Cloudron works great with Wazuh/Ossec agent

Just wanted to report that, I installed Wazuh/ossec agent on my cloudron server to grab logs and send to a security onion. I've been running it alongside the Cloudron now for a while. I've been getting alerts, logs sent back etc. Everything is going well. So if you want a HIDS on your Cloudron server, Wazuh works.

Any updates on jitsi meet?

I Love this app. I'm using my cloudron adguard instance as the backup DNS to my Adguard instance i have installed in docker on my router. That way all dns requests are filtered through my firewall allow/block rules list first prior to hitting the dns filters. This ensures my NGW block lists that operation at dns level can take effect. thanks for implementing this. Its working great.

@girish Over the next month, I'm going to go line by line through that CIS benchmark and implement it then check for functionality. Would you be interested in that report? My thoughts are if its compatible with Cloudron functions, it may be something worthwhile to implement as part of the install script prior to installing the actual Cloudron core components?

Imagine this, My family, fed up with censorship from social media and privacy concerns, decides to "cut the cord" on social media. We just have no alternatives to easily set up for non tech(assume we are non techies). Enter cloudron box. A device a bit bigger then a roku premier + that is a mini fanless pc with a 4 core chip and 16gb ram. It comes preinstalled with cloudron and 2 "social media" chat apps installed. It also comes with a instructional card on how to download the "cloudron app" to register a domain name and sync it with your box. For a low monthly fee you can get additional access to the cloudron app store and routine updates.

IF yall could make setting up a home hosted cloudron server as easy as installing a roku, you guys could create a whole new segment of the market by targetting social media "cord cutters" who still want to network with friends and family easily and own their own data. just saying.

Do ya'll use any checklists to harden your servers like CIS? I have the CIS ubuntu linux hardening checklist and i'm wondering if any of ya'll have run it and if so is there anything in there thats not obvious which will break our cloudron server functionality?

I recently ran some vulnerability tests via qualys against my cloudron setup and im showing a vulnerability with the 993 using tls 1.0. I thought 1.0 was disabled by cloudron? Is this a false alarm? IF not, is there an easy way to force tls 1.2 only?

Id be very interested in this. This could integrate nicely with the chat options we already have like rocketchat and Element.

I've tried element/matrix and now rocket.chat. I find rocket.chat to be lightyears easier on administration/moderation then matrix. Admin rocket.chat is borderline enjoyable. Admin matrix was not. Additionally, the users i've talked to about ease of use (caveat only about 10) all preferred rocket hands down to element. Lastly, Rocket has the dankest GIFS.

@d19dotca I used the qualys vulnerability scanner community edition. You need to create an qualys account and use the actual vulnerability scanner. Also if you are running a firewall, you may have to unblock the qualys IP if it auto blocks it when it attempts various "scans' like checking for heartbleed etc. you can sign up for here https://www.qualys.com/community-edition/

How difficult would it be to add the Modsecurity WAF for NGINX to the standard Cloudron NGINX build? And implementing the OWASP CRS ruleset? This would give the NGINX reverse Proxy some pretty capable WAF capabilities out of the box as well

https://docs.nginx.com/nginx-waf/admin-guide/nginx-plus-modsecurity-waf-installation-logging/

https://docs.nginx.com/nginx-waf/admin-guide/nginx-plus-modsecurity-waf-owasp-crs/

Are you guys tracking these vulnerabilities being exploited on Apache 2.4.x servers in the wild?

https://httpd.apache.org/security/vulnerabilities_24.html

Id be very interested in this. This could integrate nicely with the chat options we already have like rocketchat and Element.

@girish I'm not sure if it matters or not tbh. Will the spamlists work if these lookups get blocked? because to the best of my ability to tell, all these spam list related lookups are being blocked by my firewall. Im not getting any spam in my inbox though so im happy on the no spam front.

@atrilahiji yes and every other DNS lookup from the cloudron server gets sent to the right place these are the only ones that don't. They attempt to go right out the gateway via port 53 to some other dns server.

@girish

This is a screenshot of blocked dns requests by my router.

I use adguard dns that is installed on a separate device as my main dns server for lan. It's ip address is handed out via dhcp to all my devices.

For some reason, cloudron is attempting to sending dns traffic out my gateway to other upstream dns servers instead of sending it to my adguard dns server.
It's getting blocked by my firewall because of dns filtering policy. It looks like most of the dns lookup are in relation to email block lists.
I read that unbound is dns for cloudron app so don't I just need to tell unbound to forward requests to my actual lan dns server?

I'm guessing I need to add my Adguard DNS server as a "internal dns server" thats a forwarder since that's the primary DNS my router passes out via dhcp?

Can anyone tell me why all these DNS requests to these DNS servers are getting sent from my Cloudron server? Its not sending them to my DNS server but attempting to send them outside the network on port 53 to IP's presumably associated with the spam blocker list orgs? Why isn't it sending the DNS requests to my DNS server and instead sending them outside my network? They are getting blocked by my router but wouldn't be if they were getting sent to my DNS server I believe.

@nebulon said in 100mb file upload size despite disabling limitations:

o

I got the error on the default settings for rocketchat. It defaults to gridFS. I then tried changing to webdav to nextcloud and still got the same error message.

@nebulon the only error i get is inside the rocket chat application that says "file size to large cannot exceed 100mb" No errors in logs. could this be a file upload max limit in nginx? I've tried both gridfs and webdav to my nextcloud and i get the same error message.