Fail2ban (and other security activity) in Event Logs
-
Correct me if I'm wrong but currently there's no specific log for fail2ban activity, is there? If I'm correct, it would be great to have fail2ban logs (and / or other security activity) in the "Event Logs".
-
@necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.
-
@girish said in Fail2ban (and other security activity) in Event Logs:
@necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.
Hi, as I'm still pondering securing my home server Cloudron setup (with all those open ports), I'd like to re-visit this topic. It'd be very helpful as a first step if rate limiting incidents and other relevant information (e.g. fail2ban for SSH) would be available in Cloudron without using the terminal and polling logs in several different places.
-
@necrevistonnezr We have to look into fail2ban style reporting. But in the meantime, if you haven't already, you should move to ed25519 keys . We have done this with our support keys as well. Previously it was RSA, now it is ED25519 (https://docs.cloudron.io/support/#ssh-keys) .
https://risanb.com/code/upgrade-ssh-key-to-ed25519/ has some good notes.
-
@girish Thanks for the tip on updating SSH-keys.
I wasn't talking about fail2ban reporting, only. I was also referring to the built-in "rate-limiting" of Cloudron (and other security features, e.g. the cloud firewall) where there's currently little or no transparency what's happening.
Since Cloudron "takes over the server" I think it would be a good opportunity to add transparent monitoring of the system's security features similar to the "System info" tab...
