debian, linux, networking, nextcloud, raspberrypi, security

NextCloudPi Fail2Ban installer

This is just a little script that installs and configures Fail2Ban to work with NextCloud.

Fail2Ban will monitor your personal cloud for brute force attacks and block the IP after a number of bad login attempts.

Features

  • SSH jail
  • Nextcloud login jail
  • 6 bad login attempts will block the IP for 10 minutes by default.

Installation

Get it already made

I have included this in the latest release of my NextCloudPi, a ready to use Raspbian 8 image featuring NextCloud 11, HTTP2, PHP7 and more.

Do it yourself

First, clone the repo

Then, there are two options.

Online installation

SSH into your Raspberry Pi, copy the fail2ban.sh into it, and run

, or you can do all that in one command

Offline installation (using QEMU)

This is based on Raspbian on QEMU with network access.

Extract the SD card and copy the image to your computer (adjust sdx).

Then,

Once done, you can copy it back (adjust sdx).

Configuration

Before installation, you can configure the following variables at the top of fail2ban.sh

After installation, you can change those values in /etc/fail2ban/jail.conf, and then issue

Usage

You can check the status of each jail. Works the same way for the ssh jail.

Should you want to unblock and IP you can type ( adjust IP )

From NC 11, there is a basic brute force protection for logins, but it is still hard to do things like whitelist or unban an IP ( see link ).

We can activate it or deactivate it with this line of configuration

Code

github

Tested in Nextcloud 11 running in Raspbian 8.

References

https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04
https://github.com/hailthemelody/nextcloud-fail2ban
https://docs.nextcloud.com/server/11/admin_manual/configuration_server/config_sample_php_parameters.html
http://www.fail2ban.org/wiki/index.php/MANUAL_0_8

Author: nachoparker

Humbly sharing things that I find useful [ github dockerhub ]

2 Comments on “NextCloudPi Fail2Ban installer

  1. Hi, first of: Great work. NextCloudPi really helps to build a small but nice Nextcloud-RasPi. So, here’s my problem: I’m testing NextCloudPi_03-21-17_FULL.tar.bz2 on a RPi3. When I activate Fail2ban over nextcloudpi-config (I go with the default settings) the service works, but only for ssh. When I check the status, Fail2ban picked up my “hacks” with a wrong login and blocked my ip.

    But it doesn’t work with Nextcloud. No matter how often i use a wrong login from within the webfrontend (/var/www/nextcloud/data/nextcloud.log logs this failed attempts), Fail2ban fails to see those and block the ip. The counter “currently failed” stays at 0.

    1. Hello,

      I just tested it on fresh NextCloudPi_03-23-17_FULL.img and it works for me

      Maybe you are waiting more than 600 seconds to check status and the bad attempt clears up?

Leave a Reply

Your email address will not be published. Required fields are marked *