Security Overview
Last updated
/jabali-admin/security. Parent page for the security tabs (M26).
Tabs
| Tab | What it covers |
|---|---|
| CrowdSec | Decisions, scenarios, allowlists, console enrolment, test-IP card. See CrowdSec. |
| AppSec | The CrowdSec AppSec WAF replacing the removed ModSecurity stack (M27). See AppSec. |
| AppArmor | Per-profile status (enforce / complain / disabled) for shipped profiles. See AppArmor. |
| Snuffleupagus | PHP runtime hardening rule packs and per-app exception files. See Snuffleupagus. |
| AIDE | Host-integrity daily scan results, manual scan trigger. See AIDE. |
| Malware | ClamAV on-demand, LMD opt-in monitor, YARA php.yar, Tetragon eBPF tripwires (M33 + M33.2). See Malware. |
| UFW | Port baseline only (IP decisions live in CrowdSec since M43). See UFW. |
| Egress | Per-user nftables + cgroup v2 vmap egress firewall (M34). See Egress. |
Quick status at the top
A header strip summarises:
- CrowdSec: decisions in the last hour, alerts in the last 24 h.
- AppSec: blocked requests in the last hour.
- AppArmor: number of profiles in
enforcevscomplain. - AIDE: time since last clean scan; current diff count.
- Malware: open file-hit count.
Each link drills into the relevant tab.
Operator workflow
- Daily: open this page, glance at the header strip, drill into any anomaly.
- Weekly: review CrowdSec decisions for false positives; add legitimate sources to allowlist.
- After any incident: review the audit log for the time window and correlate with the security tabs.
What is not on this page
- Audit log: separate page; see Audit Log.
- Mail-specific security (DKIM, SPF, DMARC): see Mail Deliverability.
- TLS certificates: see SSL Manager.