fail2ban/fail2ban

Fail2Ban is a security daemon, a background program that runs on a server, that automatically blocks IP addresses (the numerical identifiers of machines on the internet) that are trying to break into your system by guessing passwords or credentials. The problem it addresses is brute-force and credential-stuffing attacks: automated tools on the internet constantly try to log into servers by repeatedly guessing usernames and passwords. Left unchecked, these attempts slow down your server and, if a password is weak, can succeed. Fail2Ban works by watching log files, the records your server writes when things happen, and counting failed login attempts from each IP address. When a particular address fails too many times within a time window you configure, Fail2Ban updates your system's firewall rules to block all connections from that address for a configurable period. When the ban expires, the block is lifted. It supports watching many common log sources out of the box, including the SSH service (which lets you log into a server remotely) and web servers, and can be configured to watch any log file you choose. It is written in Python and is typically installed via your Linux distribution's package manager. Configuration lives in files under /etc/fail2ban and can also be managed through a command-line client called fail2ban-client. The README notes that while Fail2Ban reduces the frequency of brute-force attempts, it is not a substitute for strong authentication, two-factor or public-key authentication offer much stronger protection. It is licensed under the GNU General Public License version 2.