How can I secure admin access to my seafile server (CE) appart from using a totally separate account for personal/administrative stuff? Are there any preventive easy-to-implement security practices that you guys could mention?
I presonally use a strong password (24 characters, all random ascii caracters) and https. Is that all I can do? I really wish the CE version had some kind of 2FA. Thanks for reading.
With Fail2ban you can also approve the security: https://manual.seafile.com/security/fail2ban.html
Yeah, but I doubt that would be useful if you already have a good password
With a 24 character password , attack by brute force will be difficult. Fail2ban is a way to avoid brute force attacks and also to block people who have nothing to do on your server. And if you are not the only user of your seafile server, maybe other people have not set up a 24-character password.
It is enough that you share a link protected by a password, and that this link is discovered, to launch a attack by brute force.
You are not going to put a password of 24 characters on each link that you will share?
Data may be compromised in this way …
fail2ban can prevent user access (at most) to be compromised (like a share link). It won’t do anything against a more realistic but less possible “The admin leaked his personal account password that had admin access, the attacker created an account and shared everyone’s libraries with that account” scenario.
Having access to a password protected share link is nothing compared to having full admin rights. Of course fail2ban can be useful, but it won’t help much on realistic, more devastating scenarios. BTW Everyone using the server uses LastPass to manage their passwords.
I appreciate the advice, but I don’t think it helps in my situation.
If 2FA would be included in the version CE, the security would be greatly improved. The question has already been posed to the developer and it seems to me that is not planned for the moment …