doc/fail2ban_fr.md

# Fail2ban

**Fail2Ban** est un logiciel de prévention des intrusions qui protège les serveurs informatiques contre les attaques de brute-force. Il surveille certains journaux et bannira les adresses IP qui montrent un comportement de brute-forcing.

En particulier, **Fail2ban** surveille les tentatives de connexion `SSH`. Après 5 tentatives de connexion échouées sur SSH, Fail2ban banniera l'adresse IP de se connecter via SSH pendant 10 minutes. Si cette adresse récidive plusieurs fois, elle peut être bannie pendant une semaine.

## Débannir une IP

Pour débloquer une addresse IP, vous devez d'abord accéder à votre serveur par un moyen quelconque (par exemple à partir d'une autre adresse IP ou d'une autre connexion internet que celle bannie).

Ensuite, regardez le **journal de fail2ban** pour identifier dans quelle `prison` ou `jail` l'adresse IP a été bannie :

```bash
sudo tail /var/log/fail2ban.log
2019-01-07 16:24:47 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:49 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:51 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:54 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE  [sshd] Ban 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter  [1837]: NOTICE  [recidive] Ban 11.22.33.44
```

Ici, l'IP `11.22.33.44` a été bannie dans les jails `sshd` et `recidive`.

Puis débanissez l'adresse IP avec les commandes suivantes :

```bash
sudo fail2ban-client set sshd unbanip 11.22.33.44
sudo fail2ban-client set recidive unbanip 11.22.33.44
```

## Passer une IP en liste blanche / whitelist

Si vous ne voulez plus qu'une adresse IP "légitime" soit bloquée par **YunoHost**, alors il faut la renseigner dans la liste blanche ou whitelist du fichier de configuration de la `prison`.

Lors d'une mise à jour du logiciel **Fail2ban**, le fichier d'origine `/etc/fail2ban/jail.conf` est écrasé. C'est donc dans un nouveau fichier que nous allons stocker les modifications. Elles seront ainsi conservées dans le temps.

1. Commencez par créer le nouveau fichier de configuration des prisons qui s’appelera `yunohost-whitelist.conf` :

    ```bash
    sudo touch /etc/fail2ban/jail.d/yunohost-whitelist.conf
    ```

2. Éditez ce nouveau fichier avec votre éditeur préféré :

    ```bash
    sudo nano /etc/fail2ban/jail.d/yunohost-whitelist.conf
    ```

3. Coller le contenu suivant dans le fichier et adapter l'adresse IP `XXX.XXX.XXX.XXX` :

    ```bash
    [DEFAULT]

    ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX #<= l'adresse IP (on peut en mettre  plusieurs, séparées par un espace) que vous voulez passer en liste blanche / whitelist
    ```

4. Sauvegardez le fichier et rechargez la configuration de fail2ban :

    ```bash
    sudo fail2ban-client reload
    ```

Félicitations, plus de risques de se bannir de son propre serveur YunoHost!
-												Update fail2ban_fr.md

											
										
										
											2014-06-17 11:55:59 +02:00
+								# Fail2ban
-												Add fail2ban_fr.md

											
										
										
											2014-06-17 11:32:43 +02:00
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								**Fail2Ban** est un logiciel de prévention des intrusions qui protège les serveurs informatiques contre les attaques de brute-force. Il surveille certains journaux et bannira les adresses IP qui montrent un comportement de brute-forcing.
-												Add fail2ban_fr.md

											
										
										
											2014-06-17 11:32:43 +02:00
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								En particulier, **Fail2ban** surveille les tentatives de connexion `SSH`. Après 5 tentatives de connexion échouées sur SSH, Fail2ban banniera l'adresse IP de se connecter via SSH pendant 10 minutes. Si cette adresse récidive plusieurs fois, elle peut être bannie pendant une semaine.
-												Add fail2ban_fr.md

											
										
										
											2014-06-17 11:32:43 +02:00
-												Rework ssh page

											
										
										
											2019-01-07 16:55:18 +01:00
+								## Débannir une IP
-												Add fail2ban_fr.md

											
										
										
											2014-06-17 11:32:43 +02:00
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								Pour débloquer une addresse IP, vous devez d'abord accéder à votre serveur par un moyen quelconque (par exemple à partir d'une autre adresse IP ou d'une autre connexion internet que celle bannie).
-												Add fail2ban_fr.md

