Hi Andrwe! Nice to have you on board! > Monit isn't just monitoring but also automated reaction like if the service > isn't running it will be started. > I'll talk to Dennis about that. Zabbix is very rich and can do this, too. I will create a user for the monitoring server and you can have a look around. With munin and Zabbix around, I don't think, we need another monitor running. >>> 2. change main protocol of websites to https and redirect http to https >>> (e.g. forum, bugs, munin, etc...) >> >> We only have CACert.org based certificates. We'd need to buy a real >> one first. Or only secure websites, that need better security (like bugs) with a cacert-certificate. Andi, do we have money for an official certificate? I think, a single certificate with SubjectAltNames together with the vHosts is enough, I wouldn't want to setup a multi-interface-server just for that. > I've seen that but fail2ban is able to analyze log files run tasks if a limit > is succeded. > IMO fail2ban is an addition to the currect system not a replacement. > E.g. if there are more than 3 failed logins via SSH an iptables rule is added > which blocks the source IP. Thing is, if we really need it. How many times did we actually ban users? You know, I like secure, but minimal systems. Kind regards Dennis