I’ve ran through the production install a few times successfully updated clients etc… So I’m interested on keeping it around but I don’t see any information on secureing the production server… I’m new to docker so not sure how vulnerable to attacks they are? After installation on a test server I successful attached clients and pushed updates… I had other things to do 3 days later I seen it was turned off by my vps host do to exceeding the 5000gb limit witch also caused the IP to become banned? I had to destroy the server so I don’t know what caused it. It was a fresh install and had a artifact that was less then 2mb so I figure it must have been hacked… The wierdist thing I ran into was after installing it on a second server with new IP address and a "matching DNS A record " successfully… After a few days the IP address became unreachable(blacklisted)… I figure it must need to have better iptables rules. I know I have sshd locked down good with fail2ban as well . so I assume it must have to do with docker wanting to leave the iptables forwarding to accept all.
any advise for securing iptables ?
Any advise for connecting fail2ban with mender server production logs?
Thx for taking the time to help