[recommendation] fail2ban: how to set-up to protect rmfakecloud

[giovi321]

rmfakecloud is amazing, however it has few security features. I have wrote a quick how-to to set-up fail2ban to protect rmfakecloud from brute force attacks.

Fail2Ban is a security tool for Unix-based systems that helps protect servers from malicious activity, particularly brute-force attacks. It monitors log files for specified patterns, such as repeated login failures, and dynamically updates firewall rules to block IP addresses exhibiting suspicious behavior. This proactive approach enhances server security by automatically banning or throttling access for potential attackers, reducing the risk of unauthorized access and mitigating the impact of various types of cyber threats.

Please note that this guide is for Debian flavored distributions but a similar approach applies to all Unix systems.

I believe it could be useful to add this guide in the repository.

1. Install fail2ban apt install fail2ban

2. Create a custom filter Create the file /etc/fail2ban/filter.d/rmfakecloud.conf and add the following content:

   [Definition]
   failregex = ^<HOST> -.*POST.*login.* 401
   ignoreregex =

3. Create a custom jail configuration Create the file /etc/fail2ban/jail.d/apache-auth.local and add the following content:

   [rmfakecloud]
   enabled = true
   filter = rmfakecloud
   port = http,https
   # Edit the following line to match the access log file of your vhost from apache 
   logpath = /var/log/apache2/access.log
   maxretry = 3
   findtime = 600
   bantime = 3600

4. Restart and test

   service fail2ban restart
   fail2ban-client status rmfakecloud

   Now you can try to login 3 times with wrong credentials, the fourth time you won't be able to load the page

[Eeems]

You should open a PR to add this to the docs

[giovi321]

Ops... I just noticed that someone preceded me in the docs. Well, let this rest here for future reference as this is an alternative approach that works also on reverse proxy servers.