From f54333724e09e0c28d2e4b58245aa48a38a1eccb Mon Sep 17 00:00:00 2001 From: Michael Kroes Date: Thu, 24 Mar 2016 15:07:15 +0100 Subject: [PATCH] Add fail2ban checks for owncloud --- conf/fail2ban/jail.local | 8 ++++++++ conf/fail2ban/owncloud.conf | 3 +++ setup/owncloud.sh | 5 +++++ setup/system.sh | 1 + 4 files changed, 17 insertions(+) create mode 100644 conf/fail2ban/owncloud.conf diff --git a/conf/fail2ban/jail.local b/conf/fail2ban/jail.local index e7ab33ba..8a4f32f2 100644 --- a/conf/fail2ban/jail.local +++ b/conf/fail2ban/jail.local @@ -40,6 +40,14 @@ logpath = /var/log/roundcubemail/errors maxretry = 20 findtime = 30 +[owncloud] +enabled = true +port = http,https +filter = owncloud +logpath = /home/user-data/owncloud/owncloud.log +maxretry = 20 +findtime = 30 + [recidive] enabled = true maxretry = 10 diff --git a/conf/fail2ban/owncloud.conf b/conf/fail2ban/owncloud.conf new file mode 100644 index 00000000..6666473d --- /dev/null +++ b/conf/fail2ban/owncloud.conf @@ -0,0 +1,3 @@ +[Definition] +failregex=Login failed: .*Remote IP: '[\)'] +ignoreregex = diff --git a/setup/owncloud.sh b/setup/owncloud.sh index c71c3ffb..f678d8f6 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -163,7 +163,10 @@ fi # so set it here. It also can change if the box's PRIMARY_HOSTNAME changes, so # this will make sure it has the right value. # * Some settings weren't included in previous versions of Mail-in-a-Box. +# * We need to set the timezone to the system timezone to allow fail2ban to ban +# users within the proper timeframe # Use PHP to read the settings file, modify it, and write out the new settings array. +TIMEZONE=$(cat /etc/timezone) CONFIG_TEMP=$(/bin/mktemp) php < $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;