fail2ban – ban hosts that cause multiple authentication errors

Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email.

By default, it comes with filter expressions for various services (sshd, apache, qmail, proftpd, sasl etc.) but configuration can be easily extended for monitoring any other text file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls.

Package availability chart
Distribution Base version Our version Architectures
Debian GNU/Linux 6.0 (squeeze) 0.8.4-3+squeeze2 0.8.13-1~nd60+1 i386, amd64, sparc
Debian GNU/Linux 7.0 (wheezy) 0.8.6-3wheezy3 0.8.13-1~nd70+1 i386, amd64, sparc
Debian testing (jessie) 0.8.13-1 0.8.13-1~nd80+1 i386, amd64, sparc
Debian unstable (sid) 0.9.1-1 0.8.13-1~nd+1 i386, amd64, sparc
Ubuntu 10.04 LTS “Lucid Lynx” (lucid) 0.8.4-1ubuntu1 0.8.13-1~nd10.04+1 i386, amd64, sparc
Ubuntu 12.04 LTS “Precise Pangolin” (precise) 0.8.6-3 0.8.13-1~nd12.04+1 i386, amd64, sparc
Ubuntu 13.04 “Raring Ringtail” (raring) 0.8.7.1-1 0.8.13-1~nd13.04+1 i386, amd64, sparc
Ubuntu 14.04 “Trusty Tahr” (trusty) 0.8.11-1 0.8.13-1~nd13.10+1+nd14.04+1 i386, amd64, sparc

Comments

blog comments powered by Disqus