# fail2ban/fail2ban

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/fail2ban-fail2ban).**

17,993 stars · 1,478 forks · Python · NOASSERTION

## Links

- GitHub: https://github.com/fail2ban/fail2ban
- Homepage: http://www.fail2ban.org
- awesome-repositories: https://awesome-repositories.com/repository/fail2ban-fail2ban.md

## Topics

`anti-bot` `attack-prevention` `ban-hosts` `ban-management` `bsd` `fail2ban` `gplv2` `hids` `ids` `intrusion-detection` `intrusion-prevention` `ips` `linux` `loganalyzer` `macos` `monitoring` `python` `security` `security-tools`

## Description

Fail2ban is an intrusion prevention system that monitors system log files to detect malicious activity and automatically enforce security policies. By parsing log data in real time, the tool identifies patterns of unauthorized access or repeated authentication failures and responds by dynamically updating network access control lists to restrict offending sources.

The software functions as a firewall automation tool that maintains stateful tracking of suspicious behavior across various network services. It utilizes a regex-driven pattern matching engine to identify specific attack signatures, allowing administrators to define custom filter criteria for different services. This approach enables the automated mitigation of brute force attacks and credential stuffing attempts by temporarily banning hosts that exceed configurable security thresholds.

The system architecture decouples event detection from the execution of blocking commands, ensuring that security responses do not impact overall system performance. It employs a firewall-abstraction layer to translate these security bans into system-level commands, supporting integration with various packet filtering tools to harden Linux server environments.

## Tags

### Security & Cryptography

- [Intrusion Prevention Systems](https://awesome-repositories.com/f/security-cryptography/intrusion-prevention-systems.md) — Monitors system logs for malicious activity and automatically updates firewall rules to block offending IP addresses. ([source](https://fail2ban.readthedocs.io/))
- [Firewall Management](https://awesome-repositories.com/f/security-cryptography/firewall-management.md) — Automates firewall management by dynamically banning hosts that exceed defined thresholds for suspicious behavior.
- [Brute Force Protections](https://awesome-repositories.com/f/security-cryptography/brute-force-protections.md) — Automatically blocks IP addresses showing repeated failed login attempts to prevent brute force and credential stuffing.
- [Intrusion Detection Systems](https://awesome-repositories.com/f/security-cryptography/intrusion-detection-systems.md) — Enables the definition of custom log parsing patterns to detect and respond to unique attack signatures.
- [Network Access Controls](https://awesome-repositories.com/f/security-cryptography/network-access-controls.md) — Manages temporary firewall bans for malicious hosts to protect the network perimeter and maintain system integrity.
- [Network Access Restrictions](https://awesome-repositories.com/f/security-cryptography/network-access-restrictions.md) — Restricts network access for specific IP addresses by updating firewall rules after detecting repeated authentication failures. ([source](https://cdn.jsdelivr.net/gh/fail2ban/fail2ban@master/README.md))
- [Log-Based Scanners](https://awesome-repositories.com/f/security-cryptography/security-scanners/log-based-scanners.md) — Parses system logs using regular expressions to detect unauthorized access attempts and enforce automated security policies.
- [Linux Security Hardening](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/linux-security-hardening.md) — Hardens Linux server environments by dynamically updating firewall rules based on real-time log analysis.
- [Custom Pattern Matchers](https://awesome-repositories.com/f/security-cryptography/custom-detection-rules/custom-pattern-matchers.md) — Allows administrators to define custom regular expression patterns to identify and respond to specific attack signatures. ([source](https://fail2ban.readthedocs.io/))
- [Security Configurations](https://awesome-repositories.com/f/security-cryptography/security-configurations.md) — Provides configuration settings to define security thresholds and ban durations for individual services. ([source](https://fail2ban.readthedocs.io/fail2ban.server.html))

### Networking & Communication

- [IP Address Filters](https://awesome-repositories.com/f/networking-communication/network-reliability-diagnostics/network-filtering/ip-address-filters.md) — Updates firewall rules to block network traffic from specific IP addresses that exceed suspicious behavior thresholds. ([source](https://fail2ban.readthedocs.io/))

### Part of an Awesome List

- [Monitoring and Process Control](https://awesome-repositories.com/f/awesome-lists/devops/monitoring-and-process-control.md) — Daemon to block hosts based on repeated authentication failures.
- [Security And Hardening](https://awesome-repositories.com/f/awesome-lists/security/security-and-hardening.md) — Daemon for banning hosts based on authentication failures.
- [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — Daemon for banning hosts based on authentication errors.

### System Administration & Monitoring

- [Log Analysis](https://awesome-repositories.com/f/system-administration-monitoring/logging-and-telemetry/log-analysis.md) — Parses system log files in real time to identify patterns of malicious activity using regular expressions.
- [File System Monitors](https://awesome-repositories.com/f/system-administration-monitoring/file-system-monitors.md) — Parses system log files in real time to detect unauthorized access attempts and maintain system security. ([source](https://fail2ban.readthedocs.io/fail2ban.server.html))
- [Regex Parsers](https://awesome-repositories.com/f/system-administration-monitoring/logging-and-telemetry/log-analysis/regex-parsers.md) — Uses configurable regular expressions to extract attack signatures and authentication failures from log streams.
- [System Logging](https://awesome-repositories.com/f/system-administration-monitoring/system-logging.md) — Collects and monitors system logs to identify patterns of malicious activity and repeated failed login attempts. ([source](https://fail2ban.readthedocs.io/fail2ban.html))

### Software Engineering & Architecture

- [State Management](https://awesome-repositories.com/f/software-engineering-architecture/state-management.md) — Maintains stateful tracking of failed authentication attempts per host to enforce security thresholds.
- [Abstraction Layers](https://awesome-repositories.com/f/software-engineering-architecture/abstraction-layers.md) — Provides an abstraction layer to translate security bans into system-level commands for various packet filtering tools.