# Install fail2ban with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Scan log files and ban IPs showing malicious signs. Version 1.1.0 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:fail2ban
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install fail2ban
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install fail2ban
```

  Evidence: MacPorts ports tree: security/fail2ban/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add fail2ban
```

  Evidence: Alpine Linux edge package indexes: fail2ban from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install fail2ban
```

  Evidence: Debian stable package indexes: fail2ban from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install fail2ban
```

  Evidence: Fedora Rawhide package metadata: fail2ban from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#fail2ban
```

  Evidence: nixpkgs package indexes: pkgs/by-name/fa/fail2ban/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S fail2ban
```

  Evidence: Arch Linux sync databases: fail2ban from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install fail2ban
```

  Evidence: openSUSE Tumbleweed package metadata: fail2ban from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:fail2ban
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/fail2ban>
- **Version:** 1.1.0
- **Source summary:** Scan log files and ban IPs showing malicious signs
- **Homepage:** <https://www.fail2ban.org/>
- **Repository:** <https://github.com/fail2ban/fail2ban>
- **Upstream docs:** <https://fail2ban.readthedocs.io/>
- **License:** GPL-2.0-or-later
- **Source archive:** <https://github.com/fail2ban/fail2ban/archive/refs/tags/1.1.0.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- fail2ban-client (cli)
- fail2ban-python (cli)
- fail2ban-regex (cli)
- fail2ban-server (cli)
- fail2ban-testcases (cli)
- fail2ban-client (alias)
- fail2ban-python (alias)
- fail2ban-regex (alias)
- fail2ban-server (alias)
- fail2ban-testcases (alias)

## Dependencies

- python@3.14

## Build dependencies

- sphinx-doc

## Install behavior

- Post-install hook: not defined
- Service: declared
- Caveats: You must enable any jails by editing: $HOMEBREW_PREFIX/etc/fail2ban/jail.conf Other configuration files are in $HOMEBREW_PREFIX/etc/fail2ban. See more instructions at https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration.
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.1.0
- Local data: ok
- Upstream repository: https://github.com/fail2ban/fail2ban
- Upstream latest detected: 1.1.0 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Fail2Ban is a long-running Python daemon and command-line toolkit for reacting to hostile log patterns by banning hosts through firewall actions. Its core appeal has stayed stable since the early releases: watch authentication and service logs, count repeated failures, and temporarily block the offending address.

### Project history

The official changelog records Fail2Ban releases back to 0.1.0 in October 2004. Early 0.x releases moved quickly through alpha, beta, and stable lines, with 0.6.0 stable in 2005, the 0.7 branch in 2006, and 0.8.0 stable in 2007. The README still credits Cyril Jaquier as original author and describes the project as community-driven for years.

The 0.9 series, beginning in 2014, marked the modern service-management era by adding a systemd journal backend. The 0.10 line followed with IPv6 work, including an alpha labeled for IPv6 support in 2016 and a 0.10.0 release in 2017. Later releases continued to refine journald, iptables, nftables, firewalld, pf, and service-specific filters.

The 1.x line arrived with 1.0.1 and 1.0.2 releases in 2022 and 1.1.0 in 2024. These releases focused less on changing the basic model and more on compatibility, security, and operational maintenance: Python version support, CVE fixes, systemd backend stability, IPv6 auto-detection, newer service log formats, and additional filters and actions.

### Adoption history

Fail2Ban became part of the standard Linux server-security toolbox because it matched the common shape of internet-facing Unix services: SSH, mail, web, and database daemons emitting failed-authentication logs. The project README says it is likely already packaged for a user's Linux distribution, and the supplied package-manager facts show broad availability across Alpine, Debian, Fedora/DNF, Homebrew, MacPorts, Nix, Arch, Ubuntu, and openSUSE.

Its adoption has been helped by configuration conventions that distributions can ship and administrators can override. Stock jails, filters, actions, and path files let package maintainers encode distribution-specific log locations while users keep local policy in `/etc/fail2ban`, especially `jail.local` and `jail.d` snippets.

### How it is used

A typical Fail2Ban deployment installs the daemon, enables selected jails such as `sshd`, and lets `fail2ban-server` monitor logs while administrators use `fail2ban-client` for status, reloads, and manual control. The README explicitly warns users to interact through `fail2ban-client` rather than calling the server directly.

The package also matters to operators because `fail2ban-regex` gives a local way to test filters against log samples before enabling bans. That workflow, plus filter and action directories, made Fail2Ban not just a daemon but a small domain-specific toolkit for converting service logs into firewall state.

### Why package nerds care

Fail2Ban is significant in package-manager culture because it is both ordinary and sharp-edged: a tiny install command can place a privileged daemon, distro-specific defaults, init/systemd integration, and firewall actions on a host. Packagers must get paths, service units, Python dependencies, and default actions right or administrators either get no protection or accidental lockouts.

It is also a classic example of a package whose value comes from accumulated operational knowledge. The code is important, but the long tail of maintained filters for OpenSSH, Apache, nginx, Postfix, Dovecot, Exim, and many other services is why administrators keep installing it.

### Timeline

- 2004: Fail2Ban 0.1.0 alpha released.
- 2005: 0.6.0 stable release published.
- 2007: 0.8.0 stable release published.
