From de90a631f5f7893999ffa0f6bd914de057b8e853 Mon Sep 17 00:00:00 2001
From: MacRimi <ricoextincion@gmail.com>
Date: Sun, 2 Mar 2025 18:25:39 +0100
Subject: [PATCH] Update

---
 web/app/docs/post-install/security/page.tsx | 201 +++++++++++---------
 1 file changed, 116 insertions(+), 85 deletions(-)

diff --git a/web/app/docs/post-install/security/page.tsx b/web/app/docs/post-install/security/page.tsx
index 136ac90..b483158 100644
--- a/web/app/docs/post-install/security/page.tsx
+++ b/web/app/docs/post-install/security/page.tsx
@@ -105,99 +105,130 @@ lynis audit system
       />
 
 
-      <h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
-        <StepNumber number={3} />
-        Protect Web Interface with Fail2Ban
-      </h3>
-      <p className="mb-4">
-        Fail2Ban enhances security by monitoring login attempts and banning malicious IPs that attempt unauthorized access.
-      </p>
-      <p className="mb-4">
-        <strong>How it works:</strong> Fail2Ban analyzes logs, detects repeated authentication failures, and automatically bans the source IP address to prevent further attacks.
-      </p>
-      <ul className="list-disc pl-5 mb-4">
-        <li>Protects the Proxmox VE web interface from brute-force attacks</li>
-        <li>Prevents unauthorized SSH access by banning repeated failed login attempts</li>
-        <li>Automatically blocks malicious IPs to reduce attack vectors</li>
-      </ul>
+    <h3 className="text-xl font-semibold mt-16 mb-4 flex items-center">
+      <StepNumber number={3} />
+      Protect Web Interface with Fail2Ban
+    </h3>
+    <p className="mb-4">
+      Fail2Ban enhances security by monitoring login attempts and banning malicious IPs that attempt unauthorized access.
+    </p>
+    <p className="mb-4">
+      <strong>How it works:</strong> Fail2Ban analyzes logs, detects repeated authentication failures, and automatically bans the source IP address to prevent further attacks.
+    </p>
+    <ul className="list-disc pl-5 mb-4">
+      <li>Protects the Proxmox VE web interface from brute-force attacks</li>
+      <li>Prevents unauthorized SSH access by banning repeated failed login attempts</li>
+      <li>Automatically blocks malicious IPs to reduce attack vectors</li>
+    </ul>
 
-      <p className="text-lg mb-2">This adjustment automates the following commands:</p>
-      <CopyableCode
-        code={`
-# Install Fail2Ban
-apt-get -y install fail2ban
+    <h4 className="text-lg font-semibold mt-4">Fail2Ban Configuration Overview</h4>
+    <p className="mb-4">
+      Fail2Ban is configured with the following security policies:
+    </p>
+    <ul className="list-disc pl-5 mb-4">
+      <li><strong>Ban Duration:</strong> 24 hours for SSH and 1 hour for Proxmox</li>
+      <li><strong>Max Retries:</strong> 2 failed attempts for SSH, 3 for Proxmox</li>
+      <li><strong>Find Time:</strong> 30 minutes for SSH, 10 minutes for Proxmox</li>
+      <li><strong>Log Monitoring:</strong> <code>/var/log/auth.log</code> for SSH and <code>/var/log/daemon.log</code> for Proxmox</li>
+    </ul>
 
-# Configure Proxmox filter to detect failed logins
-cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
-[Definition]
-failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
-ignoreregex =
-EOF
-        `}
-      />
-      
-      <p className="text-lg mt-4">Define security rules for Proxmox:</p>
-      <CopyableCode
-        code={`
-# Create a jail configuration for Proxmox
-cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf
-[proxmox]
-enabled = true
-port = https,http,8006,8007
-filter = proxmox
-logpath = /var/log/daemon.log
-maxretry = 3
-bantime = 3600
-findtime = 600
-EOF
-        `}
-      />
+    <p className="text-lg mb-2">Install and configure Fail2Ban with the following commands:</p>
+    <CopyableCode
+      code={`
+    # Install Fail2Ban
+    apt-get -y install fail2ban
+      `}
+    />
 
