From 51ae77545e51c5a9bdc3e685a4409d4e4140cd49 Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Wed, 10 Apr 2024 17:06:42 +0200 Subject: [PATCH 1/2] fix(doc) typo that made fail2ban to fail --- .../05.fail2ban/fail2ban.md | 57 ++++++++++++++++++- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md b/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md index e6f11a58b..ec2dc8502 100644 --- a/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md +++ b/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md @@ -60,13 +60,66 @@ When updating the **Fail2Ban** software, the original `/etc/fail2ban/jail.conf` ```bash [DEFAULT] - ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX #<= the IP address (you can put more than one, separated by a space) that you want to whitelist + ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX ; <= the IP address (you can put more than one, separated by a space) that you want to whitelist ``` -4. Save the file and reload the Fail2Ban configuration: +4. You should get end up with something like this if you have added two ip addresses (ipv4 and [ipv6](/ipv6)) + + ```bash + [DEFAULT] + + ignoreip = 127.0.0.1/8 203.0.113.4 2001:DB8::1 + ``` + +5. Save the file and reload the Fail2Ban configuration: ```bash sudo fail2ban-client reload ``` +6. Check that the configuration has been applied as expected: + + 1. You should have this result + + ```bash + root@sambain:/etc/nginx# fail2ban-client get sshd ignoreip + These IP addresses/networks are ignored: + |- 127.0.0.0/8 + |- 2001:db8::1 + |- XXX.XXX.XXX.XXX + `- 203.0.113.4 + ``` + + 2. If there is an error with your change, you could end up with something like this: + + ```bash + sudo fail2ban-client get sshd ignoreip + These IP addresses/networks are ignored: + |- 127.0.0.0/8 + |- #<= + |- the + |- IP + |- address + |- (you + |- can + |- put + |- more + |- than + |- one + |- separated + |- by + |- a + |- space) + |- that + |- you + |- want + |- to + |- whitelist + |- 203.0.113.4 + |- XXX.XXX.XXX.XXX + `- 2001:db8::1 + ``` + + For the curious, it was because of a [comment ;](https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf#L30) + Congratulations, no more risks of banning yourself from your own YunoHost server! From d3c53436fbe2aa14d85b3fa54ad19931952eed25 Mon Sep 17 00:00:00 2001 From: Gofannon <17145502+Gofannon@users.noreply.github.com> Date: Wed, 10 Apr 2024 17:27:34 +0200 Subject: [PATCH 2/2] doc: enhancement proposal / wording --- .../50.troubleshooting/05.fail2ban/fail2ban.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md b/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md index ec2dc8502..819046aff 100644 --- a/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md +++ b/pages/02.administer/50.troubleshooting/05.fail2ban/fail2ban.md @@ -57,10 +57,14 @@ When updating the **Fail2Ban** software, the original `/etc/fail2ban/jail.conf` 3. Paste the following content into the file and adapt the IP address `XXX.XXX.XXX.XXX`: + ! Keep the `127.0.0.1/8`, it corresponds to the server [internal communication system](https://en.wikipedia.org/wiki/Localhost) + ```bash [DEFAULT] - ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX ; <= the IP address (you can put more than one, separated by a space) that you want to whitelist + ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX + # ^ Add your IP address or DNS host here + # you can put more than one, separated by a space ``` 4. You should get end up with something like this if you have added two ip addresses (ipv4 and [ipv6](/ipv6)) @@ -71,13 +75,13 @@ When updating the **Fail2Ban** software, the original `/etc/fail2ban/jail.conf` ignoreip = 127.0.0.1/8 203.0.113.4 2001:DB8::1 ``` -5. Save the file and reload the Fail2Ban configuration: +5. **Save** the file and **reload** the Fail2Ban configuration: ```bash sudo fail2ban-client reload ``` -6. Check that the configuration has been applied as expected: +6. **Check** that the configuration has been applied as expected: 1. You should have this result @@ -90,7 +94,7 @@ When updating the **Fail2Ban** software, the original `/etc/fail2ban/jail.conf` `- 203.0.113.4 ``` - 2. If there is an error with your change, you could end up with something like this: + 2. If there is an **error** with your change, you could end up with something like this: ```bash sudo fail2ban-client get sshd ignoreip @@ -120,6 +124,8 @@ When updating the **Fail2Ban** software, the original `/etc/fail2ban/jail.conf` `- 2001:db8::1 ``` - For the curious, it was because of a [comment ;](https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf#L30) + And you will need to fix it or revert your changes as Fail2ban could fail + + > For the curious, it was because of a [comment ;](https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf#L30) Congratulations, no more risks of banning yourself from your own YunoHost server!