这只是一个安装和配置的小脚本 失败2禁 与NextCloud一起使用。
失败2禁将监视您的个人云,以进行暴力攻击,并在尝试多次错误登录后阻止IP。
产品特点
- SSH监狱
- 下一个 cloud登录监狱
- 默认情况下,6次错误的登录尝试将阻止IP 10分钟。
安装
得到它已经做
我已将此包含在最新版本的 下一个 CloudPi,即刻可用的Raspbian 8映像,具有NextCloud 11,HTTP2,PHP7等。
自己做
首先,克隆仓库
吉特 clone //github.com/nachoparker/nextcloud-raspbian-generator.git
然后,有两个选择。
在线安装
SSH到您的Raspberry Pi中,复制 fail2ban.sh 进入并运行
./fail2ban.sh
,或者您可以在一个命令中完成所有操作
cat fail2ban.sh | ssh pi@192.168.0.145 # adjust the IP to your Raspberry Pi
脱机安装(使用QEMU)
这是基于 QEMU上的Raspbian具有网络访问权限.
提取SD卡并将图像复制到计算机(调整 sdx )。
sudo dd if=/dev/sdx of=my_rpi.img bs=4M
然后,
./install-fail2ban.sh my_rpi.img 192.168.0.145
完成后,您可以将其复制回来(调整 sdx )。
sudo dd if=my_rpi.img if=/dev/sdx bs=4M
组态
在安装之前,您可以在以下页面顶部配置以下变量 fail2ban.sh
NCLOG=/var/www/nextcloud/data/nextcloud.log # location of 下一个 cloud logs BANTIME=600 # time to ban an IP that exceeded attempts FINDTIME=600 # cooldown time for incorrect passwords MAXRETRY=6 # bad attempts before banning an IP
安装后,您可以在 /etc/fail2ban/jail.conf,然后发出
sudo fail2ban-client reload
用法
您可以检查每个监狱的状态。的工作方式相同 ssh 监狱。
$ sudo fail2ban-client status nextcloud Status for the jail: nextcloud |- filter | |- File list: /var/www/nextcloud/data/nextcloud.log | |- Currently failed: 1 | `- Total failed: 8 `- action |- Currently banned: 1 | `- IP list: 192.168.0.100 `- Total banned: 1
如果要取消阻止和IP,则可以键入(调整IP)
sudo fail2ban-client set nextcloud unbanip 192.168.0.100
从NC 11开始,对登录进行了基本的暴力保护,但仍然很难执行白名单或取消IP禁止的操作(请参阅 链接 )。
我们可以使用此配置行将其激活或停用
'auth.bruteforce.protection.enabled' => false,
码
#!/bin/bash # Fail2ban installation script for Raspbian # Tested with 2017-01-11-raspbian-jessie.img (and lite) # # Copyleft 2017 通过 Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> # GPL licensed (see end of file) * Use at your own risk! # # 用法 : # cat install-fail2ban.sh | ssh pass -praspberry ssh pi@$IP # # , or scp this file to a Raspberry Pi and run it from Raspbian # # ./fail2ban.sh # # See the variables on the top of the script for tweaking sudo su NCLOG=/var/www/nextcloud/data/nextcloud.log # location of 下一个 cloud logs BANTIME=600 # time to ban an IP that exceeded attempts FINDTIME=600 # cooldown time for incorrect passwords MAXRETRY=6 # bad attempts before banning an IP set -x set -e # INSTALLATION ########################################## apt-get update apt-get install fail2ban -y touch /var/www/nextcloud/data/nextcloud.log chown -R www-data /var/www/nextcloud/data cd /var/www/nextcloud sudo -u www-data php occ config:system:set loglevel --value=2 sudo -u www-data php occ config:system:set log_type --value=file sudo -u www-data php occ config:system:set logfile --value=$NCLOG cat > /etc/fail2ban/filter.d/nextcloud.conf <<'EOF' [INCLUDES] before = common.conf [Definition] failregex = Login failed.*Remote IP.*'<HOST>' ignoreregex = EOF cat > /etc/fail2ban/jail.conf <<EOF # The DEFAULT allows a global definition of the options. They can be overridden # in each jail afterwards. