Fail2Ban: ban hosts that cause multiple authentication errors
Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easily configured to read any log file of your choosing, for any error you wish.
Though Fail2Ban is able to reduce the rate of incorrect authentication attempts, it cannot eliminate the risk presented by weak authentication. Set up services to use only two factor, or public/private authentication mechanisms if you really want to protect services.
 Homepage
 Download
Recent Releases
1.1.024 Mar 2025 13:46
major feature:
Compatibility: The minimum supported python version is now 3.5, if you have previous python version. You can use the 0.11 or 1.0 version of fail2ban or upgrade python (or even build it from source). : Circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438). Avoid sporadic error in pyinotify backend if pending file deleted in other thread, e. g. by flushing logs (gh-3635). `action.d/cloudflare-token.conf` - gh-3479, url-encode args by unban. `action.d/*ipset*`: make `maxelem` ipset option configurable through banaction arguments (gh-3564). `filter.d/apache-common.conf` - accepts remote besides client (gh-3622). `filter.d/mysqld-auth.conf` - matches also if no sufin message (mariadb 10.3 log format, gh-3603). `filter.d/nginx-*.conf` - nginx error-log filters extended with support of journal format (gh-3646). `filter.d/post.conf`: - "rejected" rule extended to match "Access denied" too (gh-3474). Avoid double counting ('lost connection after AUTH' together with message 'disconnect...', gh-3505). Add Sender address rejected: Malformed DNS server reply (gh-3590). Add to postsyslog daemon format (gh-3690). Change journalmatch post, allow sub-units with post@-.service (gh-3692). `filter.d/recidive.conf`: support for systemd-journal, conditional RE depending on logtype (for file or journal, gh-3693). `filter.d/slapd.conf` - filter rewritten for single-line processing, matches errored result without `text=...` (gh-3604). New Features and Enhancements: Supports python 3.12 and 3.13 (gh-3487). Bundling async modules removed in python 3.12+ (fallback to local libraries pyasyncore/pyasynchat if import would miss them, gh-3487). `fail2ban-client` extended (gh-2975): - `fail2ban-client status --all flavor ` - returns status of fail2ban and all jails in usual form. - `fail2ban-client stats` - returns statistic in form of table (jail, backend, found and banned counts). - `fail2ban-client statistic` or `fail2ban-client statistics` - same as `f
| 
luzpaz