I’m wondering if there’s a built-in method to monitor the logs to be notified if someone is trying to bruteforce through SSH or any other attacks (mainly monitoring the SSH logs).
Also, is it possible to log remote API access? This is another place where someone could try to bruteforce their way in a server
Thanks a lot
Login failures to services such as SSH are indeed logged – but to do something about that, you would need an a program such as fail2ban – which monitors logfiles, and bans the IP address of hosts with too many login failures.
Webmin does this automatically – after N login attempts, the IP address is banned for a few minutes.
The specifics there can be configured in Webmin -> Webmin -> Webmin Configuration -> IP Access Control.