Odoo Help

4

2
21 Answers
1
Avatar

Yenthe Van Ginneken Belgium

--Yenthe Van Ginneken--
25150
| 9 9 12
Turnhout, Belgium
--Yenthe Van Ginneken--


Yenthe Van Ginneken Belgium
4/8/19, 2:44 AM

Hi all,

There are already two answers but I was not able to pinpoint the issue with both. Here are the steps to configure fail2ban with Odoo:

1. Install fail2ban:

sudo apt-get install fail2ban

2. Copy the default jail.conf file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
3. Edit the copied file:
sudo nano /etc/fail2ban/jail.local

4. Add the following code at the end of the file and then save it:

[odoo-login]
enabled = true
port = http,https
bantime = 90000  ; 15 min ban
maxretry = 5  ; if 5 attempts
findtime = 7260  ; within 1 min - by default fail2ban is in local time so 1h diff
logpath = /var/log/odoo/odoo-server.log ; be sure it matches with your logfile location
5. Create an odoo-login local file:
/etc/fail2ban/filter.d/odoo-login.local

6. Add in the following definition in the file:

[Definition]
failregex = ^ \d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>
ignoreregex =
7. Restart the fail2ban client:
sudo fail2ban-client restart

If you would now make more than 5 invalid login attempts you'll see a notice with a "BAN" in the logfile of the fail2ban log. See /var/log/fail2ban.log

Regards,
Yenthe

0
Lewi S. Kristianto Indonesia
10/7/19, 2:08 AM

experiencing this also, in environment centos 7, but found out that checking regex in https://regexr.com/ worked, 

seem fail2ban not recognize \S+
# fail2ban-regex  -v "/var/log/messages" "/etc/fail2ban/filter.d/odoo-login.conf"
-> not working

need to modify /etc/fail2ban/filter/odoo-login.conf:
[Definition]
#string log -> Oct  7 14:07:38 support journal: Odoo Server 12.0:HR:INFO:odoo.addons.base.models.res_users:Login failed for db:HR login:123 from x.x.x.x
#failregex = ^ \d+ INFO \S+ \S+Login failed for db:\S+ login:\S+ from <HOST>
failregex :Login failed for db:\S+ login:\S+ from <HOST>$
ignoreregex =

file /etc/fail2ban/jail.d/odoo-login.conf
[odoo-login]
enabled = true
filter = odoo-login
action = iptables-multiport-tcp[name=odoo-login, port="80,443", protocol=tcp]
                mail-whois-lines[name=odoo-login, dest=root, sender=fail2ban]
logpath = /var/log/messages
findtime = 7200
bantime = 7200
maxretry = 10

in /etc/odoo12.conf, require to add:
syslog = True

0
Avatar

Mag. Wolfgang Taferner Austria

--Mag. Wolfgang Taferner--

6437
| 2 1 3
Wien, Austria
--Mag. Wolfgang Taferner--


Mag. Wolfgang Taferner Austria
9/21/18, 3:29 AM

Possible pitfalls for fail2ban and Odoo.

  • log file is too big

  • regex does not match

Test your regex and logfile with the command underneath and you should get back the proper results

fail2ban-regex -v "your_logfile" "/etc/fail2ban/filter.d/odoo.conf"

0
Avatar

Ermin Trevisan Switzerland

--Ermin Trevisan--
16556
| 8 7 10
Walchwil, Switzerland
--Ermin Trevisan--


Ermin Trevisan Switzerland
5/29/18, 4:00 AM

The regex expression does not match. Try the following with a regex tester:

INFO \S+ \S+ Login failed for db:\S+ login:\S+
17 Comments
twanda AG, Ermin Trevisan Switzerland
5/29/18, 5:16 AM

In my Odoo log I do not have "from <host>" at the end of the line.

Oocademy, Yenthe Van Ginneken Belgium
5/29/18, 5:27 AM

Did you test on an 11.0 with the commit from https://github.com/odoo/odoo/commit/86ffb549bf80b054f8bb5131c52d3e7757accb29 though? It has only been introduced 13 days ago

twanda AG, Ermin Trevisan Switzerland
5/29/18, 5:30 AM

I did test with the latest nightly build (deb).

twanda AG, Ermin Trevisan Switzerland
5/29/18, 5:31 AM

...from today, I meant.

Oocademy, Yenthe Van Ginneken Belgium
5/29/18, 5:41 AM

Hmm, odd :-/ I do see it logged in the Odoo log, fail2ban just doesn't seem to detect it.

twanda AG, Ermin Trevisan Switzerland
5/29/18, 5:42 AM

Sorry for the noise, now I see it also, after a -u all, finally.

twanda AG, Ermin Trevisan Switzerland
5/29/18, 5:44 AM

Did you try this: https://fail2ban.readthedocs.io/en/latest/filters.html#developing-testing-a-regex ?

I will try to set up the same this evening when I'll have figured out how to do it with a remote proxy server.

Oocademy, Yenthe Van Ginneken Belgium
6/1/18, 5:56 AM

Hey Ermin - did you get around to this? I did two more attempts in the evenings but I still haven't figured out my mistake :-)

Oocademy, Yenthe Van Ginneken Belgium
8/2/18, 3:49 AM

Up untill now I was not able to get it working sadly.

Bill Ennals Australia
1/18/19, 5:20 AM

Hi Yenthe. I thought I would comment that I tried setting this up according to the instructions from the github link you posted and it seems to work fine. I'm not a coder or sysadmin really so I'm not sure I can help, but if you can think of any info that might help, ask away.

Bill Ennals Australia
1/18/19, 5:33 AM

...also, I tried the regex test as suggested by Mag. Wolfgang Taferner above and got plenty of hits. Have you tried that?

Oocademy, Yenthe Van Ginneken Belgium
1/18/19, 5:35 AM

I did try the regex from Wolfgang but that didn't work either. So with the message from Olivier Dony (https://github.com/odoo/odoo/commit/86ffb549bf80b054f8bb5131c52d3e7757accb29) you where able to configure it? Did you see a difference with your deployment and my steps?

Bill Ennals Australia
1/18/19, 10:36 PM

Yes, that's right. In the Odoo section of my jail.local file I have a line pointing to the filter (odoo-server.conf in my case) to use - "filter = odoo-server" - which I don't see in your step 3. above, though that wouldn't explain why the fail2ban-regex test is failing.

Here is a line from my odoo-server log that get's picked up by the fail2ban-regex test:

2019-01-19 03:21:34,708 1618 INFO test odoo.addons.base.res.res_users: Login failed for db:test login:a;sldfkj from 123.175.237.239

...and here is the filter that detects the failed login in the fail2ban-regex test in my installation.

# fail2ban filter configuration for odoo (on nginx)

[Definition]

failregex = ^ \d+ INFO \S+ \S+ Login failed for db:\S+ login:\S+ from <HOST>

ignoreregex =

Bill Ennals Australia
1/18/19, 10:39 PM

...perhaps if you use those two things and the fail2ban-regex test doesn't register a hit, there is something awry with your fail2ban install?

Oocademy, Yenthe Van Ginneken Belgium
1/23/19, 5:07 AM

Thanks Bill - guess I have to setup a new test environment and test your ideas :)

Bill Ennals Australia
1/25/19, 6:55 PM

ok, good luck. FYI I used your script (actually the latest big update version from Chris001) to install 11 CE on an AWS t2-micro server with Ubuntu 16.04 and Nginx as reverse proxy.

Ask a Question
Keep Informed
0 follower(s)
About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

Register
Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now