added fail2ban into nextcloud_server.md

linux/nextcloud_server.md

@@ -100,6 +100,64 @@ Così facendo, di default il traffico in ingresso è bloccato, a eccezione delle
 
 Per altre configurazioni di sicurezza: [Mettere in sicurezza un VPS](https://help.ovhcloud.com/csm/it-vps-security-tips?id=kb_article_view&sysparm_article=KB0047709) e anche [Setup fail2ban](https://docs.nextcloud.com/server/21/admin_manual/installation/harden_server.html?highlight=fail2ban#setup-fail2ban)
 
+## fail2ban
+
+Disabilitare l'opzione `'auth.bruteforce.protection.enabled' => 'false',` nel file `/var/www/html/nextcloud/config/config.php`
+
+Quindi
+
+```bash
+apt install fail2ban
+```
+
+Dopo aver installato il pacchetto, creare i file seguenti:
+
+```bash
+ > cat /etc/fail2ban/filter.d/nextcloud.local 
+[Definition]
+_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
+failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
+datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
+
+ > cat /etc/fail2ban/jail.d/nextcloud.local 
+[nextcloud]
+backend = auto
+enabled = true
+port = 80,443
+protocol = tcp
+filter = nextcloud
+#Number of retrys before to ban
+maxretry = 3
+#time in seconds
+bantime = 36000
+findtime = 36000
+#Log path, on Ubuntu usually is following
+logpath = /var/www/nextcloud/data/nextcloud.log
+```
+
+Quindi abilitare e riavviare il servizio:
+
+```bash
+ > systemctl enable --now fail2ban
+ > systemctl restart fail2ban
+
+ > systemctl status fail2ban.service 
+● fail2ban.service - Fail2Ban Service
+     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
+     Active: active (running) since Sun 2023-10-22 17:44:02 UTC; 5min ago
+       Docs: man:fail2ban(1)
+   Main PID: 58185 (fail2ban-server)
+      Tasks: 7 (limit: 2295)
+     Memory: 14.2M
+        CPU: 339ms
+     CGroup: /system.slice/fail2ban.service
+             └─58185 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
+
+ott 22 17:44:02 vps-971850be systemd[1]: Started fail2ban.service - Fail2Ban Service.
+ott 22 17:44:02 vps-971850be fail2ban-server[58185]: 2023-10-22 17:44:02,748 fail2ban.configreader   [58185]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
+ott 22 17:44:02 vps-971850be fail2ban-server[58185]: Server ready
+```
+
 ## Installazione 
 
 ### nginx
@@ -174,10 +232,20 @@ $CONFIG = array (
   'version' => '27.1.2.1',
   'overwrite.cli.url' => 'https://my.domain.com/',
   'default_phone_region' => 'IT',
-  'memcache.local' => '\\OC\\Memcache\\APCu',
-  # https://docs.nextcloud.com/server/27/admin_manual/configuration_server/caching_configuration.html
   'trashbin_retention_obligation' => 'autoi, 2',
   # Il cestino viene svuotato in automatico ogni due giorni
+  # https://docs.nextcloud.com/server/27/admin_manual/configuration_server/caching_configuration.html
+  'memcache.local' => '\\OC\\Memcache\\APCu',
+  'memcache.locking' => '\\OC\\Memcache\\APCu',
+  'filelocking.enabled' => true,
+  'auth.bruteforce.protection.enabled' => false,
+  'logtimezone' => 'Europe/Rome',
+
+[...]
+  
+	'log_type' => 'file',
+  'logfile' => '/var/log/nextcloud-error.log',
+  'loglevel' => 2,
 
 [...]
 ```
@@ -454,3 +522,5 @@ Per la configurazione di Nextcloud sul cellulare Android, seguire [questa guida]
 - [https://docs.nextcloud.com/server/19/admin_manual/configuration_server/background_jobs_configuration.html](https://docs.nextcloud.com/server/19/admin_manual/configuration_server/background_jobs_configuration.html)
 - [https://docs.nextcloud.com/server/27/admin_manual/configuration_server/caching_configuration.html](https://docs.nextcloud.com/server/27/admin_manual/configuration_server/caching_configuration.html)
 - [https://serverok.in/nextcloud-apcu-not-available-for-local-cache](https://serverok.in/nextcloud-apcu-not-available-for-local-cache)
+- [https://marsown.com/wordpress/fail2ban-protection-nextcloud/](https://marsown.com/wordpress/fail2ban-protection-nextcloud/)
+- [https://gist.github.com/GAS85/957e0b1a4f30120225a7be09b173eb24](https://gist.github.com/GAS85/957e0b1a4f30120225a7be09b173eb24)

linux/script/crontab

@@ -8,3 +8,4 @@
 #*  *  *  *  *  user comando
 
 0 9,15,20,22 * * * ~/scripts/rsync.sh
+0 9,15,20,22 * * * ~/scripts/swaync.sh