Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. It does this by monitoring system logs for repeated failed login attempts and blocking the offending IP addresses. This guide will cover the most important Fail2Ban commands and provide explanations to help you learn and effectively manage your server’s security.
Table of Contents
Basic Commands
These commands allow you to manage the Fail2Ban server and the jails it contains.
Starting and Stopping
Start
Command:
fail2ban-client start
This command starts the Fail2Ban server and all the configured jails.
Reload
Commands:
fail2ban-client reload
fail2ban-client reload <JAIL>
The first command reloads the entire Fail2Ban configuration. The second command reloads the configuration for the specified jail.
Stop
Command:
fail2ban-client stop
This command stops all jails and terminates the Fail2Ban server.
Status
Command:
fail2ban-client status
This command retrieves the current status of the Fail2Ban server, including the active jails and their details.
Ping
Command:
fail2ban-client ping
This command tests if the Fail2Ban server is alive and responsive.
Help
Command:
fail2ban-client help
This command returns the help output, which includes a list of available commands and their descriptions.
Logging Commands
These commands manage the logging level and target for Fail2Ban.
Logging Configuration
Set Log Level
Command:
fail2ban-client set loglevel <LEVEL>
This command sets the logging level to the specified level. Levels include CRITICAL, ERROR, WARNING, NOTICE, INFO, and DEBUG.
Get Log Level
Command:
fail2ban-client get loglevel
This command retrieves the current logging level.
Set Log Target
Command:
fail2ban-client set logtarget <TARGET>
This command sets the logging target to the specified target. The target can be STDOUT, STDERR, SYSLOG, or a file.
Get Log Target
Command:
fail2ban-client get logtarget
This command retrieves the current logging target.
Flush Logs
Command:
fail2ban-client flushlogs
This command flushes the log target if it’s a file and reopens it, which is useful for log rotation.
Database Commands
These commands manage the Fail2Ban persistent datastore.
Database Configuration
Set Database File
Command:
fail2ban-client set dbfile <FILE>
This command sets the location of the Fail2Ban persistent datastore. Set to “None” to disable the datastore.
Get Database File
Command:
fail2ban-client get dbfile
This command retrieves the location of the Fail2Ban persistent datastore.
Set Database Purge Age
Command:
fail2ban-client set dbpurgeage <SECONDS>
This command sets the maximum age (in seconds) that the history of bans will be kept in the datastore.
Get Database Purge Age
Command:
fail2ban-client get dbpurgeage
This command retrieves the maximum age (in seconds) that the history of bans is kept in the datastore.
Jail Control Commands
These commands allow you to manage the jails in Fail2Ban.
Jail Management
Add Jail
Command:
fail2ban-client add <JAIL> <BACKEND>
This command creates a new jail with the specified name and backend.
Start Jail
Command:
fail2ban-client start <JAIL>
This command starts the specified jail.
Stop Jail
Command:
fail2ban-client stop <JAIL>
This command stops the specified jail and removes it from the active list.
Status Jail
Command:
fail2ban-client status <JAIL>
This command retrieves the current status of the specified jail, including the number of banned IP addresses and other details.
Jail Configuration Commands
These commands allow you to configure the settings of individual jails.
Basic Jail Configuration
Set Jail Idle State
Command:
fail2ban-client set <JAIL> idle on/off
This command sets the idle state of the specified jail. When the idle state is “on”, the jail will not be started automatically.
Set Jail Ignore IP
Commands:
fail2ban-client set <JAIL> addignoreip <IP>
fail2ban-client set <JAIL> delignoreip <IP>
The first command adds the specified IP address to the ignore list of the specified jail. The second command removes the specified IP address from the ignore list of the specified jail.
Set Jail Log Path
Commands:
fail2ban-client set <JAIL> addlogpath <FILE> ['tail']
fail2ban-client set <JAIL> dellogpath <FILE>
The first command adds the specified file to the monitoring list of the specified jail, optionally starting at the ‘tail’ of the file (default ‘head’). The second command removes the specified file from the monitoring list of the specified jail.
Set Jail Log Encoding
Command:
fail2ban-client set <JAIL> logencoding <ENCODING>
This command sets the log file encoding for the specified jail.
Advanced Jail Configuration
These commands provide advanced configuration options for the specified jail, allowing you to manage various settings such as failregex, ignoreregex, findtime, bantime, datepattern, usedns, banip, unbanip, maxretry, and maxlines.