-      <p className="text-lg mt-4">Set up global Fail2Ban policies:</p>
-      <CopyableCode
-        code={`
-# Configure general Fail2Ban settings
-cat <<EOF > /etc/fail2ban/jail.local
-[DEFAULT]
-ignoreip = 127.0.0.1
-bantime = 86400
-maxretry = 2
-findtime = 1800
+    <p className="text-lg mt-4">Configure the Proxmox filter to detect failed logins:</p>
+    <CopyableCode
+      code={`
+    # Create the Fail2Ban filter for Proxmox
+    cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
+    [Definition]
+    failregex = pvedaemon\\[.*authentication failure; rhost=<HOST> user=.* msg=.*
+    ignoreregex =
+    EOF
+      `}
+    />
 
-[ssh-iptables]
-enabled = true
-filter = sshd
-action = iptables[name=SSH, port=ssh, protocol=tcp]
-logpath = /var/log/auth.log
-maxretry = 2
-findtime = 3600
-bantime = 32400
-EOF
-        `}
-      />
+    <p className="text-lg mt-4">Define security rules for Proxmox:</p>
+    <CopyableCode
+      code={`
+    # Create a jail configuration for Proxmox
+    cat <<EOF > /etc/fail2ban/jail.d/proxmox.conf
+    [proxmox]
+    enabled = true
+    port = https,http,8006,8007
+    filter = proxmox
+    logpath = /var/log/daemon.log
+    maxretry = 3
+    bantime = 3600
+    findtime = 600
+    EOF
+      `}
+    />
 
-      <p className="text-lg mt-4">Enable and restart the Fail2Ban service:</p>
-      <CopyableCode
-        code={`
-# Enable and restart Fail2Ban
-systemctl enable fail2ban
-systemctl restart fail2ban
-        `}
-      />
+    <p className="text-lg mt-4">Set up global Fail2Ban policies:</p>
+    <CopyableCode
+      code={`
+    # Configure general Fail2Ban settings
+    cat <<EOF > /etc/fail2ban/jail.local
+    [DEFAULT]
+    ignoreip = 127.0.0.1
+    bantime = 86400
+    maxretry = 2
+    findtime = 1800
 
-      <p className="text-lg mt-4">Check active Fail2Ban jails:</p>
-      <CopyableCode
-        code={`
-# Display Fail2Ban status
-fail2ban-client status
+    [ssh-iptables]
+    enabled = true
+    filter = sshd
+    action = iptables[name=SSH, port=ssh, protocol=tcp]
+    logpath = /var/log/auth.log
+    maxretry = 2
+    findtime = 3600
+    bantime = 32400
+    EOF
+      `}
+    />
 
-# Check status of Proxmox protection
-fail2ban-client status proxmox
+    <p className="text-lg mt-4">Enable and restart the Fail2Ban service:</p>
+    <CopyableCode
+      code={`
+    # Enable and restart Fail2Ban
+    systemctl enable fail2ban
+    systemctl restart fail2ban
+      `}
+    />
+
+    <p className="text-lg mt-4">Check active Fail2Ban jails:</p>
+    <CopyableCode
+      code={`
+    # Display Fail2Ban status
+    fail2ban-client status
+
+    # Check status of Proxmox protection
+    fail2ban-client status proxmox
+
+    # Check status of SSH protection
+    fail2ban-client status ssh-iptables
+      `}
+    />
+
+    <h4 className="text-lg font-semibold mt-4">Managing Fail2Ban</h4>
+    <p className="mb-4">You can manually unban an IP if needed:</p>
+    <CopyableCode
+      code={`
+    # Unban an IP from SSH protection
+    fail2ban-client set ssh-iptables unbanip <IP_ADDRESS>
+
+    # Unban an IP from Proxmox protection
+    fail2ban-client set proxmox unbanip <IP_ADDRESS>
+      `}
+    />
+
+<p className="mt-4">Fail2Ban will now automatically protect your Proxmox VE and SSH access, reducing the risk of brute-force attacks.</p>
 
-# Check status of SSH protection
-fail2ban-client status ssh-iptables
-        `}
-      />
 
       <section className="mt-12 p-4 bg-blue-100 rounded-md">
         <h2 className="text-xl font-semibold mb-2">Automatic Application</h2>