Problem/Justification
While it is possible to receive email notifications of failed SSH login attempts, from a security monitoring (of hacking attempts) perspective, it would be great to also have the option of being notified by email if n (let’s say, for example, 3) login attempts failed in a row from a specific IP. Something like fail2ban for WebGUI access would be awesome, but just an email would work well too. This would give more confidence about TrueNAS’s security posture (by alerting to potential hacking attempts).
Impact
Will give enterprise as well as home users confidence that no bad actor is trying to access their TrueNAS/data via the WebGUI (SSH is already monitored). If such an email is received, then the user will be aware that their TrueNAS system is being targeted and can work on resolving the cause prior to TrueNAS being penetrated.
While SMB/NFS ransomware can be remedied via reverting snapshots, if an attacker gains WebGUI or SSH access – it is game over.
User Story
Interested enterprise and home users can sleep just a little easier knowing that if a bad actor was somehow able to start targeting their TrueNAS data for ransom or deletion via the WebGUI, they would be made aware of it.
Even management networks can be compromised if a management node is compromised, TrueNAS data is too important to risk.
(If someone has found an alternate means of accomplishing this, would really appreciate a hint in the right direction – past forum posts suggest this is not yet implemented.)