Fail2ban (and other security activity) in Event Logs
-
Correct me if I'm wrong but currently there's no specific log for fail2ban activity, is there? If I'm correct, it would be great to have fail2ban logs (and / or other security activity) in the "Event Logs".
-
@necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.
-
@necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.
@girish said in Fail2ban (and other security activity) in Event Logs:
@necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.
Hi, as I'm still pondering securing my home server Cloudron setup (with all those open ports), I'd like to re-visit this topic. It'd be very helpful as a first step if rate limiting incidents and other relevant information (e.g. fail2ban for SSH) would be available in Cloudron without using the terminal and polling logs in several different places.
-
@girish said in Fail2ban (and other security activity) in Event Logs:
@necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.
Hi, as I'm still pondering securing my home server Cloudron setup (with all those open ports), I'd like to re-visit this topic. It'd be very helpful as a first step if rate limiting incidents and other relevant information (e.g. fail2ban for SSH) would be available in Cloudron without using the terminal and polling logs in several different places.
@necrevistonnezr We have to look into fail2ban style reporting. But in the meantime, if you haven't already, you should move to ed25519 keys . We have done this with our support keys as well. Previously it was RSA, now it is ED25519 (https://docs.cloudron.io/support/#ssh-keys) .
https://risanb.com/code/upgrade-ssh-key-to-ed25519/ has some good notes.
-
@necrevistonnezr We have to look into fail2ban style reporting. But in the meantime, if you haven't already, you should move to ed25519 keys . We have done this with our support keys as well. Previously it was RSA, now it is ED25519 (https://docs.cloudron.io/support/#ssh-keys) .
https://risanb.com/code/upgrade-ssh-key-to-ed25519/ has some good notes.
@girish Thanks for the tip on updating SSH-keys.
I wasn't talking about fail2ban reporting, only. I was also referring to the built-in "rate-limiting" of Cloudron (and other security features, e.g. the cloud firewall) where there's currently little or no transparency what's happening.
Since Cloudron "takes over the server" I think it would be a good opportunity to add transparent monitoring of the system's security features similar to the "System info" tab...
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login