paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-04-21 10:29:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

Created Fail2Ban (markdown)

Guillaume Hullin 2023-05-18 22:08:44 +02:00
parent 738ac363b2
commit a4947523e9
1 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
Fail2Ban.md Normal file

@ -0,0 +1,65 @@
> Fail2ban is a powerful tool for securing your server by monitoring log files for suspicious activity and banning IP addresses that exhibit malicious behavior.
1. Create the Fail2ban Jail
The first step is to create a fail2ban jail configuration file for Paperless. Open your preferred text editor and create a new file named `paperless.conf` in the `/etc/fail2ban/jail.d/` directory.
Add the following contents to the file:
```bash
[paperless]
enabled = true
maxretry = 5
filter = paperless
logpath = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log
chain = DOCKER-USER
port = 8000
[paperless_proxy]
enabled = true
maxretry = 5
filter = paperless
logpath = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log
port = http,https
```
If the Paperless Docker volumes are located to a different location (`/var/lib/docker/volumes/`), modify the `logpath` accordingly.
If you are not using a reverse proxy to access Paperless you can remove the `[paperless_proxy]` section.
2. Create the Fail2ban Filter File
This file will define the pattern that fail2ban will look for in the Paperless log file to identify malicious activity.
Create a new file named `paperless.conf` in the `/etc/fail2ban/filter.d/` directory.
Add the following contents to the file:
```
[Definition]
failregex = Login failed for user `.*` from (?:IP|private IP) `<HOST>\.`$
ignoreregex =
```
3. Restart fail2ban
Now that the jail and filter files have been created, you need to restart fail2ban for the changes to take effect.
```bash
$ sudo systemctl restart fail2ban
```
4. Test the Fail2ban Jail
To test that the jail is working correctly, try logging into Paperless with an incorrect username or password multiple times from a different IP address. After the fifth attempt, fail2ban should ban the IP address.
You can view the status of the jail by running the following command:
```bash
$ sudo fail2ban-client status paperless
$ sudo fail2ban-client status paperless_proxy
```
You can unban an IP address by running the following command:
```bash
$ sudo fail2ban-client unban xx.xx.xx.xx
```