Using https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-a-filter-and-a-jail-for-nextcloud (#2365)

Signed-off-by: Anastasios Vereses <105101075+tasover@users.noreply.github.com> Signed-off-by: Anastasios Vereses <105101075+tasover@users.noreply.github.com> Co-authored-by: Daniel Hansson <mailto@danielhansson.nu>
author: tasover <105101075+tasover@users.noreply.github.com> 2022-08-12 21:20:15 +0300
committer: GitHub <noreply@github.com> 2022-08-12 21:20:15 +0300
commit: 9d9ed2ee93cc3ed95bdf53a21c477a828037ee5e (patch)
tree: ded705eb8a86bf254d1850df0206a9390db61e93
parent: 731bfd6799ed2111a8b94e530bc1e19a6b05ea04 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/apps/fail2ban.sh b/apps/fail2ban.sh
index 1ba6aa4e..503316ec 100644
--- a/apps/fail2ban.sh
+++ b/apps/fail2ban.sh
@@ -133,11 +133,13 @@ check_command update-rc.d fail2ban disable
 nextcloud_occ config:system:set logtimezone --value="$(cat /etc/timezone)"
 
 # Create nextcloud.conf file
-# Test: failregex = Login failed.*Remote IP.*<HOST>
+# Using https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-a-filter-and-a-jail-for-nextcloud
 cat << NCONF > /etc/fail2ban/filter.d/nextcloud.conf
 [Definition]
-failregex = Login failed.*Remote IP.*<HOST>
-ignoreregex =
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
 NCONF
 
 # Create jail.local file
author	tasover <105101075+tasover@users.noreply.github.com>	2022-08-12 21:20:15 +0300
committer	GitHub <noreply@github.com>	2022-08-12 21:20:15 +0300
commit	9d9ed2ee93cc3ed95bdf53a21c477a828037ee5e (patch)
tree	ded705eb8a86bf254d1850df0206a9390db61e93
parent	731bfd6799ed2111a8b94e530bc1e19a6b05ea04 (diff)