fail2ban-regex

ban hosts that cause multiple authentication errors

Install

All systems
curl cmd.cat/fail2ban-regex.sh
Debian Debian
apt-get install fail2ban
Ubuntu
apt-get install fail2ban
Alpine
apk add fail2ban
Arch Arch Linux
pacman -S fail2ban
image/svg+xml Kali Linux
apt-get install fail2ban
Fedora
dnf install fail2ban-server
Windows (WSL2)
sudo apt-get update sudo apt-get install fail2ban
OS X
brew install fail2ban
Raspbian
apt-get install fail2ban
Docker
docker run cmd.cat/fail2ban-regex fail2ban-regex powered by Commando

fail2ban

ban hosts that cause multiple authentication errors

Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email. By default, it comes with filter expressions for various services (sshd, apache, qmail, proftpd, sasl etc.) but configuration can be easily extended for monitoring any other text file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. Following recommends are listed: - iptables/nftables -- default installation uses iptables for banning. nftables is also suported. You most probably need it - whois -- used by a number of *mail-whois* actions to send notification emails with whois information about attacker hosts. Unless you will use those you don't need whois - python3-pyinotify -- unless you monitor services logs via systemd, you need pyinotify for efficient monitoring for log files changes

fail2ban-server

Core server component for Fail2Ban