fail2ban
by fail2ban
Fail2Ban is a daemon that monitors log files and bans IP addresses exhibiting multiple authentication failures by updating firewall rules.
Daemon to ban hosts that cause multiple authentication errors
Primary Use Case
Fail2Ban is primarily used to protect servers and endpoints from brute-force attacks by automatically banning IPs that generate repeated failed login attempts. System administrators and security professionals deploy it to enhance endpoint security and reduce unauthorized access risks by automating firewall management based on log analysis.
- Monitors various log files for authentication failures
- Automatically bans IP addresses with multiple failed login attempts
- Updates system firewall rules to reject malicious IPs temporarily
- Supports IPv6 address matching since version 0.10
- Pre-configured to work with common services like sshd and Apache
- Highly configurable to monitor custom log files and error patterns
- Provides CLI tools for management and configuration
- Supports integration with systemd and other Linux init systems
Installation
- Ensure Python >= 3.5 or PyPy3 is installed
- Install python-setuptools or python3-setuptools for source installation
- Optionally install pyinotify >= 0.8.3 for Linux kernel >= 2.6.13 support
- Optionally install systemd >= 204 and python-systemd bindings
- Optionally install dnspython, pyasyncore, and pyasynchat for Python 3.12+
- Download and extract the source tarball: tar xvfj fail2ban-master.tar.bz2
- Change directory to extracted folder: cd fail2ban-master
- Run installation: sudo python setup.py install
- Alternatively, clone the repository: git clone https://github.com/fail2ban/fail2ban.git
- Change directory to cloned repo: cd fail2ban
Usage
>_ fail2ban-client -hDisplays help information and verifies Fail2Ban installation
>_ fail2ban-client versionShows the installed Fail2Ban version
>_ service fail2ban startStarts the Fail2Ban service after installation
- Integrate Fail2Ban with SIEM tools to automate alerting and incident response workflows.
- Customize filters to detect and block emerging brute-force patterns beyond default services.
- Deploy Fail2Ban on critical endpoints and servers to reduce attack surface from automated attacks.
- Combine Fail2Ban with multi-factor authentication to strengthen defense-in-depth strategies.
- Use Fail2Ban logs to feed threat intelligence platforms for broader network defense correlation.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about fail2ban. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
rustdesk
rustdesk/rustdesk
An open-source remote desktop application designed for self-hosting, as an alternative to TeamViewer.
osquery
osquery/osquery
SQL powered operating system instrumentation, monitoring, and analytics.
macOS-Security-and-Privacy-Guide
drduh/macOS-Security-and-Privacy-Guide
Community guide to securing and improving privacy on macOS.
How-To-Secure-A-Linux-Server
imthenachoman/How-To-Secure-A-Linux-Server
An evolving how-to guide for securing a Linux server.
Atlas
Atlas-OS/Atlas
🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.
HackBrowserData
moonD4rk/HackBrowserData
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).