Icecast - Jan 2022 - Securing the Icecast admin page

Hi to all Icecast community members,

I?d like to know if anyone has successfully configured fail2ban or something
similar in order to provide additional security to the login section of the
Icecast2 admin area, and whether it is worthwhile to actually do so?

If fail2ban is not the way to go, are there any recommended tools or actions
that I should take. I would like to prevent repeated failed login attempts at
the admin login page. I have noticed that the Icecast2 access.log does not seem
to log failed attempts anyway, so I am not sure how useful fail2ban would be in
this regard.

Damian

Hi Damian,

I would think f2b would be a good candidate to take care of something 
like that.


Cheers,
Jordan Erickson

On 1/17/22 18:52, Damian wrote:
> Hi to all Icecast community members,
>
> I?d like to know if anyone has successfully configured fail2ban or
something similar in order to provide additional security to the login section
of the Icecast2 admin area, and whether it is worthwhile to actually do so?
>
> If fail2ban is not the way to go, are there any recommended tools or
actions that I should take. I would like to prevent repeated failed login
attempts at the admin login page. I have noticed that the Icecast2 access.log
does not seem to log failed attempts anyway, so I am not sure how useful
fail2ban would be in this regard.
>
> Damian
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
-- 
Jordan Erickson
Project Manager, Cool Mic
https://coolmic.net/

Good afternoon,

On Tue, 2022-01-18 at 12:52 +1000, Damian wrote:
> Hi to all Icecast community members,
> 
> I?d like to know if anyone has successfully configured fail2ban or
> something similar in order to provide additional security to the
> login section of the Icecast2 admin area, and whether it is
> worthwhile to actually do so?
Generally a strong password is all you need. (I recommend to have a
look at: https://xkcd.com/936/ )

Adding fail2ban surely should not be a problem. However it does seem to
be unnecessary. (General usecase. there may be cases this can be
helpful.)

> If fail2ban is not the way to go, are there any recommended tools or
> actions that I should take. I would like to prevent repeated failed
> login attempts at the admin login page. I have noticed that the
> Icecast2 access.log does not seem to log failed attempts anyway, so I
> am not sure how useful fail2ban would be in this regard.
I'm a bit confused. Icecast does log failed attempts in access log.
They are marked with a status code > 399 (as per HTTP specification),
most notably 401.

I also just confirmed with with both 2.4:
127.0.0.1 - - [18/Jan/2022:13:01:50 +0000] "GET /admin/ HTTP/1.1" 401
360 "-" "Mozilla/5.0 [...]" 0


and 2.5:
127.0.0.1 - - [18/Jan/2022:13:01:26 +0000] "GET /admin/ HTTP/1.1" 401
1987 "-" "Mozilla/5.0 [...]" 1


I would be happy if you could check your logs again. Maybe the problem
is somewhere else?


With best regards,

-- 
Philipp Schafft (CEO/Gesch?ftsf?hrer) 
Telephon: +49.3535 490 17 92

L?wenfelsen UG (haftungsbeschr?nkt)     Registration number:
Bickinger Stra?e 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20220118/a77bea46/attachment.sig>