Level 3
Just read forge installs fail2ban so that's good.
Feb 7, 2017
5
Level 3
Hardening Forge Server
Quick question. Just fired up a Digital Ocean server via Forge.
Within a couple of hours the ip was getting the usual brute force attacks via ssh working through the alphabet of usernames lol - this shouldn't be too much of a concern.
There seems to be some debate about whether forge needs additional security hardening or is good to go out of the box.
Does anyone have any feelings about forge security out of the box?
Level 3
Can anyone share the default forge fail2ban config file?
Level 53
@dhonions I am not sure where that config file is located. @fideloper might chime in about that. However, I can tell you that I have had 8 Forge/DO servers running without an issue for over 24 months. They get probed and attacked regularly and I never have an issue.
The config file may be here /etc/fail2ban with jail.local or jail.conf
Level 3
Thats good to know @ejdelmonico thnks. I reinstalled fail2ban before I found out it was part of the forge build so I just wanted to check there isn't some forge specific config, since I seem to have a basic fail2ban config fail now. doh!
Level 53
Well if you don't feel comfortable with it, go ahead and build a new Forge server and after it is working fine, change DNS and destroy the old one.
Please or to participate in this conversation.