[Icecast] Securing the Icecast admin page
Philipp Schafft
phschafft at de.loewenfelsen.net
Tue Jan 18 13:08:31 UTC 2022
Good afternoon,
On Tue, 2022-01-18 at 12:52 +1000, Damian wrote:
> Hi to all Icecast community members,
>
> I’d like to know if anyone has successfully configured fail2ban or
> something similar in order to provide additional security to the
> login section of the Icecast2 admin area, and whether it is
> worthwhile to actually do so?
Generally a strong password is all you need. (I recommend to have a
look at: https://xkcd.com/936/ )
Adding fail2ban surely should not be a problem. However it does seem to
be unnecessary. (General usecase. there may be cases this can be
helpful.)
> If fail2ban is not the way to go, are there any recommended tools or
> actions that I should take. I would like to prevent repeated failed
> login attempts at the admin login page. I have noticed that the
> Icecast2 access.log does not seem to log failed attempts anyway, so I
> am not sure how useful fail2ban would be in this regard.
I'm a bit confused. Icecast does log failed attempts in access log.
They are marked with a status code > 399 (as per HTTP specification),
most notably 401.
I also just confirmed with with both 2.4:
127.0.0.1 - - [18/Jan/2022:13:01:50 +0000] "GET /admin/ HTTP/1.1" 401 360 "-" "Mozilla/5.0 [...]" 0
and 2.5:
127.0.0.1 - - [18/Jan/2022:13:01:26 +0000] "GET /admin/ HTTP/1.1" 401 1987 "-" "Mozilla/5.0 [...]" 1
I would be happy if you could check your logs again. Maybe the problem
is somewhere else?
With best regards,
--
Philipp Schafft (CEO/Geschäftsführer)
Telephon: +49.3535 490 17 92
Löwenfelsen UG (haftungsbeschränkt) Registration number:
Bickinger Straße 21 HRB 12308 CB
04916 Herzberg (Elster) VATIN/USt-ID:
Germany DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220118/a77bea46/attachment.sig>
More information about the Icecast
mailing list