Fail2Ban is an intrusion prevention software that protects computer servers against brute-force attacks. It monitors certain logs and will ban IP addresses that show brute-force-like behavior.
In particular, Fail2Ban monitors
SSH connection attempts. After 5 failed SSH connection attempts, Fail2Ban will ban the IP address from connecting via SSH for 10 minutes. If this address fails several times, it might get banned for a week.
To unblock an IP address, you must first access your server by some means (for example from another IP address or from another internet connection than the banned one).
Then, look at the Fail2Ban’s log to identify in which
jail the IP address has been banned:
sudo tail /var/log/fail2ban.log 2019-01-07 16:24:47 fail2ban.filter : INFO [sshd] Found 184.108.40.206 2019-01-07 16:24:49 fail2ban.filter : INFO [sshd] Found 220.127.116.11 2019-01-07 16:24:51 fail2ban.filter : INFO [sshd] Found 18.104.22.168 2019-01-07 16:24:54 fail2ban.filter : INFO [sshd] Found 22.214.171.124 2019-01-07 16:24:57 fail2ban.filter : INFO [sshd] Found 126.96.36.199 2019-01-07 16:24:57 fail2ban.actions : NOTICE [sshd] Ban 188.8.131.52 2019-01-07 16:24:57 fail2ban.filter : NOTICE [recidive] Ban 184.108.40.206
220.127.116.11 IP address has been banned in the
Then deban the IP address with the following commands:
sudo fail2ban-client set sshd unbanip 18.104.22.168 sudo fail2ban-client set recidive unbanip 22.214.171.124
If you don’t want a "legitimate" IP address to be blocked by YunoHost anymore, then you have to fill it in the whitelist of the
jail configuration file.
When updating the Fail2Ban software, the original
/etc/fail2ban/jail.conf file is overwritten. So it is on a new dedicated file that we will store the changes. They will thus be preserved over time.
Start by creating the new jail configuration file which will be called
sudo touch /etc/fail2ban/jail.d/yunohost-whitelist.conf
Edit this new file with your favorite editor:
sudo nano /etc/fail2ban/jail.d/yunohost-whitelist.conf
Paste the following content into the file and adapt the IP address
[DEFAULT] ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX #<= the IP address (you can put more than one, separated by a space) that you want to whitelist
Save the file and reload the Fail2Ban configuration:
sudo fail2ban-client reload
Congratulations, no more risks of banning yourself from your own YunoHost server!
Found errors? Think you can improve this documentation? Simply click the Edit link at the top of the page, and then the icon on Github to suggest changes.
Powered by Grav + with by Trilby Media.