Fail2ban » History » Version 1
Manu Mei-Singh, 01/25/2025 12:59 PM
| 1 | 1 | Manu Mei-Singh | h1. Fail2ban |
|---|---|---|---|
| 2 | |||
| 3 | Taken from the "official readme":https://github.com/fail2ban/fail2ban : |
||
| 4 | |||
| 5 | *Fail2Ban* scans log files like */var/log/auth.log* and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish. |
||
| 6 | |||
| 7 | Fail2ban should be installed on all servers. |
||
| 8 | If it is not installed you can follow the directions for installing Fail2ban on debian that live in the "Wiki VPS_Setup_and_Configuration":https://redmine.palantetech.coop/projects/pt/wiki/VPS_Setup_and_Configuration |
||
| 9 | On all servers it should at least have default configuration and SSH enabled |
||
| 10 | |||
| 11 | h2. File Structure |
||
| 12 | |||
| 13 | * conf file (fail2ban.conf, Fail2Ban global configuration (such as logging) ) |
||
| 14 | * filters (filter.d directory, filter.d/*.conf) |
||
| 15 | ** Filters specifying how to detect authentication failures |
||
| 16 | * Actions (action.d/*.conf) |
||
| 17 | ** Actions defining the commands for banning and unbanning of IP address |
||
| 18 | * Jails (jail directory jail.d , jail.conf) |
||
| 19 | ** Jails defining combinations of Filters with Actions. |
||
| 20 | * regular expressions are for matching log files |
||
| 21 | |||
| 22 | |||
| 23 | h2. References: |
||
| 24 | |||
| 25 | "Fail2ban Jail man pages":https://manpages.debian.org/testing/fail2ban/jail.conf.5.en.html |
||
| 26 | |||
| 27 | "Fail2ban-client man pages":https://manpages.debian.org/testing/fail2ban/fail2ban-client.1.en.html |