Changes

Fail2ban is typically set up to unban a blocked host within a certain period, so as to not "lock out" any genuine connections that may have been temporarily misconfigured. However, an unban time of several minutes is usually enough to stop a network connection being flooded by malicious connections, as well as reducing the likelihood of a successful dictionary attack.

Fail2ban is typically set up to unban a blocked host within a certain period, so as to not "lock out" any genuine connections that may have been temporarily misconfigured. However, an unban time of several minutes is usually enough to stop a network connection being flooded by malicious connections, as well as reducing the likelihood of a successful dictionary attack.

{{Tip box|n'est pas seulement un outil contre les attaques par force brute sur SSH, mais il peut être un outil utile contre les attaques de protocole http ou [http://forums.contribs.org/index.php/topic,50162.msg252195.html#msg252195 spam] sur votre serveur. Voir la [[Fail2ban#Jail.conf |section prison]]}}

{{Tip box|Fail2ban n'est pas seulement un outil contre les attaques par force brute sur SSH, mais il peut être un outil utile contre les attaques de protocole http ou [http://forums.contribs.org/index.php/topic,50162.msg252195.html#msg252195 spam] sur votre serveur. Voir la [[Fail2ban#Jail.conf |section prison]]}}

=== Systèmes requis ===

=== Systèmes requis ===

{{note box| you have to install the fail2ban version of fws repository and not the epel version}}

{{note box| you have to install the fail2ban version of fws repository and not the epel version}}

* Appply the needed configuration:

* Appliquer la configuration nécessaire :

  expand-template /etc/rc.d/init.d/masq

  expand-template /etc/rc.d/init.d/masq

  /etc/init.d/masq restart

  /etc/init.d/masq restart

  signal-event fail2ban-conf

  signal-event fail2ban-conf

  signal-event post-upgrade; signal-event reboot

  signal-event post-upgrade; signal-event reboot

{{warning box| Failing to run either of these command will completly lock network access next time iptables rules are reloaded}}

{{warning box| A défaut d'exécuter l'une de ces commandes, l'accès au réseau sera verrouillés le temps de recharger les règles d'iptables}}

=== Commandes DB ===

=== Commandes DB ===

there is no panel yet you can manage the contrib by the db configuration, it is quite simple

Il n'y à pas de panneau de configuration, vous pouvez encore gérer la contrib avec db cnfiguration, c'est assez simple.

  # config show fail2ban  

  # config show fail2ban  

     status=enabled

     status=enabled

Available options are below:

Les options disponibles sont ci-dessous :

* '''IgnoreIP''': a comma separated list of IP or CIDR networks which will never be blocked by fail2ban. Exemple: 12.15.22.4,17.20.0.0/16. All your local networks and networks allowed to access the server-manager are already automatically whitelisted

* '''IgnoreIP''': a comma separated list of IP or CIDR networks which will never be blocked by fail2ban. Exemple: 12.15.22.4,17.20.0.0/16. All your local networks and networks allowed to access the server-manager are already automatically whitelisted

* '''MailRecipient''': if '''Mail''' is enabled, the email address which should receive ban notifications. Default is root (the admin account will receive)

* '''MailRecipient''': if '''Mail''' is enabled, the email address which should receive ban notifications. Default is root (the admin account will receive)

After changing one of these settings, you need to apply it:

Ensuite, pour appliquer les changements :

  signal-event fail2ban-conf

  signal-event fail2ban-conf