Create a centralized Fail2Ban eBook

Fail2Ban is one of the most used systems to stop attacks against Linux servers by scanning log files and from the results block IP addresses in the firewall.

However, Fail2Ban is designed to run locally on a single server, but can easily be expanded into a centralized Fail2Ban system where all servers in a group can share a common list of IP addresses that need to be blocked.

Instead of being reactive, you get a proactive system, which is of great benefit as the same attacker often attacks many servers.

A centralized Fail2Ban system is easy to build for the handy. What is needed is a centrally located database, something that triggers an update of the database, and something that retrieves the data and blocks in the firewall. In a safe way in all parts.

We have now created an eBook which describes a complete solution (which we ourselves also use) with concrete examples.

In the examples described in the eBook, a RHEL 8 server is used (which should also work with all clones based on RHEL), a MySQL database and PHP. However, the examples should not be a major problem to "translate" to other systems. What is described for Fail2Ban should be general for all Linux distributions.