# Administration ## IP Banning fail2ban is sometimes a bit too aggressive. After being fully banned, the ban lasts in the database for about 24 hours. fail2ban is a systemd service and can be restarted via the regular systemctl commands. Run ``` iptables -L f2b-sshd ``` to retrieve a list of all banned IP addresses. You can view a log of fail2ban activity at `/var/log/fail2ban.log` . To unban an IP, run ``` fail2ban-client set sshd unbanip ``` To ignore an IP until the next fail2ban restart, run ``` fail2ban-client set sshd addignoreip ``` To ignore an IP permanent, edit the ignoreip directive in the tjcsl.conf file within the `ras` role on Ansible. You can then deploy the edited file via Ansible. ## Updating {% hint style="warning" %} Please keep in mind the CSL [upgrade guidelines](/policies/upgrade-policy.md) for production systems when deciding whether to upgrade RAS. When in doubt. ask someone more experienced and BACKUP DATA. {% endhint %} The remote access servers are like any other Ubuntu Server and can be upgraded via a regular `apt update && apt upgrade`. It is recommended to upgrade the RAS servers via Ansible and to do so one at a time so that failed upgrades do not completely break access to the Lab. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.tjhsst.edu/services/remote-access/administration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.