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 # "bantime" is the number of seconds that a host is banned. bantime = $BANTIME # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = $FINDTIME maxretry = $MAXRETRY # # ACTIONS # banaction = iptables-multiport protocol = tcp chain = INPUT action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action = %(action_)s # # SSH # [ssh] enabled = true port = ssh filter = ssh d logpath = /var/log/auth.log maxretry = $MAXRETRY # # HTTP servers # [nextcloud] enabled = true port = http,https filter = nextcloud logpath = $NCLOG maxretry = $MAXRETRY EOF # CLEANUP ########################################## apt-get autoremove -y apt-get clean rm /var/lib/apt/lists/* -r rm -f /home/pi/.bash_history systemctl disable ssh halt # License # # This script is free 软件 ; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published 通过 # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This script is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this script; if not, write to the # Free Software Foundation, Inc., 59 Temple Place, Suite 330, # Boston, MA 02111-1307 USA
在Raspbian 8中运行的Nextcloud 11中进行了测试。
参考文献
//www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04
//github.com/hailthemelody/nextcloud-fail2ban
//docs.nextcloud.com/server/11/admin_manual/configuration_server/config_sample_php_parameters.html
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8
嗨,首先:出色的工作。 下一个 CloudPi确实有助于构建一个小型但不错的Nextcloud-RasPi。所以在这里’s my problem: I’m在RPi3上测试NextCloudPi_03-21-17_FULL.tar.bz2。当我通过nextcloudpi-config激活Fail2ban(我使用默认设置)时,该服务有效,但仅适用于ssh。当我检查状态时,Fail2ban拿起我的“hacks”登录错误并阻止了我的IP。
但这不’与Nextcloud一起使用。无论我从Webfrontend内部使用错误登录的频率如何(/var/www/nextcloud/data/nextcloud.log都会记录失败的尝试),Fail2ban都不会看到这些并阻止ip。柜台“currently failed” stays at 0.
$ sudo tail -f /var/www/nextcloud/data/nextcloud.log [...] {"reqId":"hsmeVAIMR6xy0W1trce\/","remoteAddr":"192.168.111.199","app":"core","message":"Login failed: 'admin' (Remote IP: '192.168.111.199')","level":2,"time":"2017-03-22T13:35:00+00:00","method":"POST","url":"\/index.php\/login?user=admin","user":"--","version":"11.0.2.7"} {"reqId":"dR1ESJGgpn6nkn53CVTK","remoteAddr":"192.168.111.141","app":"core","message":"Login failed: 'admin' (Remote IP: '192.168.111.141')","level":2,"time":"2017-03-22T13:42:17+00:00","method":"HEAD","url":"\/remote.php\/webdav\/","user":"--","version":"11.0.2.7"}您好,
我刚刚在新的NextCloudPi_03-23-17_FULL.img上进行了测试,它对我有用
pi@raspberrypi:~ $ sudo nextcloudpi-config # activate fail2ban, don't touch default settings System config value loglevel set to string 2 System config value log_type set to string file System config value logfile set to string /var/www/nextcloud/data/nextcloud.log insserv: warning: current start runlevel(s) (empty) of script `fail2ban' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `fail2ban' overrides LSB defaults (0 1 6). pi@raspberrypi:~ $ echo " I will now try to log in with the wrong password for user admin" ^C pi@raspberrypi:~ $ sudo tail -f /var/www/nextcloud/data/nextcloud.log {"reqId":"WNOwpH8AAQEAAASm3doAAAoC","remoteAddr":"192.168.0.51","app":"core","message":"Login failed: 'admin' (Remote IP: '192.168.0.51')","level":2,"time":"2017-03-23T11:25:27+00:00","method":"POST","url":"\/index.php\/login","user":"--","version":"11.0.2.7"} ^C pi@raspberrypi:~ $ sudo fail2ban-client status nextcloud Status for the jail: nextcloud |- filter | |- File list: /var/www/nextcloud/data/nextcloud.log | |- Currently failed: 1 | `- Total failed: 1 `- action |- Currently banned: 0 | `- IP list: `- Total banned: 0也许您正在等待600多秒钟来检查状态,而错误尝试已消除?