This project aims to enable Fail2Ban instances on individual systems to push the ban information of each jail to a central database allowing other systems to pull the bans to their own system.
Example: This would then mean if Alice and Bob both share their bans and Charlie was locked out from Alice's system for too many incorrect details, Charlie would then be banned from Bob's system.
By default systems will only be provided a list of bans that do not originate from themselves, for instance, Alice will not be given their own ban list back; however if Bob bans the same address at the same time (for example, a automated simultaneous attack) then Alice will be given the same address back as Bob banned it too.
Fail2Ban Filters can still be applied meaning the sharing method is as robust as a standard Fail2Ban deployment.
We welcome any Issues and PRs.
The authors of this project are currently Adam Boutcher and Paul Clark.
This has been developed at the Durham GridPP Site (UKI-SCOTGRID-DURHAM) and the Institute for Particle Physics Phenomenology, Durham University.
The work and partial works have been presented too the WLCG Security Operations Centre at Cern
Other key contributors:
- Jon Trinder at Glasgow University.
This is a very brief installation method/guide; please read the Warnings and Notices below
- Install Fail2Ban
- Create the f2b database
- Choose and setup deployment type (Direct MySQL/MariaDB or API)
- Deploy the Fail2Ban actions and scripts
- Configure deployment type
- Setup the Jails
- Setup the Cron
- Start Fail2Ban
- Run the database scripts
- Create a db user for each Fail2Ban Host/Client with CREATE and INSERT permissions.
- Start mysql/mariadb
- Run the database scripts
- Create a db user for the API to use with CREATE and INSERT permissions.
- Run the API insatllation script
- Make the db changes required
- Start mysql/mariadb
- Start httpd/apache
The files contained in this repository are currently primarily to use and develop from. They should be READ and UNDERSTOOD rather than blindly copied and deployed.
In no way do we endorse the current scripts as production ready (although they are currently deployed in some production environments), we cannot guarantee their safety, especially as these are aimed for Cyber Security deployments.
The development for this project has been on CentOS Linux 7 although some efforts have been made to enable them to run on CentOS Linux 8. Other distros may have unexpected results.
SELinux may break this, we wrote some modules for our environment but they have not been include in this project yet.
- Fail2Ban Client - setsebool -P nis_enabled 1
- Fail2Ban API - setsebool -P httpd_can_network_connect_db
Fail2Ban didn't support IPv6 at the time of initial development. The current state of this project is that IPv6 is completely untested and will probably not work correctly.
The version of Fail2Ban we targeted was written in Python2 and shipped with its own python binary, some scripts will run with Python2 and Python3, some are only Python2. Your experiences may vary.
Here's a list of other peoples attempts at auto deployment. They may bundle older versions of the scripts and should be used as reference only.