Skills fail2ban

install

source · Clone the upstream repo

git clone https://github.com/TerminalSkills/skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/TerminalSkills/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/fail2ban" ~/.claude/skills/terminalskills-skills-fail2ban && rm -rf "$T"

manifest: skills/fail2ban/SKILL.md

safety · automated scan (low risk)

This is a pattern-based risk scan, not a security review. Our crawler flagged:

uses sudo

Always read a skill's source content before installing. Patterns alone don't mean the skill is malicious — but they warrant attention.

source content

Fail2Ban

Overview

Fail2Ban monitors log files for failed authentication attempts and bans offending IPs using iptables/nftables. Protects SSH, Nginx, Apache, Postfix, and any service with log-based authentication.

Instructions

Step 1: Install

sudo apt install fail2ban
sudo systemctl enable fail2ban

Step 2: Configure

# /etc/fail2ban/jail.local — Custom configuration (never edit jail.conf)
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
banaction = iptables-multiport

[sshd]
enabled = true
port = ssh
maxretry = 3
bantime = 24h

[nginx-http-auth]
enabled = true
port = http,https
maxretry = 5

[nginx-botsearch]
enabled = true
port = http,https
maxretry = 2
bantime = 7d

Step 3: Monitor

sudo fail2ban-client status               # list active jails
sudo fail2ban-client status sshd           # show banned IPs
sudo fail2ban-client set sshd unbanip 1.2.3.4   # unban
sudo fail2ban-client set sshd banip 5.6.7.8     # manual ban

Guidelines

Always create jail.local — jail.conf gets overwritten on updates.
Start conservative: 5 retries, 1h ban. Adjust based on logs.
For modern alternative with community threat sharing, consider CrowdSec.
Use
```
fail2ban-regex
```
to test custom filters before deploying.