-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document fail2ban setup #421
Comments
@dragotin can we have a discussion to clarify some stuff, I have some ideas... |
Closing via #427 |
Hi, is the fail2ban documentation up to date with the latest version of ocis? 3.0.0 |
@simone-viozzi thanks for your feedback. As noted in the document: ... Let us know the message if you have tested it. We are checking in the meanwhile too. |
Hi, here are some logs of failed logins attempt: {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000579","remote-addr":"151.81.252.241","method":"GET","status":200,"path":"/signin/v1/static/favicon.ico","duration":1.874437,"bytes":15086,"time":"2023-07-20T10:32:56.881855774Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000581","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":158.227293,"bytes":0,"time":"2023-07-20T10:33:01.46935878Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000583","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":186.598918,"bytes":0,"time":"2023-07-20T10:33:08.649988892Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000585","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":155.859626,"bytes":0,"time":"2023-07-20T10:33:09.492626117Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000587","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":245.744327,"bytes":0,"time":"2023-07-20T10:33:10.399507689Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000589","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":156.853749,"bytes":0,"time":"2023-07-20T10:33:11.0874848Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000591","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":184.348916,"bytes":0,"time":"2023-07-20T10:33:11.819599965Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000593","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":164.127284,"bytes":0,"time":"2023-07-20T10:33:12.662943363Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000595","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":127.757209,"bytes":0,"time":"2023-07-20T10:33:13.360720867Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000597","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":157.803878,"bytes":0,"time":"2023-07-20T10:33:14.00692201Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000599","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":243.000888,"bytes":0,"time":"2023-07-20T10:33:14.679202108Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000601","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":155.84995,"bytes":0,"time":"2023-07-20T10:33:17.963432829Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000603","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":183.551865,"bytes":0,"time":"2023-07-20T10:33:18.359297692Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000605","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":159.60439,"bytes":0,"time":"2023-07-20T10:33:18.794718217Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000607","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":224.941435,"bytes":0,"time":"2023-07-20T10:33:19.421798532Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000609","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":157.173032,"bytes":0,"time":"2023-07-20T10:33:19.941321918Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000611","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":185.437506,"bytes":0,"time":"2023-07-20T10:33:20.322303996Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"99814c75e8aa/0feowbrgJx-000613","remote-addr":"151.81.252.241","method":"POST","status":204,"path":"/signin/v1/identifier/_/logon","duration":167.799979,"bytes":0,"time":"2023-07-20T10:33:20.789403668Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:28","message":"access-log"} To get those, I used: tail -f logs/ocis.log | grep -C 5 --line-buffered "151.81.252.241" Where the IP is the IP from which I'm failing to log in. As you can see, there is no |
Thanks, the lines provided are not sufficient, docs says:
Means on lines provided, there must be at lease one line directly above having "message":"invalid credentials" to match the failregex. Only the consecutive log line combination counts. |
|
We just tested a failed login and we got the
|
The regex part I will clarify the regex part |
Oh, I don't have those. I will open an issue on the OCIS repo to ask why I don't have the Thank you. |
A fail2ban setup was discussed on central.o.o: https://central.owncloud.org/t/brute-force-protection-for-user-logins/41568
It would be nice to have that mentioned as extra hardening for example as addition to the "Small-Scale Deployment with systemd".
The text was updated successfully, but these errors were encountered: