Securing the login page

rexdjw · April 2, 2019, 8:03pm

Hi,

I am running cockpit via the author maintained docker. I’m wondering if there’s a good way to secure the login page against brute force? I use nginx and fail2ban with my site, but I’m not sure how to get fail2ban to monitor the docker’s logs? Or if there is a simpler way to add a timeout function to the login page?

Thanks,
Rex

pauloamgomes · April 6, 2019, 9:46am

@rexdjw, that is possible now (after https://github.com/agentejo/cockpit/issues/1075) using the Logger addon (https://github.com/pauloamgomes/cockpit-logger-addon), that would provide logging (file or rsyslog) about the failed logins so you can have specific rules with fail2ban, e.g.:

Topic		Replies	Views
Can't login anymore Support	0	464	March 26, 2023
Auth/login - 404 error Support	8	2278	December 20, 2018
Login stopped working	6	1368	September 25, 2019
Failed http request & login error Support	1	419	January 25, 2023
Can't Connect to my cockpit from my domain Support	0	675	June 13, 2022

Securing the login page

Related Topics