RE: XO Lite: building an embedded UI in XCP-ng

ok, cool. So yes, then it would be great to see what needs to be done. I can start off with adding a german translation

@olivierlambert I thought I need a license to use all features of XO? I didn't go through all the code. I have another project, that only provides non-commercial parts of the product in the official repo and the enterprise parts are in a private repo. So I wasn't sure if XO had all code hosted in that repo or just the free to use features? I wasn't ment to be offending, sorry.

why is this part of the commercial repo? what if the lite has some of the commercial features?

@olivierlambert how can one contribute to XO-Lite? I might get some time for at least some simple features.

Found the issue. I used the service from the repo like this:

But I had to replace @BINDIR@ to /usr/bin.

[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service

[Service]
Type=simple
Environment="PYTHONNOUSERSITE=1"
ExecStartPre=/bin/mkdir -p /run/fail2ban
ExecStart=/usr/bin/fail2ban-server -xf start
# if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
ExecStop=/usr/bin/fail2ban-client stop
ExecReload=/usr/bin/fail2ban-client reload
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255

[Install]
WantedBy=multi-user.target

@olivierlambert ok, if you don't know the issue, than the issue should be something quite regular to find. I thought it would be system specific. I'll try to find the issue and post the answer here for others.

I decided to order an OPNsense router. I guess that should do the work. Thanks for all the information!

@olivierlambert thank you so much for your advice! I got it now. VPN is an extra layer of security. So I'll go with openVPN or do you have any other advice for what I should use? I would still like to have fail2ban as a an additional security tool? Do you know why the service constantly gets killed. Is the centos configured to not let other services run?

@olivierlambert The system is not in production yet. I will have a firewall inbetween. I need to manage the server from remote, because it's located quite far away from my home. The only port that is exposed is 22. Everything else is blocked. Any suggestions on how to fix my issue? And what would you recommend? How should I remotely manage the server? I'm quite new to that topic and this is my first server project.

my plan was to just harden the ssh like this:

https://rmauro.dev/8-actions-for-hardening-your-linux-server-for-internet/#using-ssh-config-file-on-ssh-client

Hi @olivierlambert
I tried to install fail2ban on the current 8.3 alpha2 and I can't get the service to run. I'm pretty sure this is due to some hardening done to the original linux it runs on. I opened a super-user issue. Maybe you know what I'm doing wrong here?

https://superuser.com/questions/1782617/fail2ban-on-xcp-ng-xen-server-on-an-centos-keeps-dying

Thx!