diff --git a/fail2ban/files/filter.d/nextcloud.local b/fail2ban/files/filter.d/nextcloud.local new file mode 100644 index 0000000..f1ac53c --- /dev/null +++ b/fail2ban/files/filter.d/nextcloud.local @@ -0,0 +1,6 @@ +[Definition] +_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) +failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed: + ^\{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error. +datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" + diff --git a/fail2ban/jails.sls b/fail2ban/jails.sls index be42d07..00841db 100644 --- a/fail2ban/jails.sls +++ b/fail2ban/jails.sls @@ -1,3 +1,4 @@ +# SSH configure sshd jail: file.managed: - name: /etc/fail2ban/jail.d/sshd.local @@ -8,10 +9,30 @@ configure sshd jail: - onlyif: - pkg.is_installed: openssh +# Nextcloud +configure nextcloud jail: + file.managed: + - name: /etc/fail2ban/jail.d/nextcloud.local + - source: salt://fail2ban/files/jail.d/nextcloud.local + - user: root + - group: root + - mode: "0644" + - onlyif: runuser -l {{ salt['pillar.get']('podman:user', 'root') }} -c 'podman container exists gitea' +configure nextcloud filter: + file.managed: + - name: /etc/fail2ban/filter.d/nextcloud.local + - source: salt://fail2ban/files/filter.d/nextcloud.local + - user: root + - group: root + - mode: "0644" + - onlyif: runuser -l {{ salt['pillar.get']('podman:user', 'root') }} -c 'podman container exists gitea' +###### realod fail2ban config: cmd.run: - name: fail2ban-client reload - onchanges: - file: configure sshd jail + - file: configure nextcloud jail + - file: configure nextcloud filter