====== Introduction ======
Fail2ban scans log files and bans IPs that show malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
====== Links ======
===== General =====
[[http://www.fail2ban.org/]]\\
====== Docs ======
FIXME
====== Files and Directories ======
FIXME
===== General Files and Directories =====
FIXME
===== Configuration Files =====
FIXME
====== Getting Help ======
//Fail2Ban// client manual pages:
user@host:~$ man fail2ban-client
//Fail2Ban// server manual pages:
user@host:~$ man fail2ban-server
//Fail2Ban// regular expression manual pages:
user@host:~$ man fail2ban-regex
====== Install ======
To install //Fail2Ban// on Debian:
root@host:~$ apt-get update
root@host:~$ apt-get -y install fail2ban
====== Configuration ======
FIXME
====== Usage ======
===== Status Check =====
To check the status of //Fail2Ban//:
root@host:~$ ps -ef | grep fail2ban
root 6573 1 0 20:20 ? 00:00:00 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
root@host:~$ fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: ssh
root@host:~$ fail2ban-client status ssh
Status for the jail: ssh
|- filter
| |- File list: /var/log/auth.log
| |- Currently failed: 0
| `- Total failed: 0
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
root@host:~$ iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22
[...]
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
====== Recipies ======
FIXME
====== Known Issues ======
* //Fail2ban// is currently missing support for IPv6. <