fail2ban is working for nextcloud. My friend has tested trying to login to Nextcloud more than 10 x and did not receive a ban message.

[root@nethserver2 ~]# fail2ban-regex /var/lib/nethserver/nextcloud/nextcloud.log /etc/fail2ban/filter.d/nextcloud-auth.conf --print-all-matched

Running tests

Use failregex filter file : nextcloud-auth, basedir: /etc/fail2ban
Use log file : /var/lib/nethserver/nextcloud/nextcloud.log
Use encoding : UTF-8


Failregex: 0 total

Ignoreregex: 0 total

Date template hits:

Lines: 0 lines, 0 ignored, 0 matched, 0 missed
[processed in 0.00 sec]

What am I looking for to confirm that my fail2ban is working on my Nextcloud and my Guacamole?

Thank you.

You have nothing in logs it seems, can you read bad login in the nextcloud log ?