0

I have a Tomcat 7.0.68 node in Jelastic environment (public IPv4 is enabled). As well this env contains a CentOS VPS node (public IPv4 is enabled as well).

I want to protect both these nodes from brute force attackers, because e.g. Tomcat's log contains a lot of warnings like:

WARNING: An attempt was made to authenticate the locked user "admin1"

For CentOS it can be done with fail2ban (what I did already). But I can not do the same for Tomcat node - jelastic doesn't provide a password for root user and there is no ways to reset/change this password.

Before I configured very secure passwords for Tomcat's users and configured

<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
         resources under the key "UserDatabase".  Any edits
         that are performed against this UserDatabase are immediately
         available for use by the Realm.  -->
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
           resourceName="UserDatabase"/>
  </Realm>

But it protects applications within the Tomcat only.

So my questions are:

  1. Is it enough to configure LockOutRealm to protect Tomcat from bruteforce?
  2. Anyway LockOutRealm doesn't protect SSH port. How can I protect SSH on Tomcat's node?
  3. Does Jelastic provide any anti-bruteforce protection "out of the box"?
Roman Proshin
  • 830
  • 2
  • 9
  • 18

2 Answers2

1

Anyway LockOutRealm doesn't protect SSH port. How can I protect SSH on Tomcat's node?

Depending on your hosting provider, SSH should usually be firewalled by default. If not, you can firewall it yourself as described at https://docs.jelastic.com/setting-custom-firewall

(Basically, set custom firewall rules in /etc/sysconfig/iptables-custom, and then run sudo /usr/bin/jem firewall fwstart).

Damien - Layershift
  • 1,508
  • 8
  • 15
  • Tomcat node is available by SSH, but it's not protected via fail2ban (not sure about iptables). At the same time Jelastic doesn't provide a root password as it does for VPS for example. And there is no feature to reset this password (as I described this in the topic). I though there is some workaround to get a root access, but according to an answer from Jelastic (above) - just need to ask support. – Roman Proshin Mar 29 '16 at 17:59
1

The best option will be the installation of fail2ban on your Tomcat nodes and also to configure the firewall rules according to our official documentation. But to perform this, you should have the root rights. Contact the support of your hosting provider, so they can provide you with the SSH root access to your container.

Virtuozzo
  • 1,993
  • 1
  • 10
  • 13