Fail2Ban VS MeshCentral

something like https://github.com/renanqts/xdpdropper or cilium's host firewall or https://github.com/boylegu/TyrShield exist or https://github.com/ebpf-security/xdp-firewall today and implement ebpf filter based firewalling.

Of these there is a sample integration for XDPDropper to fail2ban that never got merged https://github.com/fail2ban/fail2ban/pull/3555/files -- I don't think anyone else has really worked on that junction of functionality yet.

There's also wazuh which seems to package ebpf tooling up with a ton of detection and management components, but its not a simple to deploy as fail2ban.

Fail2Ban: Stop brute-force attacks

Wasn't that the argument against https, namely, that it was too costly to run [1]? I also run fail2ban [2] in my servers and I rarely even notice it's there.

I'm not saying you should sit down with the iptables manual and start going through the logs, but I can see the idea taking off if all it takes is (say) one apt-get and two config lines.

[1] https://stackoverflow.com/questions/1035283/will-it-ever-be-...

[2] https://github.com/fail2ban/fail2ban

Not a whole lot of a source to share, sorry.

Whenever registering/subscribing to some provider, I always use a new,unique email address. If/when that provider gets their user database leaked, after some time, spam starts rushing in. At that point, I change my email address in provider's records, and old one is moved to "spamtrap" alias on my server. Over the years, quite a few has accumulated - linkedin, yahoo, you name it...

Fail2ban [0] parses mail server logs, and I have a rule there, where source IP address of anything incoming to spamtrap, is looked up in whois and logged. Then, manual awk/grep/sort contraption is run periodically.

DO's AS14061 used to be consistently in top-3 spam sources, occasionally taking #1 spot.

[0] http://www.fail2ban.org/

IP Ban: Fail2ban

First you need to install Fail2ban. Before installation please see official installation guide on GitHub. Maybe something has been changed after this article published.

Throughout this I'll be referring to these pages: https://nixos.wiki/wiki/Fail2ban https://github.com/dani-garcia/vaultwarden/wiki/Fail2Ban-Setup https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf

Impatient of what exactly? fail2ban is battle tested for well over a decade. It is also an active project with regular updates: https://github.com/fail2ban/fail2ban/commits/master/

now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login

Mesh Central has been really great for me. Moved to it from rust desk.

https://meshcentral.com/

Use it to manage my entire family's computers and phones.

MeshCentral

Anyway you can use meshcentral for this purpose.

Edit2: a bug has been created on Github https://github.com/Ylianst/MeshCentral/issues/5302

We have copied an migrated an IDENTICAL Mesh Central installation to another Linux server. The LDAP environment has the same groups, users and permissions. Yet when we login with the same user as before it ignores the existing user and creates a new one.I've created an issue on Github because it seems this is a bug but was wondering if anyone else on this group may have run into this and has an idea of what the problem might be...

Meshcentral if you are comfortable hosting the control plane.

OR https://github.com/Ylianst/MeshCentral/issues