Sam-R · May 31, 2019 20:01
diff --git a/gistfile1.txt b/gistfile1.txt
 `sudo nano /etc/fail2ban/filter.d/nextcloud.conf`


 ```
 [Definition]
 failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
 	^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
 	^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*$
 ```
  
 `sudo fail2ban-regex /var/nextcloud/data/nextcloud.log /etc/fail2ban/filter.d/nextcloud.conf -v`
  
 Should output:
 
 ```
  Running tests
 =============

 Use   failregex filter file : nextcloud, basedir: /etc/fail2ban
 Use         log file : /var/nextcloud/data/nextcloud.log
 Use         encoding : UTF-8


 Results
 =======

 Failregex: 25941 total
 |-  #) [# of hits] regular expression
 |   1) [0] ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}$
 |   2) [11] ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}$
 ```

 `sudo nano /etc/fail2ban/jail.d/nextcloud.local`

 ```
 [nextcloud]
 ignoreip = 192.168.1.0/24
 backend = auto
 enabled = true
 port = 80,443
 protocol = tcp
 filter = nextcloud
 maxretry = 3
 bantime = 36000
 findtime = 36000
 logpath = /var/nextcloud/data/nextcloud.log
 ```

 `sudo fail2ban-client status nextcloud`

 ```
 Status for the jail: nextcloud
 |- Filter
 |  |- Currently failed: 13
 |  |- Total failed: 82
 |  `- File list:    /var/nextcloud/data/nextcloud.log
 `- Actions
   |- Currently banned: 0
   |- Total banned: 5
   `- Banned IP list:
 ```
	`sudo nano /etc/fail2ban/filter.d/nextcloud.conf`


	```
	[Definition]
	failregex=^{"reqId":".","remoteAddr":".","app":"core","message":"Login failed: '.' \(Remote IP: '<HOST>'\)","level":2,"time":"."}$
	^{"reqId":".","level":2,"time":".","remoteAddr":".","app":"core".","message":"Login failed: '.' \(Remote IP: '<HOST>'\)".}$
	^.\"remoteAddr\":\"<HOST>\".Trusted domain error.*$
	```

	`sudo fail2ban-regex /var/nextcloud/data/nextcloud.log /etc/fail2ban/filter.d/nextcloud.conf -v`

	Should output:

	```
	Running tests
	=============

	Use failregex filter file : nextcloud, basedir: /etc/fail2ban
	Use log file : /var/nextcloud/data/nextcloud.log
	Use encoding : UTF-8


	Results
	=======

	Failregex: 25941 total
	\|- #) [# of hits] regular expression
	\| 1) [0] ^{"reqId":".","remoteAddr":".","app":"core","message":"Login failed: '.' \(Remote IP: '<HOST>'\)","level":2,"time":"."}$
	\| 2) [11] ^{"reqId":".","level":2,"time":".","remoteAddr":".","app":"core".","message":"Login failed: '.' \(Remote IP: '<HOST>'\)".}$
	```

	`sudo nano /etc/fail2ban/jail.d/nextcloud.local`

	```
	[nextcloud]
	ignoreip = 192.168.1.0/24
	backend = auto
	enabled = true
	port = 80,443
	protocol = tcp
	filter = nextcloud
	maxretry = 3
	bantime = 36000
	findtime = 36000
	logpath = /var/nextcloud/data/nextcloud.log
	```

	`sudo fail2ban-client status nextcloud`

	```
	Status for the jail: nextcloud
	\|- Filter
	\| \|- Currently failed: 13
	\| \|- Total failed: 82
	\| `- File list: /var/nextcloud/data/nextcloud.log
	`- Actions
	\|- Currently banned: 0
	\|- Total banned: 5
	`- Banned IP list:
	```