search

syncloud / platform

Run popular services on your device with one click
https://syncloud.org
GNU General Public License v3.0
396 stars 40 forks source link

Fail2ban for ssh #548

Closed DarkCoocky closed 1 year ago

DarkCoocky commented 3 years ago

I was thinking about the issue for the root user #538 . Maybe we could keep this user but instead add a fail2ban to avoid bruteforce through ssh in a first time and then maybe expand it to protect all the apps running on the server ?

cyberb commented 3 years ago

I think this is a good tool to have. Probably as an independent app first.

DarkCoocky commented 3 years ago

Sounds great. So with this app (if I understood what you meant previously) users can control what apps are protected with this and maybe have a graphic interface to whitelist ip address and bring out from the jail IPs that shouldn't be here. To make short basically have all the functions of Fail2ban but on a graphic interface 😅

cyberb commented 1 year ago

Interesting variant: https://github.com/crowdsecurity/crowdsec

I do like tools written in go as they give you a single binary with no crazy runtime dependencies (unlike py/js/ru/java/c#...), fast and quick to compile if you want to patch it

Frontrider commented 1 year ago

I do like tools written in go as they give you a single binary with no crazy runtime dependencies (unlike py/js/ru/java/c#...), fast and quick to compile if you want to patch it

Offtopic: Remove java/jvm from that list, as that statement is not exactly true. Not trivial, but also not difficult. Unlike c# which is just getting that feature.

Ontopic: I checked crowdsec once, yes that might be a good one.

cyberb commented 1 year ago

Well java Native Image sounds good on paper, but I have not seen a single popular service on github (plenty on php :))

Frontrider commented 1 year ago

Well java Native Image sounds good on paper, but I have not seen a single popular service on github (plenty on php :))

Meh. It is quite big in closed source at least. (edit: Disney and Alibaba are objectively small players)

cyberb commented 1 year ago

Crowdsec is ready in the store. It contains basic level detection configured (nginx, dovecot/postfix, ssh) plus webui to see the alerts/decisions. No bouncers yet so decisions are not executed yet, we will gather some stats before adding bouncers like firewall rules later. Feel free to open specific issues on it.