Automic VaultAutomic Vault

brew

Install fail2ban with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Scan log files and ban IPs showing malicious signs. Version 1.1.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install fail2ban

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install fail2ban

MacPorts ports tree · security/fail2ban/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add fail2ban

Alpine Linux edge package indexes · fail2ban · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install fail2ban

Debian stable package indexes · fail2ban · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install fail2ban

Fedora Rawhide package metadata · fail2ban · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#fail2ban

nixpkgs package indexes · pkgs/by-name/fa/fail2ban/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S fail2ban

Arch Linux sync databases · fail2ban · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install fail2ban

openSUSE Tumbleweed package metadata · fail2ban · source: download.opensuse.org

overview

Package summary

Scan log files and ban IPs showing malicious signs

Commands and aliases

  • fail2ban-client
  • fail2ban-python
  • fail2ban-regex
  • fail2ban-server
  • fail2ban-testcases

history

Project history and usage

Fail2Ban is a long-running Python daemon and command-line toolkit for reacting to hostile log patterns by banning hosts through firewall actions. Its core appeal has stayed stable since the early releases: watch authentication and service logs, count repeated failures, and temporarily block the offending address.

Project history

The official changelog records Fail2Ban releases back to 0.1.0 in October 2004. Early 0.x releases moved quickly through alpha, beta, and stable lines, with 0.6.0 stable in 2005, the 0.7 branch in 2006, and 0.8.0 stable in 2007. The README still credits Cyril Jaquier as original author and describes the project as community-driven for years.

The 0.9 series, beginning in 2014, marked the modern service-management era by adding a systemd journal backend. The 0.10 line followed with IPv6 work, including an alpha labeled for IPv6 support in 2016 and a 0.10.0 release in 2017. Later releases continued to refine journald, iptables, nftables, firewalld, pf, and service-specific filters.

The 1.x line arrived with 1.0.1 and 1.0.2 releases in 2022 and 1.1.0 in 2024. These releases focused less on changing the basic model and more on compatibility, security, and operational maintenance: Python version support, CVE fixes, systemd backend stability, IPv6 auto-detection, newer service log formats, and additional filters and actions.

Adoption history

Fail2Ban became part of the standard Linux server-security toolbox because it matched the common shape of internet-facing Unix services: SSH, mail, web, and database daemons emitting failed-authentication logs. The project README says it is likely already packaged for a user's Linux distribution, and the supplied package-manager facts show broad availability across Alpine, Debian, Fedora/DNF, Homebrew, MacPorts, Nix, Arch, Ubuntu, and openSUSE.

Its adoption has been helped by configuration conventions that distributions can ship and administrators can override. Stock jails, filters, actions, and path files let package maintainers encode distribution-specific log locations while users keep local policy in `/etc/fail2ban`, especially `jail.local` and `jail.d` snippets.

How it is used

A typical Fail2Ban deployment installs the daemon, enables selected jails such as `sshd`, and lets `fail2ban-server` monitor logs while administrators use `fail2ban-client` for status, reloads, and manual control. The README explicitly warns users to interact through `fail2ban-client` rather than calling the server directly.

The package also matters to operators because `fail2ban-regex` gives a local way to test filters against log samples before enabling bans. That workflow, plus filter and action directories, made Fail2Ban not just a daemon but a small domain-specific toolkit for converting service logs into firewall state.

Why package nerds care

Fail2Ban is significant in package-manager culture because it is both ordinary and sharp-edged: a tiny install command can place a privileged daemon, distro-specific defaults, init/systemd integration, and firewall actions on a host. Packagers must get paths, service units, Python dependencies, and default actions right or administrators either get no protection or accidental lockouts.

It is also a classic example of a package whose value comes from accumulated operational knowledge. The code is important, but the long tail of maintained filters for OpenSSH, Apache, nginx, Postfix, Dovecot, Exim, and many other services is why administrators keep installing it.

Timeline

  • 2004: Fail2Ban 0.1.0 alpha released.
  • 2005: 0.6.0 stable release published.
  • 2007: 0.8.0 stable release published.
  • 2014: 0.9.0 beta added systemd journal backend.
  • 2016: 0.10.0 alpha introduced IPv6-support work.
  • 2017: 0.10.0 released.
  • 2020: 0.11.2 released.
  • 2022: 1.0.1 and 1.0.2 released with compatibility and security fixes.
  • 2024: 1.1.0 released with newer Python support and further backend/filter updates.

Related projects

  • OpenSSH, iptables, nftables, firewalld, pf, systemd-journald, DenyHosts, sshguard

security posture

Risk level: orange

broad file, network, media, or database tool signal. formula declares a Homebrew service.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • broad file, network, media, or database tool signal
  • formula declares a Homebrew service

