Bezpieczeństwo

How to unban an IP in fail2ban

How to unban an IP in fail2ban
Many of the security tools do not protect your system from compromise. Even setting the strongest password does not solve the problem as it can also be broken with several techniques. Fail2ban is a great tool that allows you to ban the IP address that is making incorrect authentication attempts. Rather than allowing a user to make tries and succeeds, it blocks them in the first place. Hence, it prevents intrusion before they comprise your system.

While making incorrect authentication attempts, sometimes fail2ban can block legitimate connections too. By default, the ban time is 10 minutes. After 10 minutes, a banned IP address is unbanned automatically. However, if a legitimate system is banned and you can't wait for the ban time to expire, you can manually unban it. In this post, we will describe how to unban an IP address in fail2ban.

Background:

When a user tries to login with an incorrect password more than specified by the maxretry option in the /etc/fail2ban/jail.local file, it gets banned by fail2ban. By banning the system's IP address, no user on the banned system can use the banned service.

Following is the error message received by a user with the IP address “192.168.72.186” banned by fail2ban. It was attempting to log in to the server via SSH using the incorrect passwords.

View Banned IP address and jail information

To find out which IP addresses are banned and at what time, you can view the logs from the server where fail2ban is installed:

$ cat /var/log/fail2ban.log

The following output shows the IP address “192.168.72.186” is banned by fail2ban and is in jail named “sshd.”

You can also use the following command with the jail name to show banned IPs:

$ sudo fail2ban-client status

For example, in our case, the banned IP address is in “sshd” jail, so that the command would be:

$ sudo fail2ban-client status sshd

The output confirms the IP address “192.168.72.186” is in jail named “sshd.”

Unban an IP in fail2ban

To unban an IP address in fail2ban and remove it from the jail, use the following syntax:

$ sudo fail2ban-client set jail_name unbanip xxx.xxx.xxx.xxx

where “jail_name” is the jail where the banned IP address is in and “xxx.xxx.xxx.xxx” is the IP address that is banned.

For example, to unban an IP address “192.168.72.186,” which is in the jail “sshd,” the command would be:

$ sudo fail2ban-client set sshd unbanip 192.168.72.186

Verify if the IP address has been unbanned

Now to verify if the IP address has been unbanned, view the logs using the command below:

$ cat /var/log/fail2ban.log

In the logs, you will see an Unban entry.

Or you can also use the following command to confirm if the IP address has been unbanned:

$ sudo fail2ban-client status

Replace “jail_name” with the name of the jail where the banned IP address was in.

If you do not find the IP address listed in the Banned IP list, it means it has been successfully unbanned.

This is how you can unban an IP address in fail2ban. After unbanning the IP address, you can easily log in to the server via SSH.

Gry Vulkan for Linux Users
Vulkan for Linux Users
With each new generation of graphics cards, we see game developers push the limits of graphical fidelity and come one step closer to photorealism. But...
Gry OpenTTD vs Simutrans
OpenTTD vs Simutrans
Creating your own transport simulation can be fun, relaxing and extremely enticing. That's why you need to make sure that you try out as many games as...
Gry OpenTTD Tutorial
OpenTTD Tutorial
OpenTTD is one of the most popular business simulation games out there. In this game, you need to create a wonderful transportation business. However,...