Is it possible to integrate OSSEC into cyberpanel?
It’s an open source Intrusion Detection and Prevention system that has things like File Integrity Monitoring and all sorts of useful stuff to help protect your servers from outside attackers.
It could help become an extra layer of defense on top of the already used modsecurity rulesets.
And it’s free and open source and can be installed on any server…
Currently I want to set this up on all of my cyberpanel servers just so I can have a monitoring solution that can tell me when a site has gotten infected. Including keeping forensic logs in history. This could be a tremendous boost towards the security of all cyberpanel instances if it were easily integrated into the UI.
Please take this into consideration. Currently I have to set this up using the ossec automated install script (local setup). But it would be nice if this could be added to the cyberpanel install script perhaps? Or even better, in the cyberpanel UI…
Please let me know what you think of this idea, and whether it would be nice for monitoring infections on all websites hosted with cyberpanel.
A complete alerting and monitoring system will be using cpu resources to run its tasks on a consistent level.
So, providing official support will add more support tickets opened here for issues relating to ossec. (you can already see many threads opened for immunify, mailscanner, spamassasin, modsec rules blockages, etc.)
People are free to install it on their own so that they are aware that any issues related to ossec would be naturally directed to the support option of ossec rather here at cyberpanel.
Regarding fail2ban, I personally dont use it. I disabled password login for my servers and ssh keys are very strong enough to protect unwanted logins.
Also you can limit access to port 22 (ssh) to your own ip address so that others cannot even access your ssh port.
To be honest, I don’t even know what fail2ban is yet - I just see it mentioned everywhere. I have also turned off password login and root login. I’m hesitant to limit IPs - I’m not confident that mine will remain sufficiently static.
Perhaps to that point, we should just have an article about how/why to do this as well… I hope to find time soon to go through all the feature requests and consolidate them into something actionable, as well as try to finish creating some sort of community contribution workflow using the tools we have available to us