add filters and jails

fail2ban/filter.d/authelia-auth.conf

@@ -0,0 +1,13 @@
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = ^.*Unsuccessful (1FA|TOTP|Duo|U2F) authentication attempt by user .*remote_ip="?<HOST>"? stack.*
+            (?i)^.*access to .*is not authorized.*remote_ip=<HOST>
+            ^.* is banned until .*remote_ip=<HOST> stack.*
+
+ignoreregex = ^.*level=debug.*
+              ^.*level=info.*
+              ^.*level=warning.*

fail2ban/filter.d/gitea-auth.conf

@@ -0,0 +1,7 @@
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>

fail2ban/filter.d/nextcloud-auth.conf

@@ -0,0 +1,7 @@
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex=^{"reqId":".*","remoteAddr":"<HOST>".*message":"Login failed: .*}$

fail2ban/jail.d/authelia-auth.conf

@@ -0,0 +1,5 @@
+[authelia-auth]
+
+enabled  = false
+port     = http,https,9091
+logpath  = /remotelogs/authelia/authelia.log

fail2ban/jail.d/gitea-auth.conf

@@ -0,0 +1,5 @@
+[gitea-auth]
+
+enabled  = false
+port     = http,https
+logpath  = /remotelogs/gitea/gitea/log/gitea.log

fail2ban/jail.d/jail.local

@@ -0,0 +1,24 @@
+[DEFAULT]
+ignoreip = 10.0.0.0/8, 192.168.0.0/16, 127.0.0.1, 172.0.0.0/8
+action = cloudflare
+
+[authelia-auth]
+filter=authelia-auth
+enabled = yes
+findtime = 3600
+maxretry = 3
+bantime = -1
+
+[nextcloud-auth]
+filter=nextcloud-auth
+enabled = yes
+findtime = 3600
+maxretry = 3
+bantime = -1
+
+[gitea-auth]
+filter=gitea-auth
+#enabled = yes
+findtime = 3600
+maxretry = 3
+bantime = -1

fail2ban/jail.d/nextcloud-auth.conf

@@ -0,0 +1,5 @@
+[nextcloud-auth]
+
+enabled  = false
+port     = http,https
+logpath  = /remotelogs/nextcloud/data/nextcloud.log