Commit ae7eb3eb authored by nono's avatar nono 💻
Browse files

Ajout des filtres Fail2Ban pour Nextcloud

parent 43d20a00
......@@ -24,7 +24,7 @@
notify:
- Relance de fail2ban
- name: Installation des filtres et prison en plus
- name: Installation des filtres et prison Keycloak
block:
- name: Filtres keycloak
template:
......@@ -44,5 +44,28 @@
group: root
mode: 0644
notify:
- Relance de fail2ban
- Relance de fail2ban
when: ansible_facts["nodename"] == "keycloak"
- name: Installation des filtres et prison Nextcloud
block:
- name: Filtres Nextcloud
template:
src: fail2ban/filter.nextcloud.conf
dest: /etc/fail2ban/filter.d/nextcloud.conf
owner: root
group: root
mode: 0644
notify:
- Relance de fail2ban
- name: Prisons keycloak
template:
src: fail2ban/jail.nextcloud.conf.j2
dest: /etc/fail2ban/jail.d/nextcloud.conf
owner: root
group: root
mode: 0644
notify:
- Relance de fail2ban
when: ansible_facts["nodename"] == "nextcloud"
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 86400
findtime = 43200
logpath = /var/ncdata/nextcloud.log
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment