Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Ubuntu /var/log/auth.log and others are empty

    Support
    firewall security ssh
    3
    6
    82
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dieter last edited by girish

      Hello, everyone,

      I have detected a problem on my Ubuntu server.
      If the topic does not belong here, please let me know directly and delete it...
      I was wondering why fail2ban does not lock anything. And then I noticed that even though there are incorrect logins via ssh, the file /var/log/auth.log remains empty.
      I noticed other empty files:

      alternatives.log, fontconfig.log, bootstrap.log, cloudron-setup.log.

      But I have no idea if this is normal.

      The server was installed the day before yesterday by netcup.de. Here the automatic installation with the Ubuntu 18.04 LTS Image with preinstalled Cloudron was used.
      I just tried a new installation (after a snapshot). The problem remains.

      But maybe this is all normal and I am doing something else wrong?!

      Thanks for your help!

      Greetings
      René

      1 Reply Last reply Reply Quote 0
      • girish
        girish Staff last edited by

        @dieter This is normal. Cloudron does not use fail2ban. For SSH login, we recommend to simply use SSH keys - https://cloudron.io/documentation/security/#securing-ssh-access . That way, blocking IPs and monitoring them etc is superfluous.

        That said, we are looking into adding some firewall related features in Cloudron in coming release. But it won't be IP based, it will be more like an application firewall which will block/rate limit specific routes (like login route of an app).

        1 Reply Last reply Reply Quote 0
        • D
          dieter last edited by

          Thanks @girish for your answer. But exactly over the page you gave me I came to fail2ban.
          https://cloudron.io/documentation/security/#fail2ban

          I installed and tested it and then found out that it does not work. If you write that it is normal that nothing is recorded in the file, it can not work either.

          It's good to read that you are working on a firewall solution and that ssh keys can be used to secure access, but currently the given solution does not work with fail2ban, which can lead to a false sense of security.

          1 Reply Last reply Reply Quote 1
          • D
            dieter last edited by

            To make myself clearer:
            I was only going to use fail2ban to block brute force SSH logins, as indicated.

            1 Reply Last reply Reply Quote 1
            • girish
              girish Staff last edited by

              @dieter I found that the SSH logs are in journalctl -u ssh. It's also important to have the syslog facility *disabled in /etc/ssh/sshd_config:

              # Logging
#SyslogFacility AUTH
#LogLevel INFO

              Just to clarify: cloudron does not setup/manage SSH configs. This seems to be just standard ubuntu configuration.

              1 Reply Last reply Reply Quote 0
              • nebulon
                nebulon Staff last edited by

                To add here, SSHd configs are very often VPS provider specific even, not just Ubuntu. So ideally Cloudron should not try to manage too much around that, since then this might interfere with for example SSH recovery strategies from VPS provider.

                Generally it is always a good idea to use ssh keys instead of password.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post