Fail2ban (LinuxServer.io)
Monitor server logs for repeated failed login attempts. Automatically update firewall rules to ban offending IP addresses and secure your services.
Protect your server from brute-force attacks by automatically monitoring log files for malicious activity. This intrusion prevention framework scans logs from services like SSH and Apache to identify IP addresses that show signs of an attack, such as repeated password failures. Once an offending IP is detected, it is banned for a configurable period by updating your system's firewall rules.
This tool provides an essential layer of security by stopping attackers before they can gain access. It is highly customizable, allowing you to create your own rules and filters for any application that produces a log file. Key capabilities include:
- Real-time log monitoring: Scans specified log files as they are updated.
- Automated IP blocking: Updates firewall rules to reject connections from malicious hosts.
- Customizable rules: Comes with pre-built filters and allows for easy creation of new ones.
- Configurable thresholds: Set the number of failed attempts and the duration of the ban.
- IPv6 support: Protects both IPv4 and IPv6 networks from unwanted traffic.
While it significantly reduces the rate of unauthorized login attempts, it is best used in conjunction with strong authentication policies for comprehensive security.
Directory Structure
docker-compose.yml
services:
fail2ban:
image: linuxserver/fail2ban:latest
container_name: fail2ban
network_mode: "host"
cap_add:
- NET_ADMIN
- NET_RAW
environment:
- TZ=UTC
- F2B_LOG_TARGET=STDOUT
- F2B_LOG_LEVEL=INFO
- F2B_DB_PURGE_AGE=1d
- SSMTP_HOST=smtp.example.com
- SSMTP_PORT=587
- SSMTP_USER=admin
- SSMTP_PASSWORD=${SSMTP_PASSWORD}
- SSMTP_TLS=YES
volumes:
- ./data:/data
- /var/log:/var/log:ro
restart: unless-stopped
.env
SSMTP_PASSWORD=your_super_secret_smtp_password
Tags:
Similar to Fail2ban (LinuxServer.io)