1.5 KiB
Fail2ban
Fail2Ban is an intrusion prevention software that protects computer servers from brute-force attacks. It monitors some log files and will ban IP addresses that shows brute-force-like behavior.
In particular, Fail2ban monitors SSH connection attempts. After 5 failed login attempts on SSH, Fail2ban will ban the corresponding IP address from connecting through SSH for 10 minutes. If this IP is found to recidive several times, it might get ban for a week.
Unban an IP
To unban an IP from fail2ban, you first need to access your server by some mean (e.g. from another IP by the one being banned).
Then look at fail2ban's log to identify in which jail the IP was put :
$ tail /var/log/fail2ban.log
2019-01-07 16:24:47 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
2019-01-07 16:24:49 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
2019-01-07 16:24:51 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
2019-01-07 16:24:54 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE [sshd] Ban 11.22.33.44
2019-01-07 16:24:57 fail2ban.filter [1837]: NOTICE [recidive] Ban 11.22.33.44
Here, the IP 11.22.33.44 was banned in the sshd and recidive jails.
Then unban the IP with the following commands :
$ fail2ban-client set sshd unbanip 11.22.33.44
$ fail2ban-client set recidive unbanip 11.22.33.44