Fail2ban not working

tbuyvoets · April 9, 2021, 8:25pm

I want to use fail2ban to block users who fail to login after 5 attemps. I followed the instructions in this article.

My filter:


[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
            ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"

my jail:


[nextcloud]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 15m
findtime = 15m
logpath = /var/snap/nextcloud/current/logs/fail2ban.log

I’m running:
OS: Ubuntu 20.04
Install method: Snap
Nextcloud version: 20.0.7
fail2ban version: 0.11.1

I saw a few versions ago there was a breaking change that broke it. Is this the case again?

bb77 · April 10, 2021, 9:50am

I don’t really know the details of the Nextcloud Snap package. But shouldn’t the log path for the jail be /var/snap/nextcloud/current/logs/nextcloud.log?

tbuyvoets · April 10, 2021, 10:12am

That was indeed the issue. I thought the log file was a file that fail2ban use for logging. But it’s the logfile it watches for failed logins.

thank you!