Set Jail Fail Regex
Command:
fail2ban-client set <JAIL> addfailregex <REGEX>
This command adds a regular expression <REGEX>
that matches failures for the specified jail.
Command:
fail2ban-client set <JAIL> delfailregex <INDEX>
This command removes the failregex regular expression at the specified <INDEX>
.
Set Jail Ignore Regex
Command:
fail2ban-client set <JAIL> addignoreregex <REGEX>
This command adds a regular expression <REGEX>
that matches patterns to ignore for the specified jail.
Command:
fail2ban-client set <JAIL> delignoreregex <INDEX>
This command removes the ignoreregex regular expression at the specified <INDEX>
.
Set Jail Find Time
Command:
fail2ban-client set <JAIL> findtime <TIME>
This command sets the number of seconds <TIME>
for which the filter will look back for the specified jail.
Set Jail Ban Time
Command:
fail2ban-client set <JAIL> bantime <TIME>
This command sets the number of seconds <TIME>
a host will be banned for the specified jail.
Set Jail Date Pattern
Command:
fail2ban-client set <JAIL> datepattern <PATTERN>
This command sets the <PATTERN>
used to match date/times for the specified jail.
Set Jail Use DNS
Command:
fail2ban-client set <JAIL> usedns <VALUE>
This command sets the usedns mode for the specified jail.
Manually Ban and Unban IPs
Command:
fail2ban-client set <JAIL> banip <IP>
This command manually bans the specified <IP>
for the specified jail.
Command:
fail2ban-client set <JAIL> unbanip <IP>
This command manually unbans the specified <IP>
for the specified jail.
Set Jail Max Retry
Command:
fail2ban-client set <JAIL> maxretry <RETRY>
This command sets the number of failures <RETRY>
before banning the host for the specified jail.
Set Jail Max Lines
Command:
fail2ban-client set <JAIL> maxlines <LINES>
This command sets the number of <LINES>
to buffer for regex search for the specified jail.
Jail Information Commands
These commands allow you to retrieve information about individual jails.
Jail Information Retrieval
Get Jail Log Path
Command:
fail2ban-client get <JAIL> logpath
This command retrieves the list of monitored files for the specified jail.
Get Jail Log Encoding
Command:
fail2ban-client get <JAIL> logencoding
This command retrieves the encoding of the log files for the specified jail.
Get Jail Journal Match
Command:
fail2ban-client get <JAIL> journalmatch
This command retrieves the journal filter match for the specified jail.
Get Jail Ignore IP
Command:
fail2ban-client get <JAIL> ignoreip
This command retrieves the list of ignored IP addresses for the specified jail.
Get Jail Ignore Command
Command:
fail2ban-client get <JAIL> ignorecommand
This command retrieves the ignore command of the specified jail.
Get Jail Fail Regex
Command:
fail2ban-client get <JAIL> failregex
This command retrieves the list of regular expressions that match failures for the specified jail.
Get Jail Ignore Regex
Command:
fail2ban-client get <JAIL> ignoreregex
This command retrieves the list of regular expressions that match patterns to ignore for the specified jail.
Get Jail Find Time
Command:
fail2ban-client get <JAIL> findtime
This command retrieves when the filter will look back for failures for the specified jail.
Get Jail Ban Time
Command:
fail2ban-client get <JAIL> bantime
This command retrieves the time a host is banned for the specified jail.
Get Jail Date Pattern
Command:
fail2ban-client get <JAIL> datepattern
This command retrieves the pattern used to match the date and time for the specified jail.
Get Jail Use DNS
Command:
fail2ban-client get <JAIL> usedns
This command retrieves the usedns setting for the specified jail.
Get Jail Max Retry
Command:
fail2ban-client get <JAIL> maxretry
This command retrieves the number of failures allowed for the specified jail.
Get Jail Max Lines
Command:
fail2ban-client get <JAIL> maxlines
This command retrieves the number of lines to buffer for the specified jail.
Get Jail Actions
Command:
fail2ban-client get <JAIL> actions
Conclusion
By mastering the Fail2Ban commands covered in this guide, you will be well-equipped to effectively manage and configure Fail2Ban to protect your Linux server. As a next step, consider exploring the Fail2Ban documentation and community resources to expand your knowledge further.
Further Learning Resources
- Fail2Ban official website: https://www.fail2ban.org/
- Fail2Ban GitHub repository: https://github.com/fail2ban/fail2ban
- Fail2Ban community forum: https://github.com/fail2ban/fail2ban/discussions