Rest-server and fail2ban

I am planning using rest-server to ensure “append-only” on a repo. I have it working with password and certificate, but now I would like to use fail2ban to block bruteforce attacks. Is there a way to achieve it?

1 Like

Thanks for posting this in the forum instead of an issue @enboig!

I guess you could. Fail2ban works by reading logfiles, so if you can just get it to read the log/output of rest-server, and configure the proper regular expressions in your fail2ban config, I’m guessing it should work fine? How you do that would depend on how you are running rest-server and how to access the output from it.

Your post reminded me to mention the systemd service unit file I’ve been working on, with a view to security hardening a rest-server instance. If you’re using rest-server on a system with systemd it may be of interest.

Fail to ban should be able to read the ip and/or user who failed validation, and my logs don’t have this information. Is there an extra option to output this information?

@ProactiveServices your sytemd is more complete than the one provided at rest-server git, I will add some of your options, thanks

Thanks - I would appreciate it if someone with systemd experience would take a look first, as I’m new here :slight_smile:

I ended using UFW to block unauthorized access, but I thing rest-server should be a little more verbose with unauthorized access, with timestamp, IP and user.

2 Likes

I am also interested in using fail2ban myself. Do you think the ip of a request that failed authentication should be logged as part of the --debug flag or rather should have a seperate flag (--log-authentication-failure maybe)?

I ended using ssh+rclone, maybe not optimal, but secure