fail2ban: add a ufw jail and filter (dmaroulidis)

Signed-off-by: nachoparker <nacho@ownyourbits.com>

Author: nachoparker

bin/ncp/SECURITY/fail2ban.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Fail2ban installation script for Raspbian 
+# Fail2ban for NextCloudPi
 #
 # Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
 # GPL licensed (see end of file) * Use at your own risk!
@@ -46,11 +46,19 @@ echo "Starting fail2ban..."
 service fail2ban start
 
 exit 0
+EOF
+
+  cat > /etc/fail2ban/filter.d/ufwban.conf <<'EOF'
+[INCLUDES]
+before = common.conf
+[Definition]
+failregex = UFW BLOCK.* SRC=
+ignoreregex =
 EOF
     chmod +x /etc/services-available.d/100fail2ban
   }
 
-  # tweak fail2ban email 
+  # tweak fail2ban email
   local F=/etc/fail2ban/action.d/sendmail-common.conf
   sed -i 's|Fail2Ban|NextCloudPi|' /etc/fail2ban/action.d/sendmail-whois-lines.conf
   grep -q actionstart_ "$F" || sed -i 's|actionstart|actionstart_|' "$F"
@@ -60,11 +68,11 @@ EOF
 
 configure()
 {
-  [[ $ACTIVE != "yes" ]] && { 
+  [[ $ACTIVE != "yes" ]] && {
     service fail2ban stop
     update-rc.d fail2ban disable
     echo "fail2ban disabled"
-    return 
+    return
   }
 
   local NCLOG="/var/www/nextcloud/data/nextcloud.log"
@@ -144,6 +152,13 @@ port     = http,https
 filter   = nextcloud
 logpath  = $NCLOG
 maxretry = $MAXRETRY
+
+[ufwban]
+enabled = true
+port = ssh, http, https
+filter = ufwban
+logpath = /var/log/ufw.log
+action = ufw
 EOF
   cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
   update-rc.d fail2ban defaults

changelog.md

@@ -1,11 +1,17 @@
 
-[v1.12.3](https://github.com/nextcloud/nextcloudpi/commit/b797129) (2019-05-11) nc-scan-auto: recursive and home-only options
+[v1.12.6](https://github.com/nextcloud/nextcloudpi/commit/e6ddc93) (2019-05-25) fail2ban: add a ufw jail and filter (dmaroulidis)
+
+[v1.12.5 ](https://github.com/nextcloud/nextcloudpi/commit/30c0f57) (2019-05-25) ncp-web: update config reference URL
+
+[v1.12.4 ](https://github.com/nextcloud/nextcloudpi/commit/c8d6222) (2019-05-26) ncp-web: Pt Translate (#907)
+
+[v1.12.3 ](https://github.com/nextcloud/nextcloudpi/commit/d938481) (2019-05-11) nc-scan-auto: recursive and home-only options
 
 [v1.12.2 ](https://github.com/nextcloud/nextcloudpi/commit/7589081) (2019-05-11) fix logrotate files
 
-[v1.12.1](https://github.com/nextcloud/nextcloudpi/commit/1be5ddd) (2019-05-01) Rename configuration variables into self-documenting ones (#889)
+[v1.12.1 ](https://github.com/nextcloud/nextcloudpi/commit/1be5ddd) (2019-05-01) Rename configuration variables into self-documenting ones (#889)
 
-[v1.12.0](https://github.com/nextcloud/nextcloudpi/commit/f34354c) (2019-04-29) ncp-web: add backups panel
+[v1.12.0 ](https://github.com/nextcloud/nextcloudpi/commit/f34354c) (2019-04-29) ncp-web: add backups panel
 
 [v1.11.5 ](https://github.com/nextcloud/nextcloudpi/commit/01cd421) (2019-04-29) letsencrypt: force renewal by default