Intrusion prevention framework that bans malicious IPs.

Overview

Fail2ban is an intrusion prevention system written in Python that protects Linux and Unix web servers from brute-force attacks by monitoring log files and banning IP addresses that show suspicious activity. Originally developed by Cyril Jaquier in 2004, fail2ban works by parsing log files through regular expressions, identifying patterns that indicate malicious behavior like repeated failed login attempts, and automatically creating firewall rules to block offending IP addresses for specified time periods.