Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 794835 - www-apps/nextcloud: add fail2ban configuration files
Summary: www-apps/nextcloud: add fail2ban configuration files
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement
Assignee: Bernard Cafarelli
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-07 21:22 UTC by A Schenck
Modified: 2022-01-15 17:59 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
fail2ban filter.d conf for nextcloud (nextcloud.conf,330 bytes, text/plain)
2021-06-07 21:22 UTC, A Schenck
Details
fail2ban jail.d config for nextcloud (nextcloud.local,201 bytes, text/plain)
2021-06-07 21:23 UTC, A Schenck
Details

Note You need to log in before you can comment on or make changes to this bug.
Description A Schenck 2021-06-07 21:22:38 UTC
Created attachment 714366 [details]
fail2ban filter.d conf for nextcloud

Upstream has a suggestion for fail2ban filter.d and jail.d configuration: https://docs.nextcloud.com/server/19/admin_manual/installation/harden_server.html#setup-fail2ban .  It was pretty easy to do myself but I didn't even think of it until randomly stumbling across it.  Would be kinda nice if it was just baked into the ebuild.  Maybe falls under the "small files" policy like systemd units?  Or a useflag would be simple enough, just annoying to remerge a giant package like nextcloud for a couple of conf files.
Comment 1 A Schenck 2021-06-07 21:23:02 UTC
Created attachment 714369 [details]
fail2ban jail.d config for nextcloud
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-07 21:55:57 UTC
I'd be happy with including these with fail2ban if we wanted to go in that direction under e.g. USE=contrib?
Comment 3 Tomáš Mózes 2021-06-08 16:35:14 UTC
Good idea, however the log path may probably differ based on where you install nextcloud:

logpath = /var/www/localhost/htdocs/nextcloud/data/nextcloud.log
Comment 4 A Schenck 2021-07-11 01:41:58 UTC
(In reply to Tomáš Mózes from comment #3)
> Good idea, however the log path may probably differ based on where you
> install nextcloud:
> 
> logpath = /var/www/localhost/htdocs/nextcloud/data/nextcloud.log

I guess I was imagining a 'has_version(fail2ban)' in pkg_postinst that would tell the user that a configuration was installed and they need to modify the logpath to work for their setup.  Alternately, a fail2ban USE flag which would gate whether these files were installed and the message in postinst.

fail2ban doesn't appear to be a USE flag anywhere else, so a 'contrib' flag doing the same would make sense too, it would just have to have a local use description.