mirror of
https://github.com/YunoHost/doc.git
synced 2024-09-03 20:06:26 +02:00
06249c5012
* How to set an IP adress in Fail2ban whitelist * Utilisation d'un fichier dédié .local pour fail2ban * Reformulation + linter markdown + typos * Reformulation + typos * Add "whitelist" howto + wording + typos Changes made following french page * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Update fail2ban_fr.md Co-Authored-By: Plumf <45500657+Plumf@users.noreply.github.com> * Change location of "whitelist" config file from 'jail.local' to 'jail.d/yunohost-whitelist.conf' * remove deepl reference * add missing slashs * fix typo in file name * Simplify wording Co-authored-by: Yunobot <simone@yunohost.org> Co-authored-by: Gofannon <17145502+Gofannon@users.noreply.github.com> Co-authored-by: Plumf <45500657+Plumf@users.noreply.github.com>
65 lines
2.7 KiB
Markdown
65 lines
2.7 KiB
Markdown
# Fail2ban
|
|
|
|
**Fail2Ban** is an intrusion prevention software that protects computer servers against brute-force attacks. It monitors certain logs and will ban IP addresses that show brute-force-like behavior.
|
|
|
|
In particular, **Fail2ban** monitors `SSH` connection attempts. After 5 failed SSH connection attempts, Fail2ban will ban the IP address from connecting via SSH for 10 minutes. If this address fails several times, it might get banned for a week.
|
|
|
|
## Unban an IP
|
|
|
|
To unblock an IP address, you must first access your server by some means (for example from another IP or from another internet connection than the banned one).
|
|
|
|
Then, look at the **fail2ban's log** to identify in which `jail` the IP has been banned:
|
|
|
|
```bash
|
|
sudo tail /var/log/fail2ban.log
|
|
2019-01-07 16:24:47 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
|
|
2019-01-07 16:24:49 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
|
|
2019-01-07 16:24:51 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
|
|
2019-01-07 16:24:54 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
|
|
2019-01-07 16:24:57 fail2ban.filter [1837]: INFO [sshd] Found 11.22.33.44
|
|
2019-01-07 16:24:57 fail2ban.actions [1837]: NOTICE [sshd] Ban 11.22.33.44
|
|
2019-01-07 16:24:57 fail2ban.filter [1837]: NOTICE [recidive] Ban 11.22.33.44
|
|
```
|
|
|
|
Here, the `11.22.33.44` IP has been banned in the `sshd` and `recidive` jails.
|
|
|
|
Then deban the IP address with the following commands:
|
|
|
|
```bash
|
|
sudo fail2ban-client set sshd unbanip 11.22.33.44
|
|
sudo fail2ban-client set recidive unbanip 11.22.33.44
|
|
```
|
|
|
|
## Whitelist an IP
|
|
|
|
If you don't want a "legitimate" IP address to be blocked by **YunoHost** anymore, then you have to fill it in the whitelist of the `jail` configuration file.
|
|
|
|
When updating the **Fail2ban** software, the original `/etc/fail2ban/jail.conf` file is overwritten. So it is on a new dedicated file that we will store the changes. They will thus be preserved over time.
|
|
|
|
1. Start by creating the new jail configuration file which will be called `yunohost-whitelist.conf`:
|
|
|
|
```bash
|
|
sudo touch /etc/fail2ban/jail.d/yunohost-whitelist.conf
|
|
```
|
|
|
|
2. Edit this new file with your favorite editor:
|
|
|
|
```bash
|
|
sudo nano /etc/fail2ban/jail.d/yunohost-whitelist.conf
|
|
```
|
|
|
|
3. Paste the following content into the file and adapt the IP address `XXX.XXX.XXX.XXX` :
|
|
|
|
```bash
|
|
[DEFAULT]
|
|
|
|
ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX #<= the IP address (you can put more than one, separated by a space) that you want to whitelist
|
|
```
|
|
|
|
4. Save the file and reload the fail2ban configuration:
|
|
|
|
```bash
|
|
sudo fail2ban-client reload
|
|
```
|
|
|
|
Congratulations, no more risks of banning yourself from your own YunoHost server!
|