Blog GL2i

User Tools

Site Tools

Trace:
en:security:reaction

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:security:reaction [2024/08/08 21:26] – [Architecture] lonclegren:security:reaction [2024/08/13 21:58] (current) lonclegr
Line 23: Line 23:
 I decided that I was going to use my last option: emergency console access to my server from the provider. But bad surprise again, my provider did not provide such a service. I decided that I was going to use my last option: emergency console access to my server from the provider. But bad surprise again, my provider did not provide such a service.
  
-As a result, I lost access to my server for days. In the meantime, I was looking for a more robust design. That's how [[https://en.wikipedia.org/wiki/Fail2ban|fail2ban]] came back to my mind and even better I remembered that one person from the [[https://www.chatons.org/en|CHATONS]] was working on the perfect tool for me: [[https://blog.ppom.me/en-reaction/|reaction]].+As a result, I lost access to my server for days. In the meantime, I was looking for a more robust design. That's how [[https://en.wikipedia.org/wiki/Fail2ban|fail2ban]] came back to my mind and even better I remembered that one person from the [[https://www.chatons.org/en|CHATONS]] [[https://picasoft.net|Picasoft]] was working on the perfect tool for me: [[https://blog.ppom.me/en-reaction/|reaction]].
  
 ===== New architecture ===== ===== New architecture =====
  
-In this new architecture, I introduced a new server "Bastion SSH Server" which will have only SSH server and [[https://blog.ppom.me/en-reaction/|reaction]].+In this new architecture, I introduced a new server "Bastion SSH Server" which has only SSH server and [[https://blog.ppom.me/en-reaction/|reaction]].
  
 {{ :en:security:architecture-one-server-access-with-bastion.png?direct&600 |Architecture with Bastion SSH server}} {{ :en:security:architecture-one-server-access-with-bastion.png?direct&600 |Architecture with Bastion SSH server}}
Line 118: Line 118:
 </code> </code>
  
-and the config file for SSH+and the config file for SSH based on [[https://reaction.ppom.me/filters/ssh.html|official documentation]]
  
 <code> <code>
Line 131: Line 131:
         regex:         regex:
           - 'authentication failure;.*rhost=<ip>'           - 'authentication failure;.*rhost=<ip>'
 +          - 'Connection (reset|closed) by (authenticating|invalid) user .* <ip>'
 +          - 'Failed password for .* from <ip>'
 +
         retry: 3         retry: 3
         retryperiod: '3h'         retryperiod: '3h'
en/security/reaction.1723166814.txt.gz · Last modified: 2024/08/08 21:26 by lonclegr