Fail2Ban

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.

installation

First, you need to install Fail2Ban. For Redhat/Fedora use yum.

yum install fail2ban

CentOS: fail2ban is not available from CentOS. It will have to be manually downloaded. You can get it from EPEL, the Fedora repository.

 wget http://mirror.pnl.gov/epel//6/i386/fail2ban-0.8.11-2.el6.noarch.rpm
 rpm -ih --percent fail2ban-0.8.11-2.el6.noarch.rpm

You might have some dependencies to install, like

 yum install gamin-python
 wget http://mirror.pnl.gov/epel//6/i386/python-inotify-0.9.1-1.el6.noarch.rpm
 rpm -ih --percent python-inotify-0.9.1-1.el6.noarch.rpm

These are the most common 2 needed for CentOS users. Get them and any others possibly needed then try to install fail2ban again. Additional help is available for RPM Commands.

ALL LINUX DISTRIBUTIONS - Fail2ban is written in Python, thus no compilation is required. You can even run Fail2ban without installing it. It can always be obtained directly from http://www.fail2ban.org

configuration

parameters

Action describes the steps that fail2ban will take to ban a matching IP address. Just like the filter entry, each action refers to a file within the action.d directory. The default ban action,

/etc/fail2ban/action.d/iptables.conf

log path refers to the log location that fail2ban will track.

resources

Note: This page is notably incomplete. You can help. Please contribute by registering your email address and adding your knowledge to this page. The D.U.C.K. wiki was created to be a free informative place that allows an open exchange of accurate information. Learn more...