fail2ban is a Python-based intrusion prevention software that can protect various services on Linux. It works by analyzing system and application log files (e.g., /var/log/auth.log, /var/log/apache/error_log) and taking actions if any abnormal activities are detected from the logs. To identify potential attack attempts, fail2ban relies on regular expression based filters. These filters can be enabled and customized to detect various attacks on different services, for example, brute-force SSH attacks from botnets, password-guessing attacks on web/FTP/database servers, webmail phishing attacks, port scanning attacks, etc. Upon detecting suspicious activities, fail2ban automatically blocks offending IP addresses using netfilter/iptables or TCP wrappers (/etc/hosts.deny) for user-configurable amount of time, with optional email notifications.
- How to protect SSH server from brute force attacks using fail2ban
- How to configure fail2ban to protect Apache HTTP server
Subscribe to Xmodulo List
Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.