Wiki
Attachments
History
Blame
View Source
Documentation
About An Otter Wiki
Toggle dark mode
Login
Home
A - Z
Changelog
Page Index
Hardware
Disques Dures
Gpu
Specs
Sauvegarde Et Restoration
Bases de Données
Mailu
Nextcloud
Procédure De Sauvegarde Individuelles
Scripts de sauvegarde
Server
Containers
Custom scripts location
Disk Health
Fail2Ban
General
Mise à jours
Noms de domaine
Security
Setup
SSH
Syncing Content
Services Hng
Dokuwiki
Forgejo
Historique
Historique_Services
Jellyfin
Mailu
Nextcloud
Onlyoffice
Openwebui
Readeck
Traefik
Home
Server
Fail2Ban
0f24b9
Commit
0f24b9
2025-12-21 19:07:23
theophile
: added troubleshooting, general page cleanup with blocks
server/fail2ban.md
..
@@ 19,19 19,21 @@
sudo apt install fail2ban
```
+
## Configuration
+
Les fichiers de configuration se trouve à :
``` shell
/etc/fail2ban
```
-
<WRAP left round important 100%>
-
Don't copy the conf to local We want to make precise modifications to
+
:::info
+
Don't **copy the conf to local**, we want to make precise modifications to
the default, so let's not loose ourselves in thousands of parameters.
Let's target the ones we need to change.
+
:::
-
</WRAP>
Tout d'abord on créer un fichier `jail.local` pour override les
paramètres par défault:
@@ 149,7 151,7 @@
```
- Add the `/etc/fail2ban/jail.d/bad-auth-bots.conf`
-
+
```toml
[bad-auth-bots]
enabled = true
backend = systemd
@@ 158,21 160,20 @@
findtime = 600
maxretry = 5
action = docker-action-net
-
+
```
The above will block flagged IPs for a week, you can of course change it
to your needs.
-
- Add the following to /etc/fail2ban/action.d/docker-action-net.conf
-
-
<WRAP left round important 100%>
+
- Add the following to `/etc/fail2ban/action.d/docker-action-net.conf`
+
:::info
You have to install ipset on the host system, eg.
`apt-get install ipset` on a Debian/Ubuntu system.
+
:::
-
</WRAP>
See ipset homepage for details on ipset, <https://ipset.netfilter.org/>.
-
+
```toml
[Definition]
actionstart = ipset --create f2b-bad-auth-bots nethash
@@ 184,6 185,7 @@
actionban = ipset add -exist f2b-bad-auth-bots <ip>/24
actionunban = ipset del -exist f2b-bad-auth-bots <ip>/24
+
```
Using DOCKER-USER chain ensures that the blocked IPs are processed in
the correct order with Docker. See more in:
@@ 212,6 214,20 @@
sudo systemctl restart fail2ban
```
+
+
## Troubleshooting
+
+
Pour vérifier si une adresse a été ban, on a plusieurs possibilité:
+
+
```bash
+
less /var/log/fail2ban.log | grep YOUR_IP
+
```
+
### Unban
+
+
```bash
+
sudo fail2ban-client set THE_JAIL_NAME unbanip YOUR_IP
+
```
+
## Sources
- https://wiki.archlinux.org/title/Fail2ban
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9