Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Fail2ban (and other security activity) in Event Logs

    Discuss
    security logs fail2ban
    2
    5
    260
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • necrevistonnezr
      necrevistonnezr last edited by necrevistonnezr

      Correct me if I'm wrong but currently there's no specific log for fail2ban activity, is there? If I'm correct, it would be great to have fail2ban logs (and / or other security activity) in the "Event Logs".

      1 Reply Last reply Reply Quote 2
      • girish
        girish Staff last edited by girish

        @necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.

        necrevistonnezr 1 Reply Last reply Reply Quote 1
        • necrevistonnezr
          necrevistonnezr @girish last edited by necrevistonnezr

          @girish said in Fail2ban (and other security activity) in Event Logs:

          @necrevistonnezr There is no fail2ban on Cloudron. Currently, we just rate limit all authentication routes to minimize risk (and with 2FA and app passwords risks are even lower now). We had a plan to implement firewalling this release (rate limits per IP, block specific IP etc), but already changes were piling up. So, we will have some more advanced firewalling features in a future release.

          Hi, as I'm still pondering securing my home server Cloudron setup (with all those open ports), I'd like to re-visit this topic. It'd be very helpful as a first step if rate limiting incidents and other relevant information (e.g. fail2ban for SSH) would be available in Cloudron without using the terminal and polling logs in several different places.

          girish 1 Reply Last reply Reply Quote 0
          • girish
            girish Staff @necrevistonnezr last edited by

            @necrevistonnezr We have to look into fail2ban style reporting. But in the meantime, if you haven't already, you should move to ed25519 keys . We have done this with our support keys as well. Previously it was RSA, now it is ED25519 (https://docs.cloudron.io/support/#ssh-keys) .

            https://risanb.com/code/upgrade-ssh-key-to-ed25519/ has some good notes.

            necrevistonnezr 1 Reply Last reply Reply Quote 2
            • necrevistonnezr
              necrevistonnezr @girish last edited by

              @girish Thanks for the tip on updating SSH-keys.

              I wasn't talking about fail2ban reporting, only. I was also referring to the built-in "rate-limiting" of Cloudron (and other security features, e.g. the cloud firewall) where there's currently little or no transparency what's happening.

              Since Cloudron "takes over the server" I think it would be a good opportunity to add transparent monitoring of the system's security features similar to the "System info" tab...

              1 Reply Last reply Reply Quote 2
              • First post
                Last post
              Powered by NodeBB