Security Overview

Last updated

/jabali-admin/security. Parent page for the security tabs (M26).

Tabs

TabWhat it covers
CrowdSecDecisions, scenarios, allowlists, console enrolment, test-IP card. See CrowdSec.
AppSecThe CrowdSec AppSec WAF replacing the removed ModSecurity stack (M27). See AppSec.
AppArmorPer-profile status (enforce / complain / disabled) for shipped profiles. See AppArmor.
SnuffleupagusPHP runtime hardening rule packs and per-app exception files. See Snuffleupagus.
AIDEHost-integrity daily scan results, manual scan trigger. See AIDE.
MalwareClamAV on-demand, LMD opt-in monitor, YARA php.yar, Tetragon eBPF tripwires (M33 + M33.2). See Malware.
UFWPort baseline only (IP decisions live in CrowdSec since M43). See UFW.
EgressPer-user nftables + cgroup v2 vmap egress firewall (M34). See Egress.

Quick status at the top

A header strip summarises:

  • CrowdSec: decisions in the last hour, alerts in the last 24 h.
  • AppSec: blocked requests in the last hour.
  • AppArmor: number of profiles in enforce vs complain.
  • AIDE: time since last clean scan; current diff count.
  • Malware: open file-hit count.

Each link drills into the relevant tab.

Operator workflow

  1. Daily: open this page, glance at the header strip, drill into any anomaly.
  2. Weekly: review CrowdSec decisions for false positives; add legitimate sources to allowlist.
  3. After any incident: review the audit log for the time window and correlate with the security tabs.

What is not on this page