>
fail2ban
Protect servers from brute force attacks with Fail2Ban. Use when a user asks to block repeated failed login attempts, protect SSH, secure web servers from brute force, or ban malicious IPs automatically.
#fail2ban#brute-force#ssh#security#firewall
terminal-skillsv1.0.0
Works with:claude-codeopenai-codexgemini-clicursor
Usage
$
✓ Installed fail2ban v1.0.0
Getting Started
- Install the skill using the command above
- Open your AI coding agent (Claude Code, Codex, Gemini CLI, or Cursor)
- Reference the skill in your prompt
- The AI will use the skill's capabilities automatically
Example Prompts
- "Deploy the latest build to the staging environment and run smoke tests"
- "Check the CI pipeline status and summarize any recent failures"
Documentation
Overview
Fail2Ban monitors log files for failed authentication attempts and bans offending IPs using iptables/nftables. Protects SSH, Nginx, Apache, Postfix, and any service with log-based authentication.
Instructions
Step 1: Install
bash
sudo apt install fail2ban
sudo systemctl enable fail2ban
Step 2: Configure
ini
# /etc/fail2ban/jail.local — Custom configuration (never edit jail.conf)
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
banaction = iptables-multiport
[sshd]
enabled = true
port = ssh
maxretry = 3
bantime = 24h
[nginx-http-auth]
enabled = true
port = http,https
maxretry = 5
[nginx-botsearch]
enabled = true
port = http,https
maxretry = 2
bantime = 7d
Step 3: Monitor
bash
sudo fail2ban-client status # list active jails
sudo fail2ban-client status sshd # show banned IPs
sudo fail2ban-client set sshd unbanip 1.2.3.4 # unban
sudo fail2ban-client set sshd banip 5.6.7.8 # manual ban
Guidelines
- Always create jail.local — jail.conf gets overwritten on updates.
- Start conservative: 5 retries, 1h ban. Adjust based on logs.
- For modern alternative with community threat sharing, consider CrowdSec.
- Use
fail2ban-regexto test custom filters before deploying.
Information
- Version
- 1.0.0
- Author
- terminal-skills
- Category
- DevOps
- License
- Apache-2.0