Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

Download the source:

cd /extra/src
tar jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4

Run the installation script. fail2ban will be installed in /usr/share/fail2ban/ and /usr/bin/, configuration files will be in /etc/fail2ban:

./ install

Automatic startup
There's a number of different ways to get fail2ban to start automatically (rc.d/init.d script, rc.local, xinetd). We're going to use daemontools.
If you haven't already, install daemontools.

Create a directory for the fail2ban service:

mkdir -m 1755 /var/service/fail2ban
cd /var/service/fail2ban

Create the run script and make it executable:

echo '#!/bin/sh' > run
echo 'exec 2>&1' >> run
echo 'exec fail2ban-client -f' >> run
chmod 755 run

Our log script comes from John Simpson's:

mkdir -m 755 log
cd log
mv service-any-log-run run
chmod 755 run

Finally, add the service to daemontools by creating the symbolic link in /service

ln -s /var/service/fail2ban /service/fail2ban

Confirm that the service is running:

svstat /service/fail2ban /service/fail2ban/log

Fail2ban and iptables
Analyzing Apache Log Files
Monitoring the fail2ban log
Fail2ban monitoring Fail2ban

Recent Updates

  • 3 months 3 weeks ago
  • 3 months 3 weeks ago
  • 3 months 3 weeks ago
    php 8.x
  • 3 months 3 weeks ago
  • 3 months 4 weeks ago
    Drop Centos 5/6 stuff