Created attachment 714366 [details] fail2ban filter.d conf for nextcloud Upstream has a suggestion for fail2ban filter.d and jail.d configuration: https://docs.nextcloud.com/server/19/admin_manual/installation/harden_server.html#setup-fail2ban . It was pretty easy to do myself but I didn't even think of it until randomly stumbling across it. Would be kinda nice if it was just baked into the ebuild. Maybe falls under the "small files" policy like systemd units? Or a useflag would be simple enough, just annoying to remerge a giant package like nextcloud for a couple of conf files.
Created attachment 714369 [details] fail2ban jail.d config for nextcloud
I'd be happy with including these with fail2ban if we wanted to go in that direction under e.g. USE=contrib?
Good idea, however the log path may probably differ based on where you install nextcloud: logpath = /var/www/localhost/htdocs/nextcloud/data/nextcloud.log
(In reply to Tomáš Mózes from comment #3) > Good idea, however the log path may probably differ based on where you > install nextcloud: > > logpath = /var/www/localhost/htdocs/nextcloud/data/nextcloud.log I guess I was imagining a 'has_version(fail2ban)' in pkg_postinst that would tell the user that a configuration was installed and they need to modify the logpath to work for their setup. Alternately, a fail2ban USE flag which would gate whether these files were installed and the message in postinst. fail2ban doesn't appear to be a USE flag anywhere else, so a 'contrib' flag doing the same would make sense too, it would just have to have a local use description.