Fail2ban does not access the nextcloud log

Good evening,

Fail2Ban refuses to access the Nextcloud log file. The os used is Rocky Linux.
I followed the instructions in the Nextcloud documentation for configuration.
Do you know of a solution for this?

The output from systemctl status fail2ban.service:

fail2ban-server: ERROR Failed during configuration: Have not found any log file for nextcloud jail

The output from fail2ban-client status nextcloud:

ERROR   Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?

The nextcloud.local file in the jail.d folder:

[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 86400
findtime = 43200
logpath = /var/www/html/nextcloud/data/nextcloud.log

The nextcloud.conf file in the filter.d folder:

[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"

Greeting
Sebby

Lets get start on a path check. Please make sure if it is valid and file exist, e.g. via:

ls -la /var/www/html/nextcloud/data/nextcloud.log

Yes, the file exist.

-rw-r-----. 1 640 nginx 111591 31. Jul 18:00 /var/www/html/nextcloud/data/nextcloud.log

That’s strange… I strongly belie that you starts fail2ban under root, IDK why it can’t access file.

That’s the thing. fail2ban is run as root yet it denies access. What I could imagine is that selinux has something against it. If that’s the case, I don’t know about the relevant authorization.

Yep. The dot in the file permissions attribute indicates an SELinux context is present. Unfortunately, I don’t have any experience with SELinux, but maybe this is of any help… ssh - Installing fail2ban on CentOS 7 - Unix & Linux Stack Exchange

2 Likes

Many Thanks. Refreshing the httpd_sys_rw_content_t policy with restorecon -R ‘/var/www/html/nextcloud/’ solved the problem.

1 Like