fail2ban

Automatically ban repeated failed authentication attempts across system and docker services.

See fail2ban Docker and Documentation.

Docker Capabilities

Capability

Action

NET_ADMIN

ADD

NET_RAW

ADD

Files

fail2ban Files

Location

Purpose

/data/jail.d

Defines how services are watched

/data/filter.d

Defines actions on services

/var/log

Mapped log location to watch

Updated: None

  • Other containers may map their logging directories to the system /var/log which will enable fail2ban to monitor docker container services.

  • Containers should be separated from everything else. No need for external network access.

  • Add capabilities are needed to modify iptable rules for the system and docker.

  1. fail2ban for System.

  2. fail2ban for Docker.

  3. Common Commands.

  4. fail2ban Troubleshooting.