Odoo 9 community doesn’t come with autoban security. Fail2ban is an alternative to secure Odoo authentication. For more information concerning fail2ban click here
Let’s start with creating a new filter:
vi /etc/fail2ban/filter.d/odoo.conf
Paste the content from bellow code:
[INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] failregex = INFO:openerp.addons.base.res.res_users:Login failed for db:.* login:.*\n.*INFO:werkzeug: - - \[.*\] \"POST /web/login .*\" 200 - - \[.*\] \"POST /web/database/(drop|duplicate|create) HTTP/2.0\" ignoreregex = journalmatch = _SYSTEMD_UNIT=odoo.service + _COMM=odoo [Init] maxlines = 2
Add those line in jail.local
[odoo] enabled = true port = 443,80,8069 filter = odoo logpath = /var/log/syslog maxretry = 5 bantime = -1 findtime = 1h
Change the value of syslog in the /etc/odoo/openerp-server.conf
syslog = True
Restart Odoo then fail2ban to apply modification.