doc/fail2ban.md

# Fail2ban

**Fail2Ban** is an intrusion prevention software that protects computer servers against brute-force attacks. It monitors certain logs and will ban IP addresses that show brute-force-like behavior.

In particular, **Fail2ban** monitors `SSH` connection attempts. After 5 failed SSH connection attempts, Fail2ban will ban the IP address from connecting via SSH for 10 minutes. If this address fails several times, it might get banned for a week.

## Unban an IP

To unblock an IP address, you must first access your server by some means (for example from another IP or from another internet connection than the banned one).

Then, look at the **fail2ban's log** to identify in which `jail` the IP has been banned:

```bash
sudo tail /var/log/fail2ban.log
2019-01-07 16:24:47 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:49 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:51 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:54 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter  [1837]: INFO    [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE  [sshd] Ban 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter  [1837]: NOTICE  [recidive] Ban 11.22.33.44
```

Here, the `11.22.33.44` IP has been banned in the `sshd` and `recidive` jails.

Then deban the IP address with the following commands:

```bash
sudo fail2ban-client set sshd unbanip 11.22.33.44
sudo fail2ban-client set recidive unbanip 11.22.33.44
```

## Whitelist an IP

If you don't want a "legitimate" IP address to be blocked by **YunoHost** anymore, then you have to fill it in the whitelist of the `jail` configuration file.

When updating the **Fail2ban** software, the original `/etc/fail2ban/jail.conf` file is overwritten. So it is on a new dedicated file that we will store the changes. They will thus be preserved over time.

1. Start by creating the new jail configuration file which will be called `yunohost-whitelist.conf`:

    ```bash
    sudo touch /etc/fail2ban/jail.d/yunohost-whitelist.conf
    ```

2. Edit this new file with your favorite editor:

    ```bash
    sudo nano /etc/fail2ban/jail.d/yunohost-whitelist.conf
    ```

3. Paste the following content into the file and adapt the IP address `XXX.XXX.XXX.XXX` :

    ```bash
    [DEFAULT]

    ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX #<= the IP address (you can put more than one, separated by a space) that you want to whitelist
    ```

4. Save the file and reload the fail2ban configuration:

    ```bash
    sudo fail2ban-client reload
    ```

Congratulations, no more risks of banning yourself from your own YunoHost server!
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00			`# Fail2ban`

[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			`Fail2Ban is an intrusion prevention software that protects computer servers against brute-force attacks. It monitors certain logs and will ban IP addresses that show brute-force-like behavior.`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			In particular, Fail2ban monitors `SSH` connection attempts. After 5 failed SSH connection attempts, Fail2ban will ban the IP address from connecting via SSH for 10 minutes. If this address fails several times, it might get banned for a week.
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
Rework ssh page 2019-01-07 16:55:18 +01:00			`## Unban an IP`

[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			`To unblock an IP address, you must first access your server by some means (for example from another IP or from another internet connection than the banned one).`
Rework ssh page 2019-01-07 16:55:18 +01:00
[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			Then, look at the fail2ban's log to identify in which `jail` the IP has been banned:
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
			```bash
[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			`sudo tail /var/log/fail2ban.log`
Rework ssh page 2019-01-07 16:55:18 +01:00			`2019-01-07 16:24:47 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:49 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:51 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:54 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:57 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44`
			`2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE [sshd] Ban 11.22.33.44`
			`2019-01-07 16:24:57 fail2ban.filter [1837]: NOTICE [recidive] Ban 11.22.33.44`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00			```

[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			Here, the `11.22.33.44` IP has been banned in the `sshd` and `recidive` jails.
Rework ssh page 2019-01-07 16:55:18 +01:00
[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			`Then deban the IP address with the following commands:`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00
			```bash
[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			`sudo fail2ban-client set sshd unbanip 11.22.33.44`
			`sudo fail2ban-client set recidive unbanip 11.22.33.44`
* 1rst pass - French localization - Addition of french files - Traduction of existing incomplete french file based on english and subject comprehension - Correction of found link reference using _en suffix - deletion of duplicate file 2015-05-20 12:39:51 +02:00			```

[Anonymous contrib] How to set an IP adress in Fail2ban whitelist (#1014) * How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com> 2020-04-24 10:18:09 +02:00			`## Whitelist an IP`

			If you don't want a "legitimate" IP address to be blocked by YunoHost anymore, then you have to fill it in the whitelist of the `jail` configuration file.

			When updating the Fail2ban software, the original `/etc/fail2ban/jail.conf` file is overwritten. So it is on a new dedicated file that we will store the changes. They will thus be preserved over time.

			1. Start by creating the new jail configuration file which will be called `yunohost-whitelist.conf`:

			```bash
			`sudo touch /etc/fail2ban/jail.d/yunohost-whitelist.conf`
			```

			`2. Edit this new file with your favorite editor:`

			```bash
			`sudo nano /etc/fail2ban/jail.d/yunohost-whitelist.conf`
			```

			3. Paste the following content into the file and adapt the IP address `XXX.XXX.XXX.XXX` :

			```bash
			`[DEFAULT]`

			`ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX #<= the IP address (you can put more than one, separated by a space) that you want to whitelist`
			```

			`4. Save the file and reload the fail2ban configuration:`

			```bash
			`sudo fail2ban-client reload`
			```

			`Congratulations, no more risks of banning yourself from your own YunoHost server!`