Fail2ban

At SkyLabs I had the surprisingly pleasant experience of configuring fail2ban for a bunch of production servers. What fail2ban simply does is watch log files, match the lines against predefined regex patterns. After a predefined amount of matches for a specific IP, it gets 🔨 banned. The super cool thing about this is that the max retry, and most options may be set globally, but also locally for each “jail”. These jails are just configs for the filters.

Those filters are where the magic happens! It’s configs that describe the regex for matching log lines.

There is also the actions. Actions describe shell commands for performing bans. And extra stuff to also do when banning IPs.