How can we help?

Fail2ban

Follow

In version 5.00 Fail2ban has been added as the default-enabled security guard for better intrusion prevention on your device.

It has multiple filters enabled and mainly checks for suspicious activity at the following services and protocols:
Apache2 (HTTP/HTTPS)
SSHD
SMTP
PostgreSQL

1) Logging
Available at /var/log/fail2ban.log
Example:

2023-04-19 13:04:26,272 fail2ban.filter [745]: INFO [sshd] Found 192.168.0.105 - 2023-04-19 13:04:26
2023-04-19 16:00:11,249 fail2ban.filter [745]: INFO [apache-antibot] Found 192.168.0.105 - 2023-04-19 16:00:10
2023-04-19 16:00:11,624 fail2ban.actions [745]: NOTICE [apache-antibot] Ban 192.168.0.105

It tracks every IP address actions and shows which filter caught the activity.

2) Unbanning:

First you need to determine which filter banned the IP. In example:

2023-04-19 16:00:11,624 fail2ban.actions [745]: NOTICE [apache-antibot] Ban 192.168.0.105

user from 192.168.0.105 was banned because of apache-antibot filter. To unban him you need to specify which filter (jail) caught the action and his IP, e.g:

fail2ban-client set apache-antibot unbanip 192.168.0.105
Was this article helpful?
0 out of 0 found this helpful