Fail2ban

Fail2ban ( mutatis mutandis to German: "failure leading to spell" ) is a program written in Python Intrusion Prevention System ( Framework for the prevention of break-ins ), that runs on all POSIX operating systems that possess a manipulable packet filter system or a firewall (eg. iptables on Linux).

Functionality

The main purpose of fail2ban is determining and blocking specific IP addresses that are likely to attackers who wish to gain access to the system. fail2ban determined from log files ( and Others / var / log / pwdfail, / var / log / auth.log or / var/log/apache2/error.log ) IP addresses in a scheduled time frame by the administrator z trying. B. often, to register or perform any other dangerous or pointless actions with incorrect passwords. Normally fail2ban is configured so that it blocked addresses after a certain time frees to block any legitimate connection attempts ( for example, if the attacker IP is dynamically assigned to another host ). As helpful applies a blocking time of a few minutes to stop the flooding of the server with malicious connection attempts.

Fail2ban is able to perform various actions when a probably malicious IP was discovered, with a rule to block, for example, this IP in iptables, or belonging to TCP Wrappers hosts.deny to reject subsequent attacks, e- mail notifications or each custom action that can be performed with Python.

The default configuration includes filters for Apache, Lighttpd, sshd, vsftpd, qmail, Postfix and Courier Mail Server. Filters are defined by regular expressions, which can be easily customized by the administrator. The combination of filter and action is referred to as jail ( prison ) and is able to block malicious hosts. A " jail" can be created for any software created which allow the log files to evaluate regular expressions. For example exists for the WordPress plugin " Antispam Bee " a " jail", which already fending spam attacks on the server level, thus reducing the load on the web server and the database.