fail2ban

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

Installation
Download the source:

cd /extra/src
wget http://voxel.dl.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2 
tar jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4

Run the installation script. fail2ban will be installed in /usr/share/fail2ban/ and /usr/bin/, configuration files will be in /etc/fail2ban:

./setup.py install

Automatic startup
There's a number of different ways to get fail2ban to start automatically (rc.d/init.d script, rc.local, xinetd). We're going to use daemontools.
If you haven't already, install daemontools.

Create a directory for the fail2ban service:

mkdir -m 1755 /var/service/fail2ban
cd /var/service/fail2ban

Create the run script and make it executable:

echo '#!/bin/sh' > run
echo 'exec 2>&1' >> run
echo 'exec fail2ban-client -f' >> run
chmod 755 run

Our log script comes from John Simpson's:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Finally, add the service to daemontools by creating the symbolic link in /service

ln -s /var/service/fail2ban /service/fail2ban

Confirm that the service is running:

svstat /service/fail2ban /service/fail2ban/log

Resources
Fail2ban and iptables
Analyzing Apache Log Files
Monitoring the fail2ban log
Fail2ban monitoring Fail2ban

Recent Updates

  • PHP
    1 year 7 months ago
    PHP 7.4
  • 1 year 7 months ago
    MariaDB 10.4.12
  • 1 year 7 months ago
    Dovecot 2.3.10
  • 1 year 7 months ago
    CentOS 6 revisions
  • 1 year 7 months ago
    Copy of the revision from Wed, 08/22/2018 - 13:39.