install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/TerminalSkills/skills/fail2ban" ~/.claude/skills/comeonoliver-skillshub-fail2ban && rm -rf "$T"
manifest:
skills/TerminalSkills/skills/fail2ban/SKILL.mdsource content
Fail2Ban
Overview
Fail2Ban monitors log files for failed authentication attempts and bans offending IPs using iptables/nftables. Protects SSH, Nginx, Apache, Postfix, and any service with log-based authentication.
Instructions
Step 1: Install
sudo apt install fail2ban sudo systemctl enable fail2ban
Step 2: Configure
# /etc/fail2ban/jail.local — Custom configuration (never edit jail.conf) [DEFAULT] bantime = 1h findtime = 10m maxretry = 5 banaction = iptables-multiport [sshd] enabled = true port = ssh maxretry = 3 bantime = 24h [nginx-http-auth] enabled = true port = http,https maxretry = 5 [nginx-botsearch] enabled = true port = http,https maxretry = 2 bantime = 7d
Step 3: Monitor
sudo fail2ban-client status # list active jails sudo fail2ban-client status sshd # show banned IPs sudo fail2ban-client set sshd unbanip 1.2.3.4 # unban sudo fail2ban-client set sshd banip 5.6.7.8 # manual ban
Guidelines
- Always create jail.local — jail.conf gets overwritten on updates.
- Start conservative: 5 retries, 1h ban. Adjust based on logs.
- For modern alternative with community threat sharing, consider CrowdSec.
- Use
to test custom filters before deploying.fail2ban-regex