Fail2Ban on Lighttpd Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
Fabio
Posts: 17
Joined: Fri Dec 18, 2020 2:43 pm

Fail2Ban on Lighttpd

Post by Fabio »

Hello Everyone!
I’m looking for help to configure Fail2Ban on my dietpi-owncloud server.
I’ve installed ownCloud directly from dietpi, and everything is working well.
I would like to improve security with the help of fail2ban.
I’ve googled a lot, made some tries, but i’m still not able to “ban myself”.
I’ve installed Fail2ban directly from dietpi.
I’m colpletely a noob, so please, be patient…
I’ve readed a lot of tutorial, copy jail.conf to jail.local, same thing the config file and so on…
But with no results, so i’ve unistalled everything and made a brand new installation.

I'm a noob so please be patient! Ask me everything if you need further infos!
Thx!
User avatar
Joulinar
Posts: 3131
Joined: Sat Nov 16, 2019 12:49 am

Re: Fail2Ban on Lighttpd

Post by Joulinar »

Hi,

many thanks for your message. First, you would need to configure ownCloud to log failed login attempts.

For fail2ban, you would need to specify following 2 files

Code: Select all

nano /etc/fail2ban/filter.d/owncloud.conf

Code: Select all

[Definition]
failregex={.*Login failed: \'.*\' \(Remote IP: \'<HOST>\'\)"}
ignoreregex =
and

Code: Select all

nano /etc/fail2ban/jail.d/owncloud.conf

Code: Select all

[owncloud]
enabled = true
port = 80,443
protocol = tcp
backend = auto
filter = owncloud
maxretry = 3
bantime = 10800
logpath = /mnt/dietpi_userdata/owncloud_data/owncloud.log
once done restart fail2ban

Code: Select all

systemctl restart fail2ban.service
Now you should see something like this

Code: Select all

root@DietPi3:~# fail2ban-client status owncloud
Status for the jail: owncloud
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     1
|  `- File list:        /mnt/dietpi_userdata/owncloud_data/owncloud.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:
root@DietPi3:~#
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Fabio
Posts: 17
Joined: Fri Dec 18, 2020 2:43 pm

Re: Fail2Ban on Lighttpd

Post by Fabio »

Thank you @Joulinar ,
i've done all the steps, unfortunately if i run:

Code: Select all

systemctl restart fail2ban.service
This is what i'm getting also if i've done multiple wront attempt to access from the browser:

Code: Select all

root@DietPi:~# fail2ban-client status owncloud
Status for the jail: owncloud
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /var/www/owncloud/data/owncloud.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:
I've checked the /mnt/dietpi_userdata/owncloud_data/owncloud.log and it have all the log stored...
Seems like it's not getting infos from the file...
Do you have any suggestion?
User avatar
Joulinar
Posts: 3131
Joined: Sat Nov 16, 2019 12:49 am

Re: Fail2Ban on Lighttpd

Post by Joulinar »

You specified the wrong log file in your configuration

Code: Select all

 File list:        /var/www/owncloud/data/owncloud.log
Before adapting my config, you would need to clean the settings you have done before.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Fabio
Posts: 17
Joined: Fri Dec 18, 2020 2:43 pm

Re: Fail2Ban on Lighttpd

Post by Fabio »

Done!
Finally i'm locked out! :lol:
Thanks a lot!
Post Reply