diff --git a/Fail2Ban.md b/Fail2Ban.md new file mode 100644 index 0000000..87d4b2e --- /dev/null +++ b/Fail2Ban.md @@ -0,0 +1,65 @@ +> Fail2ban is a powerful tool for securing your server by monitoring log files for suspicious activity and banning IP addresses that exhibit malicious behavior. + + 1. Create the Fail2ban Jail + + The first step is to create a fail2ban jail configuration file for Paperless. Open your preferred text editor and create a new file named `paperless.conf` in the `/etc/fail2ban/jail.d/` directory. + + Add the following contents to the file: + + ```bash + [paperless] + enabled = true + maxretry = 5 + filter = paperless + logpath = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log + chain = DOCKER-USER + port = 8000 + [paperless_proxy] + enabled = true + maxretry = 5 + filter = paperless + logpath = /var/lib/docker/volumes/paperless_data/_data/log/paperless.log + port = http,https + ``` + + If the Paperless Docker volumes are located to a different location (`/var/lib/docker/volumes/`), modify the `logpath` accordingly. + + If you are not using a reverse proxy to access Paperless you can remove the `[paperless_proxy]` section. + + 2. Create the Fail2ban Filter File + + This file will define the pattern that fail2ban will look for in the Paperless log file to identify malicious activity. + + Create a new file named `paperless.conf` in the `/etc/fail2ban/filter.d/` directory. + + Add the following contents to the file: + + ``` + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) `\.`$ + ignoreregex = + ``` + + 3. Restart fail2ban + + Now that the jail and filter files have been created, you need to restart fail2ban for the changes to take effect. + + ```bash + $ sudo systemctl restart fail2ban + ``` + + 4. Test the Fail2ban Jail + + To test that the jail is working correctly, try logging into Paperless with an incorrect username or password multiple times from a different IP address. After the fifth attempt, fail2ban should ban the IP address. + + You can view the status of the jail by running the following command: + + ```bash + $ sudo fail2ban-client status paperless + $ sudo fail2ban-client status paperless_proxy + ``` + + You can unban an IP address by running the following command: + ```bash + $ sudo fail2ban-client unban xx.xx.xx.xx + ``` \ No newline at end of file