Fail2ban Odoo 9 Authentication

Odoo 9 community doesn’t come with autoban security. Fail2ban is an alternative to secure Odoo authentication. For more information concerning fail2ban click here

Let’s start with creating a new filter:

vi /etc/fail2ban/filter.d/odoo.conf

Paste the content from bellow code:

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

failregex = INFO:openerp.addons.base.res.res_users:Login failed for db:.* login:.*\n.*INFO:werkzeug: - - \[.*\] \"POST /web/login .*\" 200 -
         - \[.*\] \"POST /web/database/(drop|duplicate|create) HTTP/2.0\"

ignoreregex =
journalmatch = _SYSTEMD_UNIT=odoo.service + _COMM=odoo

[Init]

maxlines = 2

Add those line in jail.local

[odoo]
enabled = true
port    = 443,80,8069
filter  = odoo
logpath = /var/log/syslog
maxretry = 5
bantime  = -1
findtime = 1h

Change the value of syslog in the /etc/odoo/openerp-server.conf

syslog = True

Restart Odoo then fail2ban to apply modification.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.