This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Security monitoring & Remote API logs

2 posts / 0 new

Topic locked

Last post

#1 Thu, 10/20/2011 - 13:34

jpmonette

Security monitoring & Remote API logs

Hi,

I'm wondering if there's a built-in method to monitor the logs to be notified if someone is trying to bruteforce through SSH or any other attacks (mainly monitoring the SSH logs).

Also, is it possible to log remote API access? This is another place where someone could try to bruteforce their way in a server

Thanks a lot

#2 Thu, 10/20/2011 - 13:49

andreychek

Howdy,

Login failures to services such as SSH are indeed logged -- but to do something about that, you would need an a program such as fail2ban -- which monitors logfiles, and bans the IP address of hosts with too many login failures.

Webmin does this automatically -- after N login attempts, the IP address is banned for a few minutes.

The specifics there can be configured in Webmin -> Webmin -> Webmin Configuration -> IP Access Control.

-Eric

Topic locked