Signals

  • metadata:service
  • text:client,server

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Formula metadata declares a service or daemon block.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/etc/fail2ban/jail.conf/etc/fail2ban/jail.local/etc/fail2ban/jail.d/*.conf/etc/fail2ban/filter.d/*.conf/etc/fail2ban/action.d/*.conf

executables

Installed executables

CommandKindExposureNote
fail2ban-clientcliglobal executable
fail2ban-pythoncliglobal executable
fail2ban-regexcliglobal executable
fail2ban-servercliglobal executable
fail2ban-testcasescliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.1.0
manager updated
local dataok
upstreamcurrent
latest detected1.1.0

https://github.com/fail2ban/fail2ban

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:fail2ban
Version1.1.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/fail2ban
Homepagehttps://www.fail2ban.org/
Repositoryhttps://github.com/fail2ban/fail2ban
Upstream docshttps://fail2ban.readthedocs.io/
LicenseGPL-2.0-or-later
Source archivehttps://github.com/fail2ban/fail2ban/archive/refs/tags/1.1.0.tar.gz
Dependenciespython@3.14
Build dependenciessphinx-doc
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicedeclared
CaveatsYou must enable any jails by editing: $HOMEBREW_PREFIX/etc/fail2ban/jail.conf Other configuration files are in $HOMEBREW_PREFIX/etc/fail2ban. See more instructions at https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration.

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namefail2ban
Version Scheme0
Revision2
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

fail2ban 1.1.0-8

ban hosts that cause multiple authentication errors

https://www.fail2ban.org

sudo apt install fail2ban
  • Section: net
  • Architecture: all
  • 2 dependencies
  • 9 optional deps
  • normalized package name match
  • Matched by: Fail2ban
Debian stable package indexes · deb.debian.org · Debian stable package indexes: fail2ban from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

fail2ban

nix profile install nixpkgs#fail2ban
  • normalized package name match
  • Matched by: Fail2ban
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/fa/fail2ban/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

fail2ban 1.0.2-3

ban hosts that cause multiple authentication errors

https://www.fail2ban.org

sudo apt install fail2ban
  • Section: universe/net
  • Architecture: all
  • 2 dependencies
  • 8 optional deps
  • normalized package name match
  • Matched by: Fail2ban
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: fail2ban from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

fail2ban 1.1.0-r3

Scans log files for login failures then updates iptables to reject originating ip address

https://www.fail2ban.org/

sudo apk add fail2ban
  • License: GPL-2.0-or-later
  • Architecture: x86_64
  • Source Package: fail2ban
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Fail2ban
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: fail2ban from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

fail2ban-doc 1.1.0-r3

Scans log files for login failures then updates iptables to reject originating ip address (documentation)

https://www.fail2ban.org/

sudo apk add fail2ban-doc
  • License: GPL-2.0-or-later
  • Architecture: x86_64
  • Source Package: fail2ban
  • normalized package name match
  • Matched by: Fail2ban
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: fail2ban-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

fail2ban-openrc 1.1.0-r3

Scans log files for login failures then updates iptables to reject originating ip address (OpenRC init scripts)

https://www.fail2ban.org/

sudo apk add fail2ban-openrc
  • License: GPL-2.0-or-later
  • Architecture: x86_64
  • Source Package: fail2ban
  • normalized package name match
  • Matched by: Fail2ban
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: fail2ban-openrc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

fail2ban-pyc 1.1.0-r3

Precompiled Python bytecode for fail2ban

https://www.fail2ban.org/

sudo apk add fail2ban-pyc
  • License: GPL-2.0-or-later
  • Architecture: x86_64
  • Source Package: fail2ban
  • 1 dependencies
  • normalized package name match
  • Matched by: Fail2ban
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: fail2ban-pyc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

fail2ban-tests 1.1.0-r3

Fail2ban test cases

https://www.fail2ban.org/

sudo apk add fail2ban-tests
  • License: GPL-2.0-or-later
  • Architecture: x86_64
  • Source Package: fail2ban
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Fail2ban
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: fail2ban-tests from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
dnf95%

fail2ban 1.1.0-17.fc45

Daemon to ban hosts that cause multiple authentication errors

https://www.fail2ban.org

sudo dnf install fail2ban
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 3 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

fail2ban-all 1.1.0-17.fc45

Install all Fail2Ban packages and dependencies

https://www.fail2ban.org

sudo dnf install fail2ban-all
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 9 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban-all from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

fail2ban-firewalld 1.1.0-17.fc45

Firewalld support for Fail2Ban

https://www.fail2ban.org

sudo dnf install fail2ban-firewalld
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 2 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban-firewalld from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

fail2ban-hostsdeny 1.1.0-17.fc45

Hostsdeny (tcp_wrappers) support for Fail2Ban

https://www.fail2ban.org

sudo dnf install fail2ban-hostsdeny
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 3 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban-hostsdeny from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

fail2ban-mail 1.1.0-17.fc45

Mail actions for Fail2Ban

https://www.fail2ban.org

sudo dnf install fail2ban-mail
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 2 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban-mail from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

fail2ban-selinux 1.1.0-17.fc45

SELinux policies for Fail2Ban

https://www.fail2ban.org

sudo dnf install fail2ban-selinux
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 6 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban-selinux from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

fail2ban-sendmail 1.1.0-17.fc45

Sendmail actions for Fail2Ban

https://www.fail2ban.org

sudo dnf install fail2ban-sendmail
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 2 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban-sendmail from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

fail2ban-server 1.1.0-17.fc45

Core server component for Fail2Ban

https://www.fail2ban.org

sudo dnf install fail2ban-server
  • License: GPL-2.0-or-later
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: fail2ban
  • 8 dependencies
  • 4 provides
  • normalized package name match
  • Matched by: Fail2ban
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: fail2ban-server from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment