Fail2Ban as protection against brute-force attacks

Fail2ban is a well-known software to protect linux based system against brute force attacks.
It scans log files and bans IP Addresses that show the malicious signs -- too many password failures, seeking for exploits, etc.

Supported Platforms

Fail2ban supports only linux-based systems like: Debian, Ubuntu, Red Hat/CentOS, FreeBSD, Mac OS X and others.


Fail2ban bans Ip Addresses that makes brute force against popular services on servers:

  • SSH
  • Apache
  • exim
  • mysql
  • nginx
  • ftp
  • etc...

Basic installation

Basic installation is very simple.


apt-get install fail2ban
yum install fail2ban

See Fail2ban official documentation to install on other platforms.

That's it. Fail2ban protection works.

Dhound Integration

Dhound Linux agent by default will analyze fail2ban activity log (/var/log/fail2ban.log) and visualize it on security dashboards.

See Also

Published on Apr 12, 2017