先建立nextcloud的log文件
sudo touch /var/log/nextcloud.log sudo chown www-data:www-data /var/log/nextcloud.log
在nextcloud安装目录下设置log(/config/config.php,直接添加在这一行下面under ‘installed’ => true。
"log_type" => "file", "logfile" => "/var/log/nextcloud.log", "loglevel" => "3",
其中Loglevel设置成3即可。
设立filter
vim /etc/fail2ban/filter.d/nextcloud.conf
把以下内容放入其中
[Definition]
failregex = ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$
ignoreregex =
最后i设置jail
vim /etc/fail2ban/jail.d/nextcloud.local
把以下内容放入其中
[nextcloud] enabled = true port = http,https,3443 filter = nextcloud logpath = /var/log/nextcloud.log maxretry = 1
查看实际的效果
sudo fail2ban-client status nextcloud
假如有IP被禁止,需要解禁,则运行以下命令
fail2ban-client set nextcloud unbanip 110.xx.xx.xx