Changes

Changes

1,405 bytes added , 20:39, 5 October 2015

→‎Security: Added Fail2ban configuration

Line 116: Line 116:

=====Further Reading=====

The French Wikipedia page, [https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict Transport Security] provides a good description. The English page is not as detailed, unfortunately, but there are handy page translation tools availalble on the web.

====Fail2Ban====

If you have installed the [[Fail2ban|Fail2Ban]] contrib, you can configure it to block ownCloud logins from a given IP address after repeated failures. To do this, you will first need to create a definition file telling Fail2ban what a failed login looks like, then create a template fragment to activate that definition, and finally restart fail2ban.

First, create the definition file:

# nano -w /etc/fail2ban/filter.d/owncloud.conf

This file should contain the following text:

[Definition]

failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' $Remote IP: '<HOST>$","level":2,"time":".*"}

ignoreregex =

Press Ctrl-X to exit, and Y to save the file.

Next, create the template fragment:

# mkdir -p /etc/e-smith/templates/custom/etc/fail2ban/jail.conf

# nano -w /etc/e-smith/templates-custom/etc/fail2ban/jail.conf/30Service55owncloud

That file should contain the following:

[owncloud]

enabled = true

filter = owncloud

action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]

logpath = /home/e-smith/files/ibays/owncloud/html/data/owncloud.log

maxretry = 3

port = 80,443

protocol = tcp

Again, Ctrl-X to exit, and Y to save. Then reconfigure the fail2ban service:

# signal-event fail2ban-conf

For more information, see [https://forum.owncloud.org/viewtopic.php?f=8&t=28678 this thread] on the ownCloud forum.

===User login and permissions===

DanB35

147

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/28945"

OwnCloud (view source)

Revision as of 20:39, 5 October 2015

Navigation menu

Search