Fail2ban
| Fail2Ban
|
|
|---|---|
|
|
|
|
| Basic data
|
|
| developer | Cyril Jaquier, Arturo 'Buanzo' Busleiman |
| Publishing year | 2004 |
| Current version |
0.11.1 ( January 11, 2020 ) |
| operating system | Linux / POSIXe with firewall |
| programming language | python |
| category | Intrusion Prevention System |
| License | GPL version 2 ( free software ) |
| www.fail2ban.org | |
Fail2ban (meaning "failure leads to ban") is an intrusion prevention system (framework to prevent break-ins) written in Python , which runs on all POSIX operating systems that have a manipulable packet filter system or a firewall (e.g. iptables under Linux ).
Functionality
The main purpose of fail2ban is to identify and block specific IP addresses that are likely to belong to attackers who want to gain access to the system. fail2ban determines from log files (among other things /var/log/pwdfail, /var/log/auth.logor /var/log/apache2/error.log) IP addresses that were saved in a time frame set by the administrator, e.g. For example, you often try to log in with incorrect passwords or take other dangerous or senseless actions. Usually fail2ban is configured in such a way that it releases blocked addresses again after a certain period of time in order not to block any legitimate connection attempts (for example, if the attacker IP is dynamically assigned to another host). A blocking time of a few minutes is helpful to stop the flooding of the server with malicious connection attempts ( brute force ).
Fail2ban is able to take various actions when a likely malicious IP is detected, for example to block this IP with a rule in iptables or those belonging hosts.denyto TCP wrappers to reject subsequent attacks, email notifications or any custom action that can be run with Python .
The standard configuration includes filters for Apache , Lighttpd , sshd , vsftpd , qmail , Postfix and the Courier Mail Server . Filters are defined by regular expressions that the administrator can easily customize. The combination of filter and action is known as a jail and is capable of blocking malicious hosts. A "jail" can be created for any software that creates log files that can be evaluated with regular expressions. For example, there is a "jail" for the WordPress plugin "Antispam Bee", which already fends off spam attacks on the server level and thus reduces the load on the web server and the database.
See also
Individual evidence
- ↑ Release 0.11.1 . January 11, 2020 (accessed January 12, 2020).
- ↑ Requirements - Fail2ban
- ↑ Features - Fail2ban
- ↑ MANUAL 0 8 - Fail2ban
- ↑ Using fail2ban to Block Brute Force Attacks | MDLog: / sysadmin
- ↑ Debian Package of the Day >> Blog Archive >> Fail2ban: an enemy of script-kiddies ( Memento from March 4, 2008 in the Internet Archive )
- ↑ Some users do not see an alternative solution at present: SLAC Computer Security of Stanford simply states in their recommendations, " Use fail2ban to block ssh and Apache dictionary attacks " Cyber Security Awareness Month Day 19 - Linux Tips. (No longer available online.) SLAC Computer Security, October 19, 2007, archived from the original on October 8, 2009 ; accessed on January 15, 2008 .
- ↑ Security and spam protection: Install and set up Fail2Ban ( Memento from July 13, 2013 in the Internet Archive )