en:security:reaction
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
en:security:reaction [2024/08/07 22:43] – [Why not Fail2ban ?] lonclegr | en:security:reaction [2024/08/13 21:58] (current) – lonclegr | ||
---|---|---|---|
Line 13: | Line 13: | ||
So I configured [[en: | So I configured [[en: | ||
- | I accepted the risk because of two thins: | + | I accepted the risk because of two facts: |
- Since IPs don't change very often and I have two different ISP, the probability that both of them change at the same time is very low. So if one IP changes and I lose access to my server I can go the second home and update the configuration accordingly. | - Since IPs don't change very often and I have two different ISP, the probability that both of them change at the same time is very low. So if one IP changes and I lose access to my server I can go the second home and update the configuration accordingly. | ||
- Worst case scenario, I can use the emergency console access from my server provider and update the configuration of [[en: | - Worst case scenario, I can use the emergency console access from my server provider and update the configuration of [[en: | ||
Line 23: | Line 23: | ||
I decided that I was going to use my last option: emergency console access to my server from the provider. But bad surprise again, my provider did not provide such a service. | I decided that I was going to use my last option: emergency console access to my server from the provider. But bad surprise again, my provider did not provide such a service. | ||
- | As a result, I lost access to my server for days. In the meantime, I was looking for a more robust design. That's how [[https:// | + | As a result, I lost access to my server for days. In the meantime, I was looking for a more robust design. That's how [[https:// |
===== New architecture ===== | ===== New architecture ===== | ||
- | In this new architecture, | + | In this new architecture, |
{{ : | {{ : | ||
Line 38: | Line 38: | ||
And since a good drawing is always better than long speech, let me share with you this one made by [[https:// | And since a good drawing is always better than long speech, let me share with you this one made by [[https:// | ||
+ | |||
+ | {{ : | ||
Line 116: | Line 118: | ||
</ | </ | ||
- | and the config file for SSH | + | and the config file for SSH based on [[https:// |
< | < | ||
Line 129: | Line 131: | ||
regex: | regex: | ||
- ' | - ' | ||
+ | - ' | ||
+ | - ' | ||
+ | |||
retry: 3 | retry: 3 | ||
retryperiod: | retryperiod: | ||
Line 159: | Line 164: | ||
This code is based on the one you can find on the official blog of [[https:// | This code is based on the one you can find on the official blog of [[https:// | ||
+ | |||
+ | |||
+ | ===== Conclusion ===== | ||
+ | |||
+ | This tool is a very good initiative that everybody should support! At least everybody that needs such tool should give a try. The creator is very talented and tries to push the tool into a direction that can make everything more safe. |
en/security/reaction.1723085012.txt.gz · Last modified: 2024/08/07 22:43 by lonclegr