Blog GL2i

User Tools

Site Tools

Trace:
en:security:reaction

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:security:reaction [2024/08/08 21:28] – [Odds always win] lonclegren:security:reaction [2025/08/03 13:23] (current) lonclegr
Line 27: Line 27:
 ===== New architecture ===== ===== New architecture =====
  
-In this new architecture, I introduced a new server "Bastion SSH Server" which will have only SSH server and [[https://blog.ppom.me/en-reaction/|reaction]].+In this new architecture, I introduced a new server "Bastion SSH Server" which has only SSH server and [[https://blog.ppom.me/en-reaction/|reaction]].
  
 {{ :en:security:architecture-one-server-access-with-bastion.png?direct&600 |Architecture with Bastion SSH server}} {{ :en:security:architecture-one-server-access-with-bastion.png?direct&600 |Architecture with Bastion SSH server}}
Line 56: Line 56:
  
 Here is my playbook I use to setup it on my server. It is not perfect but if it can help you to test easily 8-) Here is my playbook I use to setup it on my server. It is not perfect but if it can help you to test easily 8-)
 +
 +:!: I upgraded to reaction v2 on August 2025. Please [[reaction-v2|check it]].
  
 <code yaml> <code yaml>
Line 118: Line 120:
 </code> </code>
  
-and the config file for SSH+and the config file for SSH based on [[https://reaction.ppom.me/filters/ssh.html|official documentation]]
  
 <code> <code>
Line 131: Line 133:
         regex:         regex:
           - 'authentication failure;.*rhost=<ip>'           - 'authentication failure;.*rhost=<ip>'
 +          - 'Connection (reset|closed) by (authenticating|invalid) user .* <ip>'
 +          - 'Failed password for .* from <ip>'
 +
         retry: 3         retry: 3
         retryperiod: '3h'         retryperiod: '3h'
en/security/reaction.1723166903.txt.gz · Last modified: by lonclegr