Differences

This shows you the differences between two versions of the page.

--- en:security:reaction [2024/08/07 22:43] – [Why not Fail2ban ?] lonclegr
+++ en:security:reaction [2024/08/13 21:58] (current) – lonclegr
@@ Line 13: / Line 13: @@
 So I configured [[en:security:iptables|iptables]] on my server the most restrictive way I know from network perspective: only the two public IPs of my two ḧomes can access to SSH service. And it works fine. But by design, there is an issue about this choice I made. Indeed, my ISPs ((Internet Service Provider)) provide me dynamic IPs. It may change without notice but for the last 3 years it did not.
-I accepted the risk because of two thins:
+I accepted the risk because of two facts:
   - Since IPs don't change very often and I have two different ISP, the probability that both of them change at the same time is very low. So if one IP changes and I lose access to my server I can go the second home and update the configuration accordingly.
   - Worst case scenario, I can use the emergency console access from my server provider and update the configuration of [[en:security:iptables|iptables]].
@@ Line 23: / Line 23: @@
 I decided that I was going to use my last option: emergency console access to my server from the provider. But bad surprise again, my provider did not provide such a service.
-As a result, I lost access to my server for days. In the meantime, I was looking for a more robust design. That's how [[https://en.wikipedia.org/wiki/Fail2ban|fail2ban]] came back to my mind and even better I remembered that one person from the [[https://www.chatons.org/en|CHATONS]] was working on the perfect tool for me: [[https://blog.ppom.me/en-reaction/|reaction]].
+As a result, I lost access to my server for days. In the meantime, I was looking for a more robust design. That's how [[https://en.wikipedia.org/wiki/Fail2ban|fail2ban]] came back to my mind and even better I remembered that one person from the [[https://www.chatons.org/en|CHATONS]] [[https://picasoft.net|Picasoft]] was working on the perfect tool for me: [[https://blog.ppom.me/en-reaction/|reaction]].
 ===== New architecture =====
-In this new architecture, I introduced a new server "Bastion SSH Server" which will have only SSH server and [[https://blog.ppom.me/en-reaction/|reaction]].
+In this new architecture, I introduced a new server "Bastion SSH Server" which has only SSH server and [[https://blog.ppom.me/en-reaction/|reaction]].
 {{ :en:security:architecture-one-server-access-with-bastion.png?direct&600 |Architecture with Bastion SSH server}}
@@ Line 38: / Line 38: @@
 And since a good drawing is always better than long speech, let me share with you this one made by [[https://ptilouk.net/|Gee]].
+{{ :en:security:bd-reaction-english.png?direct&600 |Reaction the new Fail2ban}}
@@ Line 116: / Line 118: @@
 </code>
-and the config file for SSH
+and the config file for SSH based on [[https://reaction.ppom.me/filters/ssh.html|official documentation]]
 <code>
@@ Line 129: / Line 131: @@
         regex:
           - 'authentication failure;.*rhost=<ip>'
+          - 'Connection (reset|closed) by (authenticating|invalid) user .* <ip>'
+          - 'Failed password for .* from <ip>'
         retry: 3
         retryperiod: '3h'
@@ Line 159: / Line 164: @@
 This code is based on the one you can find on the official blog of [[https://blog.ppom.me/en-reaction/|reaction]].
+===== Conclusion =====
+This tool is a very good initiative that everybody should support! At least everybody that needs such tool should give a try. The creator is very talented and tries to push the tool into a direction that can make everything more safe.