Stack Overflow
Stack Overflow

Questions tagged [fail2ban]

FAIL2BAN QUESTIONS MUST BE PROGRAMMING RELATED. Fail2ban scans log files and bans IPs that show the malicious signs.

Fail2ban scans log files, like /var/log/apache/error_log, and bans IPs that show the malicious signs. The signs include too many password failures, requesting admin pages, seeking for exploits, etc.

Fail2ban Wiki.

269 questions
53
votes
3 answers

Howto ban IP with Fail2Ban manually by command line?

How do I ban an attacker IP with Fail2Ban manually by command line?
udgru
  • 1,277
  • 5
  • 14
  • 26
16
votes
3 answers

How to implement fail2ban with Traefik

I'm interested in setting up fail2ban with my Traefik deployment. I found a gist that has some snippets in it, but I'm not clear on how to use them. Can anyone fill in the blanks please? Or, is there a better way to implement fail2ban style…
Seffyroff
  • 163
  • 1
  • 1
  • 5
11
votes
2 answers

how to make fail2ban read json docker logs

Is it possible to configure my fail2ban jail.conf to inspect the docker logs instead of mounting the log in the host. for example to set the logpath to the path of the log of the container. Jail.conf: ... #example [nginx-http-auth] enabled =…
Octo
  • 241
  • 2
  • 7
10
votes
3 answers

Fail2ban not sending email notifications

My CentOS server has postfix as MTA and it’s working. When I type the command mail -s "testing" , I receive the email. However, Fail2ban is unable to send emails to my gmail address when an IP gets banned. I’m probably missing some…
GreenTeaTech
  • 423
  • 4
  • 7
  • 16
9
votes
4 answers

SSH "kex_exchange_identification: read: Connection reset by peer"

The setup: Raspberry 3B running Raspbian Stretch 9 on an external HDD and using ZRAM Raspi used as a webserver running LAMP and MERN stacks and accessed remotely via SSH with 1 IDE (Coda for Mac OS) SSH port forwarded by router with static…
PYG
  • 347
  • 1
  • 2
  • 8
9
votes
2 answers

Docker - modifying IPTABLES for host from container

I want to run a docker container with central log and fail2ban service to prevent from dos/ddos attacks. I'm having a problem to run a container with such capabilities that it could also modify the hosts iptables. There is a project…
Maciej Krajewski
  • 101
  • 1
  • 1
  • 3
8
votes
1 answer

Regex for Detecting Complex Attack Strings on Web Sites

I am no genius with Regex but wondered if it is possible to write some kind of Regex pattern to detect these complex attack strings which I am sure many people have seen in their web server logs. These strings change so frequently and I'm sure…
MitchellK
  • 2,322
  • 1
  • 16
  • 25
8
votes
1 answer

High CPU usage 130% of a CPU for fail2ban due to epoch datetime retrieval errors

Persistent overseas network attacks being performed on my system without my permission inclined me to install fail2ban since cphulkd does not ban ips. I am monitoring a few services for unwelcome penetration attempts. Once the service was started, I…
Sever Neacsu MCHub.ca CEO
  • 81
  • 1
  • 2
7
votes
1 answer

fail2ban performance considerations regarding log size, complexity, and finditme settings

I'm new to fail2ban and having a hard time figuring out performance considerations for different configurations I'm thinking about setting up. This is running on a raspberry pi board, so performance is a concern. The obvious optimizations I can…
user4181885
6
votes
2 answers

How to use Fail2ban under Kubernetes?

Until now I'm using Docker for a hand-made hosting solution on single-VPCs, with fail2ban installed on host and watching at Docker logs from Nginx containers (Each server can host multiple websites, served through an Nginx proxy) I wonder how it…
Bazalt
  • 61
  • 1
  • 2
6
votes
1 answer

Setting `maxretry` of fail2ban filter to zero

Is it possible to set the maxretry parameter of a fail2ban filter to 0 so that every IP will be banned instantly? The client does not complain about this setting but it does not seem to ban IPs either. So I just wanted to ask whether this actually…
herhuf
  • 497
  • 3
  • 17
6
votes
1 answer

Secure server with Fail2ban and Docker

I use nginx in a docker container and I can easily share my log file on my nginx docker container with host. The log are on it and work on /var/log/nginx folder. I have install fail2ban on host to check logs files, particulary access.log. I test a…
chadyred
  • 424
  • 1
  • 9
  • 19
6
votes
2 answers

fail2ban apache-auth filter not detecting failed passwords

I'm having trouble getting fail2ban to detect failed apache-auth attempts The filters looks like this: ^%(_apache_error_client)s (AH01617: )?user .* authentication failure for "\S*": Password Mismatch$ ^%(_apache_error_client)s (AH01618: )?user .*…
Miati
  • 405
  • 1
  • 5
  • 13
5
votes
1 answer

Can fail2ban run in a separate docker container while somehow still implement iptables rules for nginx?

I'd like to "containerize" fail2ban in its own container but suspect it's not possible for it to set iptables rules in other containers. For example: to protect an nginx installation, it would need to set iptables rules in the nginx container? And…
rgareth
  • 3,377
  • 5
  • 23
  • 35
5
votes
2 answers

fail2ban custom filter on multiline

Is it possible to catch authentication failure on multiple line with fail2ban regex? Here is the example : Sep 08 11:54:59.207814 afpd[16190] {dsi_tcp.c:241} (I:DSI): AFP/TCP session from 10.0.71.149:53863 Sep 08 11:54:59.209504 afpd[16190]…
bonnemais
  • 51
  • 1
  • 3
1
2 3
17 18