{"id":"linuxserver-fail2ban","name":"fail2ban","af_score":31.8,"security_score":59.0,"reliability_score":45.0,"what_it_does":"Fail2ban is a host-based intrusion prevention tool that monitors log files (e.g., for SSH failures) and automatically bans IP addresses that match configured patterns/rules, using configurable ban actions and whitelists.","best_when":"You can reliably produce actionable logs, have shell access to configure the daemon, and want automated, log-driven IP banning on one or more servers.","avoid_when":"You cannot modify firewall/security policy or tolerate the risk of banning legitimate users due to misconfigured regexes or NAT/proxy-heavy traffic.","last_evaluated":"2026-03-30T15:20:03.395735+00:00","has_mcp":false,"has_api":false,"auth_methods":["Config-based daemon deployment on host (typically no per-user API auth); operational access via OS privileges"],"has_free_tier":false,"known_gotchas":["Fail2ban is log-driven and stateful; an agent changing configs should consider how bans/unbans are managed over time.","Rules/patterns are highly environment-specific (log formats, service names, jail/action choices).","If logs are missing/rotated unexpectedly or regexes are wrong, the system may not trigger bans or may ban incorrectly."],"error_quality":0.0}