Fail2Ban Jails Management

Advanced users might also be interested in configuring the way the so-called Fail2Ban jails are used to block IP addresses. A Fail2Ban jail is a combination of a filter and one or several actions. A filter defines a regular expression that matches a pattern corresponding to a failed login attempt or another suspicious activity. Actions define commands that are executed when the filter catches an abusive IP address.

A jail can have active or inactive status. When Fail2Ban service is running, only active jails will be used to monitor the log files and to ban suspicious IP addresses.

In Plesk, there are preconfigured jails for all hosting services (web server, mail server, FTP server, and so on). Most of them work in the same way: they detect failed login attempts and block access to the service for ten minutes. These jails are listed at the Jails tab at Tools & Settings > IP Address Banning (Fail2Ban).

Fail2Ban_Jails

The following preconfigured jails are available:

Preconfigured jails for non-installed Plesk components are not shown in the list. For example, if RoundCube webmail is not installed, the plesk-roundcube jail is not shown in the list of available jails.

To protect your services from specific threats, as well as to protect third-party services that are not shipped with Plesk, you might want to set up your own jails, switch them on and off, update jail settings, and add filters that can be used by jails.

Activate or Deactivate a Jail

To activate a jail:

  1. Go to Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
  2. Select a jail and click the Switch On button. This button is available only when the Fail2Ban service is running (the Enable intrusion detection check box is selected on the Settings tab).

Note: If you try to switch on several jails at once with a group Switch On operation and one of the jails fails to start, then all the jails will not be started. In this case, switch on the jails one by one.

To deactivate a jail:

  1. Go to Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
  2. Select a jail and click the Switch Off button.

    Fail2Ban_activate_jail

Configure Jail's Settings

To set up a new jail:

  1. Go to Tools & Settings > IP Address Banning (Fail2Ban) > Jails > Add Jail.
  2. Specify the filter.

    You can use the following filters already set up in Plesk:

    You can also add your own filter. For details, see the Manage Filters section below.

  3. Specify the jail action.

    You can use the following actions, which are already set up in Plesk:

    Select an action from the Actions menu and click Add to add it to the jail. You can add any number of actions to a jail. Actions can be customized for your needs, for example, you can specify a particular email address for sending notifications or specify the ports that should be closed.

  4. In the Log path field, specify one or more log files Fail2ban will check for the signs of an attack.
  5. Set the IP address ban period in seconds.
  6. Set the number of failed login attempts.
  7. Click OK.

    Fail2Ban_AddJail

To change settings of an existing jail:

  1. Go to Tools & Settings > IP Address Banning (Fail2Ban) > Jails , click the jail's name, and then click Change Settings.
  2. Edit the jail's settings and click OK.

To remove a jail:

  1. Go to Tools & Settings > IP Address Banning (Fail2Ban) > Jails.
  2. Select a jail and click Remove.

Note: Jails shipped with Plesk cannot be removed, you can only deactivate them. However you can remove the jails that you added yourself.

Manage Filters

To add a filter that can be used by a jail:

  1. Go to Tools & Settings > IP Address Banning (Fail2Ban) > Jails > Manage Filters > Add Filter.
  2. Specify the filter name and the regular expression used to match the lines of log files. For details about Fail2Ban filters, refer to Fail2Ban documentation at http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters. As Fail2Ban is a Python application, for details about Python regular expressions, refer to Python documentation at https://docs.python.org/2/library/re.html.