Hi, I have done a search for fail2ban etc on the forum and nothing came up.
My question:
Since the installation recogmends a docker installation on Linux does it come setup with failtoban etc to try to help combat hacking?
Well I should have put fail2ban +iptables etc etc.
What is inplace to combat hacking attempts?
Thank you…
WebODM does not provide SSH access, so it’s responsibility of the docker host (and operator) to setup a defensive scheme that is appropriate. In short, WebODM does not (neither it should) install anything like fail2ban.
Fail2ban is so much more than ssh, it can ban from to many login attempts in a certain space of time, that’s good against someone trying to brute force attempts on passwords.
Goto know though.
Take a look at artillery honeypot as well. I have run them concurrently.
But I agree with Piero on the separation of concerns: WebODM isn’t meant to also do all your sys admin work or importantly your choices with respect to secure deployment of web applications.
I also agree but would have thought of it to be included as part of the Web ready solution.
It’s no biggy though, you could always use cloudflare I suppose…
I Personally am going to use fail2ban and a firewall locally on a vm, I already use a internal and external reverse proxy with my proxmox setup, you can never be to security minded.
Would you feel up to writing up some docs, or at least a sketch/framework of how you would approach securing your deployment (as you mentioned with fail2ban and other programs)?
We do get this question (or variations of it) from time to time, and as Piero/Stephen said, though WebODM isn’t really a good fit for containing all those features, a sensible web-facing deployment would certainly benefit from being secured properly.
I don’t see why not, it will probably be in a couple of weeks when I get chance.
Installing fail2ban and accessing a docker container log is quite easy.
Installing traefik as a reverse proxy.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.