I am planning using rest-server to ensure “append-only” on a repo. I have it working with password and certificate, but now I would like to use fail2ban to block bruteforce attacks. Is there a way to achieve it?
Thanks for posting this in the forum instead of an issue @enboig!
I guess you could. Fail2ban works by reading logfiles, so if you can just get it to read the log/output of rest-server, and configure the proper regular expressions in your fail2ban config, I’m guessing it should work fine? How you do that would depend on how you are running rest-server and how to access the output from it.
Your post reminded me to mention the systemd service unit file I’ve been working on, with a view to security hardening a rest-server instance. If you’re using rest-server on a system with systemd it may be of interest.
Fail to ban should be able to read the ip and/or user who failed validation, and my logs don’t have this information. Is there an extra option to output this information?
@ProactiveServices your sytemd is more complete than the one provided at rest-server git, I will add some of your options, thanks
Thanks - I would appreciate it if someone with systemd experience would take a look first, as I’m new here
I ended using UFW to block unauthorized access, but I thing rest-server should be a little more verbose with unauthorized access, with timestamp, IP and user.
I am also interested in using fail2ban myself. Do you think the ip of a request that failed authentication should be logged as part of the --debug
flag or rather should have a seperate flag (--log-authentication-failure
maybe)?
I ended using ssh+rclone, maybe not optimal, but secure