The site handles approximately half a million hits per day. I've
been offering Linux shell access since 1992, and prior to that SunOS and
SCO Xenix, so I'm familiar with the security issues. The servers are
all individually firewalled and fail2ban watches for password brute
force hacking. I'm trying to extend those protections through
guacamole, that's the current challenge. That's why I want to force a
login at the apache level, a failure of login at guacamole level is only
marginally helpful. I mean yes, one can stop people from hitting it,
but they can get to the servers via ssh, rdp, vnc, and x2go, so the
attack really needs to be stopped at the server level not at a gateway
because there are many paths of attack.
On 8/2/23 00:40, Ivanmarcus wrote:
Robert,
Just in case it helps; the connecting IP and login attempts are
typically recorded in the Tomcat log. An example here is from a test
Ubuntu 22.04 with Tomcat 9, the logfile is located at
/var/log/tomcat9/catalina.out and you'll see I've tried twice, once
with incorrect p/w, then the right one:
[2023-08-02 07:27:20] [info] 07:27:20.815 [http-nio-8080-exec-7] WARN
o.a.g.r.auth.AuthenticationService - Authentication attempt from
192.168.1.111 for user "admin" failed.
[2023-08-02 07:28:09] [info] 07:28:09.889 [http-nio-8080-exec-9] INFO
o.a.g.r.auth.AuthenticationService - User "admin" successfully
authenticated from 192.168.1.111.
Also, I'm not sure if the domain you mentioned is live but it might
pay to obfuscate this on the mailing list. Amongst other things it'll
end up in the archives and be there for all to see...
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
