Fail2Ban is a security tool designed to protect servers from malicious activity by monitoring system logs and automatically banning suspicious IP addresses. This cheat sheet provides essential Fail2Ban commands for configuration, monitoring, and management.
Introduction:
Fail2Ban is widely used to enhance server security by preventing brute-force attacks, unauthorized access, and other malicious activities. It works by monitoring system logs for specific patterns and taking action, such as blocking IP addresses, when suspicious activity is detected.
Basic Commands:
Command
Description
fail2ban-client status
Display the overall status of Fail2Ban.
fail2ban-client reload
Reload Fail2Ban configuration without restarting.
fail2ban-client stop
Stop Fail2Ban service.
fail2ban-client start
Start Fail2Ban service.
Listing and Displaying Information:
Command
Description
fail2ban-client status [jail]
Display status information for a specific jail.
fail2ban-client status --verbose
Display detailed status information.
fail2ban-client show [jail]
Display configuration settings for a specific jail.
Manipulating Jails:
Command
Description
fail2ban-client set [jail] addignoreip [IP]
Add an IP address to the ignore list for a jail.
fail2ban-client set [jail] delignoreip [IP]
Remove an IP address from the ignore list for a jail.
fail2ban-client set [jail] banip [IP]
Manually ban an IP address in a specific jail.
fail2ban-client set [jail] unbanip [IP]
Unban a manually banned IP address in a jail.
Configuring Fail2Ban:
Command
Description
fail2ban-client set [jail] enabled true/false
Enable or disable a specific jail.
fail2ban-client set [jail] bantime [seconds]
Set the ban time for a specific jail in seconds.
fail2ban-client set [jail] findtime [seconds]
Set the find time for a specific jail in seconds.
fail2ban-client set [jail] maxretry [attempts]
Set the maximum number of retry attempts for a jail.
Monitoring Logs:
Command
Description
fail2ban-client set [jail] logpath [path]
Set the log file path for a specific jail.
fail2ban-client set [jail] logfile [file]
Set the log file name for a specific jail.
fail2ban-client set [jail] findtime [seconds]
Set the find time for a specific jail in seconds.
fail2ban-client set [jail] maxretry [attempts]
Set the maximum number of retry attempts for a jail.
Miscellaneous:
Command
Description
fail2ban-client ping
Check if the Fail2Ban server is responsive.
fail2ban-client reload [jail]
Reload configuration and restart a specific jail.
fail2ban-client unban --all
Unban all IP addresses across all jails.
Conclusion
Fail2Ban is a powerful tool for enhancing server security, and this cheat sheet provides essential commands for configuration, monitoring, and management. Whether you need to check the status, manipulate jails, or configure settings, these commands will help you effectively use Fail2Ban to protect your system from malicious activities.