DEV Community

Cover image for Fail2ban
samnang rosady
samnang rosady

Posted on • Edited on

Fail2ban

What is Fail2ban?

Fail2Ban is a free, open-source software tool that protects servers from brute-force attacks and other types of malicious activity. It monitors log files for suspicious activity and blocks IP addresses that are trying to access a server.

Why use Fail2ban?

There are several reasons to use Fail2ban:

  • Prevents brute force attacks on services
  • Reduces server load from automated login attempts
  • Provides an extra layer of security beyond firewalls
  • Notify when there is an IP is ban/unban through SMTP, Webhook

How it works

Image description

  • Fail2Ban scans log files for suspicious activity, such as too many access, failed attempts through access or error files
  • Fail2Ban creates a firewall rule to block the IP address that is causing the suspicious activity
  • The IP address is blocked for a specified amount of time

Basic understanding Fail2ban

Jails:

  • Jails serve as rule sets that dictate the conditions under which an IP address should face a ban which defined by monitoring log files
  • Predefined jail configurations can be found in /etc/fail2ban/jail.conf within Fail2ban

Filters:

  • Filters are instrumental in scrutinizing service logs using regex patterns to identify potentially malicious activities, like intrusion attempts.
  • These filters are typically stored in /etc/fail2ban/filter.d/

Actions:

  • Actions encompass a range of responses, from IP address bans to notifications and the execution of custom scripts
  • Commands outlining ban or unban procedures for IP addresses are typically housed in /etc/fail2ban/action.d/

GitHub Sample Repository ๐Ÿณ

Enjoy you practice ๐ŸŒŸ

Top comments (0)