Fail2Ban

About

Fail2Ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

News

2006/02/16	Fail2ban 0.6.1 is available. Thanks to everyone who contributed to this release. Look at the ChangeLog for a complete list of changes.
2006/02/11	Quite a lot of news: The Art of Web has a great howto, much better than the poor official Fail2ban documentation. Thanks to them. Fail2ban is now marked as stable in Gentoo Portage. Fail2ban 0.6.1 should be release soon. Gentoo users can test the CVS version with this ebuild. I will start the development of Fail2ban 0.7 in March. You can already look at the planned features here. Nightly snapshots are now available here.
2006/01/03	Happy New Year! Markus Hoffmann has created a Fail2ban addon for Ipcop. Many thanks to him.

2005/11/24	Manuel Arostegui Ramirez has written a spanish howto for Fail2ban. Thanks to him.
2005/11/21	Thanks to Jonathan Kamens, RPM for 0.6.0 is available here. Fail2ban 0.6.0 is now in Portage. Gentoo users can emerge it with ACCEPT_KEYWORDS="~x86" emerge -av fail2ban. Thanks to Marcelo Goes.
2005/11/20	More than 6 months after the first 0.4.x version, a new stable release ( 0.6.0) is available. New features include mail notification, firewall rules in config file, no more log4py dependency, bug fixes, etc. Have a look at the changelog. Many thanks to Yaroslav Halchenko who did a lot of work for this release. It has been well tested and should not contain severe bugs.
2005/11/18	A RPM for 0.5.5 is available here. Thanks to Jonathan Kamens.
2005/10/26	0.5.5 is out. I planned a stable release for september. However, we decided to fix some issues before 0.6. Have a look at the changelog for more informations. I will not promise anymore that this is the last one before stable ;-) Please test it and report any problem. Many thanks to Yaroslav Halchenko who did most of the changes found in this release.
2005/09/13	less than a week after 0.5.3, a new version is out. New features introduced by Debian maintainer, Yaroslav Halchenko, need testing before stable. Please report any issues found in this release.
2005/09/08	version 0.5.3 is available. I hope bug #1256075 is fixed now. This release should be the latest before stable. Please report all the encountered issues.
2005/08/23	Thanks to Yaroslav Halchenko, Fail2ban is now in Debian unstable. A new stable version should be released at the beginning of September.
2005/08/06	version 0.5.2 is available. I hope this one will be the latest before stable. Fail2ban does not depend on log4py anymore. It uses the standard logging module available in Python 2.3. More bugs are fixed.
2005/07/23	version 0.5.1 is available. Log targets are set in the configuration file. Thus, fail2ban output can be redirected to STDOUT, STDERR, one or more files and SYSLOG. Now an iptables chain is created for each section. Some bugs found in 0.5.0 should be fixed too. Please do not forget to remove your previous fail2ban-0.4.x installation before upgrading and to update your configuration file.
2005/07/12	version 0.5.0 is available. This is a development release and has not been well tested yet. Lots of new features are included. If you have good firewall commands, please submit them.
2005/07/06	Thanks to Yaroslav Halchenko, Fail2Ban has a Debian package. I started to add new features and created the FAIL2BAN-0_5 branch. Firewall rules are now set in the configuration file. Thus, you can create multiple rules for each section. You can checkout the sources from CVS.
2005/06/30	version 0.4.1 is available. It mainly corrects a small bug in textToDNS. The configuration file is more readable now and an initd script is available for Gentoo. I would really appreciate initd scripts for others distributions.
2005/04/24	I'm proud to announce the first stable release (0.4.0) of Fail2Ban. There is only one bug fix since 0.3.1.
2005/03/31	version 0.3.1 is available. It supports DNS lookups and scans big log files quicker than in the previous releases.
2005/03/30	Fail2Ban has a logo. Web site update.
2005/02/24	version 0.3.0 of Fail2Ban is available. There is a lot of changes in this release. Fail2Ban can now look for password failures into several log files.
2005/02/23	first version of this website.

Screenshots

Fail2Ban is a console application so screenshots are not really impressive.

ChangeLog

Here is the ChangeLog for the latest version. The full ChangeLog can be found here.

ver. 0.6.1 (2006/03/16) - stable
----------
- Added permanent banning. Set banTime to a negative value to
  enable this feature (-1 is perfect). Thanks to Mannone
- Fixed locale bug. Thanks to Fernando José
- Fixed crash when time format does not match data
- Propagated patch from Debian to fix fail2ban search path
  addition to the path search list: now it is added first.
  Thanks to Nick Craig-Wood
- Added SMTP authentification for mail notification. Thanks
  to Markus Hoffmann
- Removed debug mode as it is confusing for people
- Added parsing of timestamp in TAI64N format (#1275325).
  Thanks to Mark Edgington
- Added patch #1382936 (Default formatted syslog logging).
  Thanks to Patrick Börjesson
- Removed 192.168.0.0/16 from ignoreip. Attacks could also
  come from the local network.
- Robust startup: if iptables module does not get fully
  initialized after startup of fail2ban, fail2ban will do
  "maxreinit" attempts to initialize its own firewall. It
  will sleep between attempts for "polltime" number of
  seconds (closes Debian: #334272). Thanks to Yaroslav
  Halchenko
- Added "interpolations" in fail2ban.conf. This is provided
  by the ConfigParser module. Old configuration files still
  work. Thanks to Yaroslav Halchenko
- Added initial support for hosts.deny and shorewall. Need
  more testing. Please test. Thanks to kojiro from Gentoo
  forum for hosts.deny support
- Added support for vsftpd. Thanks to zugeschmiert

Readme

The latest Readme file can be found here. It contains useful information such as installation process. Please read this file first.

Documentation

Fail2Ban manual and installation instruction are available in the README file and in the configuration file. Man pages are also available in the packages.

Bug reports, feature requests and support can be addressed on the project page at SourceForge.net.

Howto

• Manuel Arostegui Ramirez has written a spanish howto.
• Markus Hoffmann has written an Ipcop howto.
• The Art of Web has written a great howto.

Downloads

Fail2Ban can be downloaded directly from SourceForge.net sites.

Sources	The official releases are available here.
Snapshots	Nightly snapshots are available here.
Gentoo	Fail2Ban is in Portage. Ebuilds are also available here.
Debian	Packages are available here. Thanks to Yaroslav Halchenko
RedHat	RPMs are available here. Thanks to Jonathan Kamens
Ipcop	Addon is available here. Thanks to Markus Hoffmann

Links

Here are some interesting links:

PassKool: PassKool is a deterministic password generator in Python.
Python: the official website for the Python language.
Log4py: log4py is a logging module for python, similar to log4j.
Netfilter: the netfilter/iptables project