In light of CVE-2024-6387 here’s a quick-and-dirty way to use SSHGuard to protect the SSH server of a Gitlab instance running in Docker. These instructions were made with Ubuntu as the host but should work on other systems. Note that this will only monitor the SSH logs of Gitlab itself, not the host OS. Further, since the timestamps are removed, that may affect SSHGuard’s time calculations (generally only on first launch)
Fail2Ban did not work for me, as it had trouble parsing the non-standard logs produced by Gitlab’s sshd.
Continue reading “sshguard with Gitlab in Docker”