ok, cool. So yes, then it would be great to see what needs to be done. I can start off with adding a german translation
Posts
-
RE: XO Lite: building an embedded UI in XCP-ng
-
RE: XO Lite: building an embedded UI in XCP-ng
@olivierlambert I thought I need a license to use all features of XO? I didn't go through all the code. I have another project, that only provides non-commercial parts of the product in the official repo and the enterprise parts are in a private repo. So I wasn't sure if XO had all code hosted in that repo or just the free to use features? I wasn't ment to be offending, sorry.
-
RE: XO Lite: building an embedded UI in XCP-ng
why is this part of the commercial repo? what if the lite has some of the commercial features?
-
RE: XO Lite: building an embedded UI in XCP-ng
@olivierlambert how can one contribute to XO-Lite? I might get some time for at least some simple features.
-
RE: Fail2Ban for failed Xo-Web-Logins
Found the issue. I used the service from the repo like this:
But I had to replace
@BINDIR@
to/usr/bin
.[Unit] Description=Fail2Ban Service Documentation=man:fail2ban(1) After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service [Service] Type=simple Environment="PYTHONNOUSERSITE=1" ExecStartPre=/bin/mkdir -p /run/fail2ban ExecStart=/usr/bin/fail2ban-server -xf start # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local # ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start ExecStop=/usr/bin/fail2ban-client stop ExecReload=/usr/bin/fail2ban-client reload PIDFile=/run/fail2ban/fail2ban.pid Restart=on-failure RestartPreventExitStatus=0 255 [Install] WantedBy=multi-user.target
-
RE: Fail2Ban for failed Xo-Web-Logins
@olivierlambert ok, if you don't know the issue, than the issue should be something quite regular to find. I thought it would be system specific. I'll try to find the issue and post the answer here for others.
I decided to order an OPNsense router. I guess that should do the work. Thanks for all the information!
-
RE: Fail2Ban for failed Xo-Web-Logins
@olivierlambert thank you so much for your advice! I got it now. VPN is an extra layer of security. So I'll go with openVPN or do you have any other advice for what I should use? I would still like to have fail2ban as a an additional security tool? Do you know why the service constantly gets killed. Is the centos configured to not let other services run?
-
RE: Fail2Ban for failed Xo-Web-Logins
@olivierlambert The system is not in production yet. I will have a firewall inbetween. I need to manage the server from remote, because it's located quite far away from my home. The only port that is exposed is 22. Everything else is blocked. Any suggestions on how to fix my issue? And what would you recommend? How should I remotely manage the server? I'm quite new to that topic and this is my first server project.
my plan was to just harden the ssh like this:
-
RE: Fail2Ban for failed Xo-Web-Logins
Hi @olivierlambert
I tried to install fail2ban on the current 8.3 alpha2 and I can't get the service to run. I'm pretty sure this is due to some hardening done to the original linux it runs on. I opened a super-user issue. Maybe you know what I'm doing wrong here?https://superuser.com/questions/1782617/fail2ban-on-xcp-ng-xen-server-on-an-centos-keeps-dying
Thx!