NextCloudPi Fail2Ban installer

This is just a little script that installs and configures Fail2Ban to work with NextCloud.

Fail2Ban will monitor your personal cloud for brute force attacks and block the IP after a number of bad login attempts.

Features

  • SSH jail
  • Nextcloud login jail
  • 6 bad login attempts will block the IP for 10 minutes by default.

Installation

Get it already made

I have included this in the latest release of my NextCloudPi, a ready to use Raspbian 8 image featuring NextCloud 11, HTTP2, PHP7 and more.

Do it yourself

First, clone the repo

Then, there are two options.

Online installation

SSH into your Raspberry Pi, copy the fail2ban.sh into it, and run

, or you can do all that in one command

Offline installation (using QEMU)

This is based on Raspbian on QEMU with network access.

Extract the SD card and copy the image to your computer (adjust sdx).

Then,

Once done, you can copy it back (adjust sdx).

Configuration

Before installation, you can configure the following variables at the top of fail2ban.sh

After installation, you can change those values in /etc/fail2ban/jail.conf, and then issue

Usage

You can check the status of each jail. Works the same way for the ssh jail.

Should you want to unblock and IP you can type ( adjust IP )

Code

github

Tested in Nextcloud 11 running in Raspbian 8.

References

https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04
https://github.com/hailthemelody/nextcloud-fail2ban
https://docs.nextcloud.com/server/11/admin_manual/configuration_server/config_sample_php_parameters.html
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8

Humbly sharing things that I find useful [ github | gist ]