Tag Archives: fail2ban

Automated Banning of IPs with Fail2Ban

What is Fail2Ban?

Fail2Ban is a linux tool that can automatically scan your log file looking for (likely) malicious entries, then implement a ban on the IP generating those errors. From the Fail2Ban homepage – “Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email, or ejecting CD-ROM tray) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, curier, ssh, etc)”

Installing Fail2Ban

sudo apt-get install fail2ban

Configuring Fail2Ban

Fail2Ban FAQ page for further information.