Hardening Security in Icinga2 Web UI

Hi All,

I installed Icinga Web 2 Version 2.9.5 with PHP Version 8.0.29 successfuly and had no issues in monitoring.

However there are security requirements that I should comply. Here are the following:

  1. Enforcing Web session expiration to 30 minutes of inactivity.
  2. Concurrent login sessions should be disabled (Restricted to 1 device only).
  3. User account should be locked after 3 failed login attempts.

I tried to check the documentation Security - Icinga Web v2.9 for any references or guides but it seems to be more related to permissions and roles.

Is there any guide on how to implement the requirements mentioned? Or can someone point me to the right direction?

Thanks in advance :slight_smile:

before we talk about hardening we should talk about updates:

or upgrades:

concurrent session restriction is not possible but I think this can be achieved with writing a new module.
the same applies to useraccount lock.

but here are my google search results for your session problem:

Yeah you are going to need web server config or reverse proxy config for some of those features.