NEXTCLOUD设置fail2ban

先建立nextcloud的log文件

sudo touch /var/log/nextcloud.log
sudo chown www-data:www-data /var/log/nextcloud.log

在nextcloud安装目录下设置log(/config/config.php,直接添加在这一行下面under ‘installed’ => true。

"log_type" => "file",
"logfile" => "/var/log/nextcloud.log",
"loglevel" => "3",

其中Loglevel设置成3即可。

设立filter

vim /etc/fail2ban/filter.d/nextcloud.conf

把以下内容放入其中

[Definition]
failregex = ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
            ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
            ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: <HOST>\).*}$
ignoreregex =

 

最后i设置jail

vim /etc/fail2ban/jail.d/nextcloud.local

把以下内容放入其中

[nextcloud]
enabled = true
port = http,https,3443
filter = nextcloud
logpath = /var/log/nextcloud.log
maxretry = 1

查看实际的效果

sudo fail2ban-client status nextcloud

假如有IP被禁止,需要解禁,则运行以下命令

fail2ban-client set nextcloud unbanip 110.xx.xx.xx