I want to use fail2ban to block users who fail to login after 5 attemps. I followed the instructions in this article.
My filter:
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
my jail:
[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 15m
findtime = 15m
logpath = /var/snap/nextcloud/current/logs/fail2ban.log
I’m running:
OS: Ubuntu 20.04
Install method: Snap
Nextcloud version: 20.0.7
fail2ban version: 0.11.1
I saw a few versions ago there was a breaking change that broke it. Is this the case again?