											
										
										
											2014-06-17 11:32:43 +02:00
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								Ensuite, regardez le **journal de fail2ban** pour identifier dans quelle `prison` ou `jail` l'adresse IP a été bannie :
-												Update fail2ban_fr.md

											
										
										
											2014-06-17 11:42:12 +02:00
-												Update fail2ban_fr.md

											
										
										
											2014-06-17 11:55:59 +02:00
+								```bash
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								sudo tail /var/log/fail2ban.log
-												Rework ssh page

											
										
										
											2019-01-07 16:55:18 +01:00
+-01-07 16:24:47 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
 -01-07 16:24:49 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
 -01-07 16:24:51 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
 -01-07 16:24:54 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
 -01-07 16:24:57 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
 -01-07 16:24:57 fail2ban.actions [1837]: NOTICE  [sshd] Ban 11.22.33.44
 -01-07 16:24:57 fail2ban.filter  [1837]: NOTICE  [recidive] Ban 11.22.33.44
-												Update fail2ban_fr.md

											
										
										
											2014-06-17 11:55:59 +02:00
+								```
-												Add fail2ban_fr.md

											
										
										
											2014-06-17 11:32:43 +02:00
-												Rework ssh page

											
										
										
											2019-01-07 16:55:18 +01:00
+								Ici, l'IP `11.22.33.44` a été bannie dans les jails `sshd` et `recidive`.
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								Puis débanissez l'adresse IP avec les commandes suivantes :
-												Rework ssh page

											
										
										
											2019-01-07 16:55:18 +01:00
-												Update fail2ban_fr.md

											
										
										
											2014-06-17 11:42:12 +02:00
+								```bash
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								sudo fail2ban-client set sshd unbanip 11.22.33.44
 								sudo fail2ban-client set recidive unbanip 11.22.33.44
-												Update fail2ban_fr.md

Dernière correction pour la documentation administrateur ;)
											
										
										
											2015-05-20 15:07:53 +02:00
+								```
-												Rework ssh page

											
										
										
											2019-01-07 16:55:18 +01:00
-												[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014)

* How to set an IP adress in Fail2ban whitelist

* Utilisation d'un fichier dédié .local pour fail2ban

* Reformulation + linter markdown + typos

* Reformulation + typos

* Add "whitelist" howto + wording + typos

Changes made following french page

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Update fail2ban_fr.md

Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com>

* Change location of "whitelist" config file

from 'jail.local' to 'jail.d/yunohost-whitelist.conf'

* remove deepl reference

* add missing slashs

* fix typo in file name

* Simplify wording

Co-authored-by: Yunobot <simone@yunohost.org>
Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com>
Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
											
										
										
											2020-04-24 10:18:09 +02:00
+								## Passer une IP en liste blanche / whitelist
 								Si vous ne voulez plus qu'une adresse IP "légitime" soit bloquée par **YunoHost**, alors il faut la renseigner dans la liste blanche ou whitelist du fichier de configuration de la `prison`.
 								Lors d'une mise à jour du logiciel **Fail2ban**, le fichier d'origine `/etc/fail2ban/jail.conf` est écrasé. C'est donc dans un nouveau fichier que nous allons stocker les modifications. Elles seront ainsi conservées dans le temps.
 . Commencez par créer le nouveau fichier de configuration des prisons qui s’appelera `yunohost-whitelist.conf` :
 								    ```bash
 								    sudo touch /etc/fail2ban/jail.d/yunohost-whitelist.conf
 								    ```
 . Éditez ce nouveau fichier avec votre éditeur préféré :
 								    ```bash
 								    sudo nano /etc/fail2ban/jail.d/yunohost-whitelist.conf
 								    ```
 . Coller le contenu suivant dans le fichier et adapter l'adresse IP `XXX.XXX.XXX.XXX` :
 								    ```bash
 								    [DEFAULT]
 								    ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX #<= l'adresse IP (on peut en mettre  plusieurs, séparées par un espace) que vous voulez passer en liste blanche / whitelist
 								    ```
 . Sauvegardez le fichier et rechargez la configuration de fail2ban :
 								    ```bash
 								    sudo fail2ban-client reload
 								    ```
 								Félicitations, plus de risques de se bannir de son propre serveur YunoHost!