Ajout des filtres Fail2Ban pour Nextcloud

ae7eb3eb · nono · 43d20a00 · ae7eb3eb · ae7eb3eb · ae7eb3eb
Commit ae7eb3eb authored Nov 17, 2021 by nono 💻
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@@ -24,7 +24,7 @@
  notify:
    - Relance de fail2ban

- name: Installation des filtres et prison en plus
+- name: Installation des filtres et prison Keycloak
  block:
    - name: Filtres keycloak
      template:
@@ -44,5 +44,28 @@
          group: root
          mode: 0644
      notify:
-        - Relance de fail2ban      
+        - Relance de fail2ban
  when: ansible_facts["nodename"] == "keycloak"
+
+- name: Installation des filtres et prison Nextcloud
+  block:
+    - name: Filtres Nextcloud
+      template:
+        src: fail2ban/filter.nextcloud.conf
+        dest: /etc/fail2ban/filter.d/nextcloud.conf
+        owner: root
+        group: root
+        mode: 0644
+      notify:
+        - Relance de fail2ban
+
+    - name: Prisons keycloak
+      template:
+          src: fail2ban/jail.nextcloud.conf.j2
+          dest: /etc/fail2ban/jail.d/nextcloud.conf
+          owner: root
+          group: root
+          mode: 0644
+      notify:
+        - Relance de fail2ban
+  when: ansible_facts["nodename"] == "nextcloud"
--- a/templates/fail2ban/filer.nextcloud.conf
+++ b/templates/fail2ban/filer.nextcloud.conf
+[Definition]
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
--- a/templates/fail2ban/jail.nextcloud.local.j2
+++ b/templates/fail2ban/jail.nextcloud.local.j2
+[nextcloud]
+backend = auto
+enabled = true
+port = 80,443
+protocol = tcp
+filter = nextcloud
+maxretry = 3
+bantime = 86400
+findtime = 43200
+logpath = /var/ncdata/nextcloud.log