- 2014: 0.9.0 beta added systemd journal backend.
- 2016: 0.10.0 alpha introduced IPv6-support work.
- 2017: 0.10.0 released.
- 2020: 0.11.2 released.
- 2022: 1.0.1 and 1.0.2 released with compatibility and security fixes.
- 2024: 1.1.0 released with newer Python support and further backend/filter updates.

### Related projects

- OpenSSH, iptables, nftables, firewalld, pf, systemd-journald, DenyHosts, sshguard

### Sources

- <https://github.com/fail2ban/fail2ban>
- <https://raw.githubusercontent.com/fail2ban/fail2ban/master/README.md>
- <https://raw.githubusercontent.com/fail2ban/fail2ban/master/ChangeLog>
- <https://fail2ban.readthedocs.io/>
- <https://github.com/fail2ban/fail2ban/wiki/How-to-install-fail2ban-packages>


## Security Notes

broad file, network, media, or database tool signal. formula declares a Homebrew service.

- **Geiger risk:** orange / medium
- broad file, network, media, or database tool signal
- formula declares a Homebrew service


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/fail2ban/jail.conf, /etc/fail2ban/jail.local, /etc/fail2ban/jail.d/*.conf, /etc/fail2ban/filter.d/*.conf, /etc/fail2ban/action.d/*.conf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** fail2ban
- **Version Scheme:** 0
- **Revision:** 2
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - fail2ban - 1.1.0-8: normalized package name match | Debian stable package indexes: fail2ban from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | ban hosts that cause multiple authentication errors | https://www.fail2ban.org
- Nix - fail2ban: normalized package name match | nixpkgs package indexes: pkgs/by-name/fa/fail2ban/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - fail2ban - 1.0.2-3: normalized package name match | Ubuntu 24.04 LTS package indexes: fail2ban from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | ban hosts that cause multiple authentication errors | https://www.fail2ban.org
- apk - fail2ban - 1.1.0-r3: normalized package name match | Alpine Linux edge package indexes: fail2ban from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Scans log files for login failures then updates iptables to reject originating ip address | https://www.fail2ban.org/
- apk - fail2ban-doc - 1.1.0-r3: normalized package name match | Alpine Linux edge package indexes: fail2ban-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Scans log files for login failures then updates iptables to reject originating ip address (documentation) | https://www.fail2ban.org/
- apk - fail2ban-openrc - 1.1.0-r3: normalized package name match | Alpine Linux edge package indexes: fail2ban-openrc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Scans log files for login failures then updates iptables to reject originating ip address (OpenRC init scripts) | https://www.fail2ban.org/
- apk - fail2ban-pyc - 1.1.0-r3: normalized package name match | Alpine Linux edge package indexes: fail2ban-pyc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Precompiled Python bytecode for fail2ban | https://www.fail2ban.org/
- apk - fail2ban-tests - 1.1.0-r3: normalized package name match | Alpine Linux edge package indexes: fail2ban-tests from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Fail2ban test cases | https://www.fail2ban.org/
- dnf - fail2ban - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Daemon to ban hosts that cause multiple authentication errors | https://www.fail2ban.org
- dnf - fail2ban-all - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban-all from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Install all Fail2Ban packages and dependencies | https://www.fail2ban.org
- dnf - fail2ban-firewalld - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban-firewalld from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Firewalld support for Fail2Ban | https://www.fail2ban.org
- dnf - fail2ban-hostsdeny - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban-hostsdeny from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Hostsdeny (tcp_wrappers) support for Fail2Ban | https://www.fail2ban.org
- dnf - fail2ban-mail - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban-mail from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Mail actions for Fail2Ban | https://www.fail2ban.org
- dnf - fail2ban-selinux - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban-selinux from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | SELinux policies for Fail2Ban | https://www.fail2ban.org
- dnf - fail2ban-sendmail - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban-sendmail from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Sendmail actions for Fail2Ban | https://www.fail2ban.org
- dnf - fail2ban-server - 1.1.0-17.fc45: normalized package name match | Fedora Rawhide package metadata: fail2ban-server from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Core server component for Fail2Ban | https://www.fail2ban.org


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [sphinx-doc](https://www.automicvault.com/pkg/brew/sphinx-doc/) - Build dependency declared by Homebrew.
- [sshguard](https://www.automicvault.com/pkg/brew/sshguard/) - Shares av.db curated category or tags: cli, firewall, intrusion-prevention, security.
- [knock](https://www.automicvault.com/pkg/brew/knock/) - Shares av.db curated category or tags: cli, firewall, security.
- [logcheck](https://www.automicvault.com/pkg/brew/logcheck/) - Shares av.db curated category or tags: cli, log-analysis, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [snyk-agent-scan](https://www.automicvault.com/pkg/brew/snyk-agent-scan/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, log, python, python-3-14, scan.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Both packages touch the same language runtime or ecosystem. Shared terms: analysis, cli, python, python-3-14, security.
- [cfripper](https://www.automicvault.com/pkg/brew/cfripper/) - Both packages touch the same language runtime or ecosystem. Shared terms: analysis, cli, python, python-3-14, security.

## Combined YAML source

View the package source record on GitHub. [combined/fail2ban.yml](https://github.com/automic-vault/db/blob/main/combined/fail2ban.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
