Fail2ban?


Recommended Posts

Exactly. Give us the ability to flat out ban connections from certain countries or white-list only certain countries.

 

For a US server I would ban everything outside of North America (US and Canada).

 

For Europe I would ban anything in China, Russia, India or other Hotspot hacker regions for a start.

Link to comment
  • 1 month later...
  • 3 months later...

I maybe being dense here, but the UnRAID GUI should not be accessible from the internet anyway so what benefit would this have?

 

Services should be behind reverse proxies - and using SWAG / NPM (I personally use SWAG but assume its in NPM) fail2ban is implemented, as well as geoip database lookups to block country subnets etc.

  • Confused 1
  • Upvote 1
Link to comment
  • 2 months later...

I'm a huge fan of fail2ban.  Never assume that your perimeter is impenetrable.  Treat everything like it's the interwebz.  I've seen really serious compromises that happened through copiers, coffee makers, lights, cameras, refrigerators, door alarms, and cash registers.  

 

Assume for a moment that a family member invites someone over.  Should that guest's cell phone be able to surf your network and map all your drives?  Maybe download your tax returns or your medical records? 

  • Like 1
Link to comment
  • 7 months later...
  • 2 weeks later...

I mentioned in discord over the weekend that I keep seeing suggestions against exposing unRAID to the internet in any capacity, but the My Servers plugin comes with a built in option to do exactly that (expose the web UI to the internet to allow remote access), and exposing SSH to the internet can be done very safely and easily if you prohibit password login as root via ssh.

 

Either way, it would be insanely beneficial to have fail2ban natively on unRAID, either with some standard configurations for SSH and HTTP/HTTPS, or with some easy to enable examples and instructions.

 

SWAG is great, I use it, I contribute to the project, but native support would be greatly appreciated.

Link to comment
  • 2 weeks later...

+1

Would love to see f2b built into Unraid. As mentioned above, as soon as the My Servers plugin started becoming a thing, I feel like fail2ban should have also had a native roll out. There's a lot of users out there and a whole bunch of them aren't aware of the security risks involved in exposing any part of their server to the outside world. f2b would be one more layer to protect them.

Link to comment

I decided to do something about it. While I don't have a solution to run fail2ban directly on the native OS, I am now successfully running a docker container capable of applying iptables bans at the host level and I am protecting unRAID's web GUI and SSH (and other things running in other docker containers).

 

I plan to share this project as an lsio image in the near future. I have everything functional complete and I am working on documentation. I'll try to remember to reply here when I have a proper release available.

Link to comment
  • 3 weeks later...
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.