fail2ban

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

Installation
Download the source:

cd /extra/src
wget http://voxel.dl.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2 
tar jxf fail2ban-0.8.4.tar.bz2
cd fail2ban-0.8.4

Run the installation script. fail2ban will be installed in /usr/share/fail2ban/ and /usr/bin/, configuration files will be in /etc/fail2ban:

./setup.py install

Automatic startup
There's a number of different ways to get fail2ban to start automatically (rc.d/init.d script, rc.local, xinetd). We're going to use daemontools.
If you haven't already, install daemontools.

Create a directory for the fail2ban service:

mkdir -m 1755 /var/service/fail2ban
cd /var/service/fail2ban

Create the run script and make it executable:

echo '#!/bin/sh' > run
echo 'exec 2>&1' >> run
echo 'exec fail2ban-client -f' >> run
chmod 755 run

Our log script comes from John Simpson's:

mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run

Finally, add the service to daemontools by creating the symbolic link in /service

ln -s /var/service/fail2ban /service/fail2ban

Confirm that the service is running:

svstat /service/fail2ban /service/fail2ban/log

Resources
Fail2ban and iptables
Analyzing Apache Log Files
Monitoring the fail2ban log
Fail2ban monitoring Fail2ban

Recent Updates

  • 4 days 23 hours ago
    1.27.2 update
  • 2 weeks 2 days ago
    Drupal 10/11 config
  • 2 weeks 3 days ago
  • PHP
    2 weeks 3 days ago
    PHP 8.3.11 and AlmaLinux
  • 2 weeks 4 days ago
    New version of Pound