Fail2Ban
DietPi
Fail2Ban | DietPi | |
---|---|---|
49 | 306 | |
10,423 | 4,535 | |
2.2% | - | |
8.8 | 9.8 | |
7 days ago | 7 days ago | |
Python | Shell | |
GNU General Public License v2.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Fail2Ban
-
Looking for a way to remote in to K's of raspberry pi's...
now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login
- Fail2Ban
- Fail2Ban – Daemon to ban hosts that cause multiple authentication errors
-
I am (to be) a web designer, how to ensure security on a vps?
See https://github.com/fail2ban/fail2ban for beginner's guide, basically you set it up to monitor logfiles and it would act accordingly (plenty of built-in config to handle various daemons so you don't have to write yourself).
-
Home Lab Setup Recommendations
- Nginx & crowdsec/fail2ban if you are exposing your parts (services) to the public ( https://hub.docker.com/r/baudneo/nginx-proxy-manager, https://www.crowdsec.net, https://www.fail2ban.org )
-
fail2ban not notifying Cloudflare
— In /etc/fail2ban/action.d/cloudflare.conf I copied the file from https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.confand added my ‘cftoken’ and ‘cfuser’ on the bottom
-
Firewall rules beyond "deny incoming, enable only the ports that you need"
https://github.com/fail2ban/fail2ban is a mature, easy to set up way to have some dynamic firewall rules that respond to attacks. There are more sophisticated options, but they are probably not worth the return on time investment for you.
-
Comments/Suggestions on security-auditing different services
You can create your own regexes for custom services: https://github.com/fail2ban/fail2ban/wiki/Developing-Regex-in-Fail2ban
-
Fail2Ban Limitation
Others seem to be (or were) experiencing this too: https://github.com/fail2ban/fail2ban/issues/3100
DietPi
- Home Lab Guide
- DietPi – Highly optimised minimal Debian OS
-
DietPi released a new version 9.1
DietPi is a lightweight Debian based Linux distribution for SBCs and server systems, with the option to install desktop environments, too. It ships as minimal image but allows to install complete and ready-to-use software stacks with a set of console based shell dialogs and scripts.
The source code is hosted on GitHub: https://github.com/MichaIng/DietPi
-
Considerations for a long-running Raspberry Pi
That's a good point, but the array of devices supported by the DietPi team is extensive: https://dietpi.com/
-
The Orange Pi 5
Before someone starts the usual yadda yadda about the RPi biger community, the OS not having long time support etc. I would repeat one more time: do not rely on board vendor supplied images; this is valid for pretty much all boards. Just go to Armbian or DietPi pages and you'll almost certainly find one or more images that work on your board and forums to discuss about them with very knowledgeable people.
https://www.armbian.com/download/
https://dietpi.com/#download
Those projects are well worth a contribution, as they don't have a giant like Broadcom behind them.
-
OpenWrt One/AP-24.XY: new open source router board by OpenWrt and Banana Pi
> bananapi do a lot of boards but their software story has been a bit poor
This is quite common with other board manufacturers too. I'd rather suggest to ignore completely their cobbled together distros, often also tainted by proprietary modifications, that become unmaintained in a few years, and see if they're among the many supported by Armbian or DietPi.
https://www.armbian.com/download/
https://dietpi.com/#download
- DietPi: Lightweight Debian OS, optimised for minimal CPU, RAM usage
-
DietPi released a new version 8.25
The full release notes can be found at: https://dietpi.com/docs/releases/v8_25/
-
Looking for a way to remote in to K's of raspberry pi's...
RPi OS = diet pi https://dietpi.com/ - initial config via text file - SDcard burning out partially mitigated as writes log files to ram then flushes to SDcard reducing write cycles
-
Laptop so slow that even XFCE is laggy. What distro could run better?
You could also try very minimalistic distros like TwisterUI or DietPi which are most known for their use in the RasprebbyPi / SBC computers but which also have editions for desktop / laptop.
What are some alternatives?
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
OpenMediaVault - openmediavault is the next generation network attached storage (NAS) solution based on Debian Linux. Thanks to the modular design of the framework it can be enhanced via plugins. openmediavault is primarily designed to be used in home environments or small home offices.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
NextCloudPi - 📦 Build code for NextcloudPi: Raspberry Pi, Odroid, Rock64, curl installer...
Snort - Snort++
Open and cheap DIY IP-KVM based on Raspberry Pi - Open and inexpensive DIY IP-KVM based on Raspberry Pi
Denyhosts - Automated host blocking from SSH brute force attacks
DockSTARTer - DockSTARTer helps you get started with running apps in Docker.
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
FreeNAS - TrueNAS CORE/Enterprise/SCALE Middleware Git Repository [Moved to: https://github.com/truenas/middleware]
pfSense - Main repository for pfSense
Ansible-NAS - Build a full-featured home server or NAS replacement with an Ubuntu box and this playbook.