Raspberry Pi

21033 Members
All things Raspberry Pi! | raspberrypi.com | reddit.com/r/raspberry_pi | rpilocator.com1385 Servers

Load older messages

1 Jun 2023
@blondysessy:matrix.orgblondysessyLol it's like im entering a whole new invisible world here 05:34:59
@blondysessy:matrix.orgblondysessySo from what I got in the past few days. It's very good practice to install, Apparmor, UFW or in my case GUFW and fail2ban for intrusion protection05:35:33
@blondysessy:matrix.orgblondysessykeep my system updated as frequently as I can05:35:42
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓Yes. Definitely. Updates fix bugs and security issues. You should keep a connected system as up-to-date as possible .06:46:55
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓
In reply to @john_mabuse:matrix.org
@blondysessy:matrix.org yes, you can set fail2ban to a certain amount of attempts and also to stop further attempts from that source

Fail2ban is nice. But... I have a Ubiquiti Security Gateway on my network, configured as a full IPS. I regularly get attempts blocked... and in the logs, what I find is that they often comme from several IP addresses in the same class C or even class B network. Fail2ban will block each individual IP after a few failed attempts, but if the attacker has a botnet available with 65535 machines in a class B network at their disposal, that's still a lot of attempts. 🙂

The Synology NAS in my network is already configured to block an IP after 2 consecutive failed attempts within the same amount of time. 🙂 Double security here... IPS plus NAS' fail2ban.

I typically end up manually blocking that class C or class B if I see several blocked attempts from several machines in that same network. I've even blocked some countries totally as I was seeing too many attempts from there (Russia, China, and a few more). They are not expected to be users of the services I host anyways. 🙂 So no big loss. But still it shows how painful it can be.

@blondysessy:matrix.orgblondysessyI heard a lot of good things from Ubiquity06:55:43
@blondysessy:matrix.orgblondysessyThey sell long server racks right?06:55:53
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓You can actually run the management interface on an RPi if you want (they sell something called the Cloud Key which is a device with the management interface embedded in it - and a backup battery to let the system shut down properly in case of power failure). The software is open source. I've decided to run it on a cloud key for simplicity... but I know people who run it on Linux or an RPi.06:57:02
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓They sell mostly network management infrastructure (WiFi access points, switches, routers, firewalls...) but also surveillance cameras...06:57:50
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓https://www.ui.com/06:57:56
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f02777606:58:47
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓(runs on an RPI)06:58:52
@blondysessy:matrix.orgblondysessyThis is way over my current knowledge of networking 06:59:23
@blondysessy:matrix.orgblondysessyBUT I WILL GET THERE ;)06:59:31
@blondysessy:matrix.orgblondysessyLater today I'm fully switching to linux I just completed my backups06:59:55
@blondysessy:matrix.orgblondysessyHopefully I'll get my PIs by the end of next week to set up my pi hole, god I hate ads so much07:00:19
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓
In reply to @blondysessy:matrix.org
Later today I'm fully switching to linux I just completed my backups
RPi raspbian is a full Linux distro. 🙂 So if you're running that, you've already "fully switched to linux". 🙂
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓Of course you can also run Ubuntu. But that's just ANOTHER linux that runs fine on RPi.07:01:26
@blondysessy:matrix.orgblondysessyOh, I'm talking about my main computer07:01:55
@blondysessy:matrix.orgblondysessyI'm using windows 10 at the moment, going to switch it to pop os. My other backup PC and laptop both run pop07:02:22
@blondysessy:matrix.orgblondysessyThanks again for all the information07:02:34
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓Cool. Why pop instead of Ubuntu? Are your using system76 hardware specifically?07:06:07
@gravax:matrix.org𝑮𝒊𝒍𝒍𝒆𝒔 𝑮𝒓𝒂𝒗𝒊𝒆𝒓What is cool is that they are preparing (available as tech preview) a pop for RPi 4. Which means same version of os on desktop and RPi. That said, pop is based on Ubuntu 22.04. You could just run Ubuntu 23.04 on both your PCs and your RPis if you wanted the same OS... but the latest version... 😊07:14:11
@blondysessy:matrix.orgblondysessyBack, I never tried ubuntu. I've only ever tried Endeavor and pop07:27:31
@blondysessy:matrix.orgblondysessyOh and no I'm not using system76 hardware07:27:49
@blondysessy:matrix.orgblondysessyand yeah I saw that a few weeks ago https://pop.system76.com/ they have a download for pop 22.04 Raspberry Pi 407:28:44
@blondysessy:matrix.orgblondysessyFrom what I understand POP devs are working on a new GUI for pop which is expected to release next year, once they finish that they will update pop to 23.0407:29:22
@blondysessy:matrix.orgblondysessyso they will be behind regular ubuntu for months07:29:33

There are no newer messages yet.

Back to Room ListRoom Version: 5