doc/fail2ban.md

# Fail2ban

Fail2Ban is an intrusion prevention software that protects computer servers from brute-force attacks. It monitors some log files and will ban IP addresses that shows brute-force-like behavior.

In particular, Fail2ban monitors SSH connection attempts. After 5 failed login attempts on SSH, Fail2ban will ban the corresponding IP address from connecting through SSH for 10 minutes. If this IP is found to recidive several times, it might get ban for a week.

## Unban an IP

To unban an IP from fail2ban, you first need to access your server by some mean (e.g. from another IP by the one being banned).

Then look at fail2ban's log to identify in which jail the IP was put : 

```bash
$ tail /var/log/fail2ban.log
2019-01-07 16:24:47 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:49 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:51 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:54 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE  [sshd] Ban 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter  [1837]: NOTICE  [recidive] Ban 11.22.33.44
```

Here, the IP `11.22.33.44` was banned in the `sshd` and `recidive` jails.

Then unban the IP with the following commands : 

```bash
$ fail2ban-client set sshd unbanip 11.22.33.44
$ fail2ban-client set recidive unbanip 11.22.33.44
```
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00			`# Fail2ban`

Rework ssh page 2019-01-07 16:55:18 +01:00			`Fail2Ban is an intrusion prevention software that protects computer servers from brute-force attacks. It monitors some log files and will ban IP addresses that shows brute-force-like behavior.`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
Rework ssh page 2019-01-07 16:55:18 +01:00			`In particular, Fail2ban monitors SSH connection attempts. After 5 failed login attempts on SSH, Fail2ban will ban the corresponding IP address from connecting through SSH for 10 minutes. If this IP is found to recidive several times, it might get ban for a week.`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
Rework ssh page 2019-01-07 16:55:18 +01:00			`## Unban an IP`

			`To unban an IP from fail2ban, you first need to access your server by some mean (e.g. from another IP by the one being banned).`

			`Then look at fail2ban's log to identify in which jail the IP was put :`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
			```bash
Rework ssh page 2019-01-07 16:55:18 +01:00			`$ tail /var/log/fail2ban.log`
			`2019-01-07 16:24:47 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:49 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:51 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:54 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:57 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE [sshd] Ban 11.22.33.44`
			`2019-01-07 16:24:57 fail2ban.filter [1837]: NOTICE [recidive] Ban 11.22.33.44`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00			```

Rework ssh page 2019-01-07 16:55:18 +01:00			Here, the IP `11.22.33.44` was banned in the `sshd` and `recidive` jails.

			`Then unban the IP with the following commands :`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
			```bash
Rework ssh page 2019-01-07 16:55:18 +01:00			`$ fail2ban-client set sshd unbanip 11.22.33.44`
			`$ fail2ban-client set recidive unbanip 11.22.33.44`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00			```