{"id":35411629,"url":"https://github.com/swissmakers/fail2ban-ui","last_synced_at":"2026-04-04T16:10:02.037Z","repository":{"id":274194662,"uuid":"922188005","full_name":"swissmakers/fail2ban-ui","owner":"swissmakers","description":"Fail2Ban UI is a swissmade web interface for operating Fail2Ban across one or more Linux hosts. It provides a central place to review bans, search and unban IPs, manage jails and filters, and receive notifications.","archived":false,"fork":false,"pushed_at":"2026-03-31T22:07:53.000Z","size":30290,"stargazers_count":201,"open_issues_count":5,"forks_count":17,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-04-01T01:19:39.816Z","etag":null,"topics":["dashboard","fail2ban","fail2ban-dashboard","golang","intrusion-detection","linux","remote-management","webui"],"latest_commit_sha":null,"homepage":"https://fail2ban-ui.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swissmakers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-01-25T14:57:53.000Z","updated_at":"2026-03-31T16:34:32.000Z","dependencies_parsed_at":"2025-08-24T22:11:02.980Z","dependency_job_id":"21e1f74e-37b4-4842-9310-d475200a1ba0","html_url":"https://github.com/swissmakers/fail2ban-ui","commit_stats":null,"previous_names":["swissmakers/fail2ban-ui"],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/swissmakers/fail2ban-ui","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swissmakers%2Ffail2ban-ui","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swissmakers%2Ffail2ban-ui/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swissmakers%2Ffail2ban-ui/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swissmakers%2Ffail2ban-ui/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swissmakers","download_url":"https://codeload.github.com/swissmakers/fail2ban-ui/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swissmakers%2Ffail2ban-ui/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31405633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dashboard","fail2ban","fail2ban-dashboard","golang","intrusion-detection","linux","remote-management","webui"],"created_at":"2026-01-02T14:14:01.642Z","updated_at":"2026-04-04T16:10:02.025Z","avatar_url":"https://github.com/swissmakers.png","language":"Go","readme":"# Fail2Ban UI\n\n\n\u003cdiv align=\"center\"\u003e\n\n**Enterprise-Grade Intrusion Detection System Management Platform**\n\n[![License: PolyForm Shield 1.0.0](https://img.shields.io/badge/License-PolyForm_Shield_1.0.0-6A5ACD)](https://polyformproject.org/licenses/shield/1.0.0/)\n[![Go Version](https://img.shields.io/badge/Go-1.25+-00ADD8?logo=go)](https://golang.org/)\n[![Platform](https://img.shields.io/badge/Platform-Linux-lightgrey)](https://www.linux.org/)\n\n*Swiss-made solution for centralized Fail2Ban management across distributed infrastructure*\n\n[Quick Start](#quick-start-container) • [Documentation](#documentation) • [Configuration Reference](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/configuration.md) • [Screenshots](#screenshots)\n\n\u003c/div\u003e\n\nFail2Ban UI is a management platform for operating Fail2Ban across one or more Linux hosts. It provides a central place to review bans, search and unban IPs, manage jails and filters, and receive notifications.\n\nThe project is maintained by Swissmakers GmbH and released under the [PolyForm Shield License 1.0.0](https://polyformproject.org/licenses/shield/1.0.0/).\n\n## What this project does\n\nFail2Ban UI does not replace Fail2Ban. It connects to existing Fail2Ban instances and adds:\n\n- Dashboard for active jails and recent ban/unban activity with real-time WebSocket updates\n- Server manager for local, SSH, and agent-managed Fail2Ban instances\n- Centralized search, ban, and unban operations across jails and servers\n- Remote jail/filter configuration management (connector-dependent)\n- Filter debug and live log-pattern testing\n- Ban insights with an interactive 3D globe by country\n- Advanced recurring-offender actions (MikroTik, pfSense, OPNsense)\n- Persistent event and permanent-block data management\n- Configurable alerts (Email/SMTP, Webhook, Elasticsearch) with GeoIP/Whois enrichment\n- Optional OIDC login (Keycloak, Authentik, Pocket-ID)\n- Least-privilege, SELinux-aware deployment patterns\n\n## Connector types\n\n| Connector | Typical use | Notes |\n|---|---|---|\n| Local | Fail2Ban runs on the same host as the UI | Uses the Fail2Ban socket and local files |\n| SSH | Manage remote Fail2Ban hosts without installing an agent | Uses key-based SSH and remote `fail2ban-client` |\n| Agent (technical preview) | Environments where SSH is not desired | Limited functionality; work in progress |\n\n## Quick start (container)\n\nPrerequisites:\n- A Linux host with Podman or Docker\n- If you manage a local Fail2Ban instance: access to `/etc/fail2ban` and `/var/run/fail2ban` is needed by Fail2ban-UI\n\nProcedure (local connector example):\n```bash\npodman run -d --name fail2ban-ui --network=host \\\n  -v /opt/fail2ban-ui:/config:Z \\\n  -v /etc/fail2ban:/etc/fail2ban:Z \\\n  -v /var/run/fail2ban:/var/run/fail2ban \\\n  -v /var/log:/var/log:ro \\\n  swissmakers/fail2ban-ui:latest\n````\n\nVerification:\n\n* Open `http://localhost:8080`\n* In the UI: Settings → Manage Servers → enable \"Local connector” and run \"Test connection”\n\nNext steps:\n\n* For Compose, systemd, SELinux, and remote connectors, see the documentation links below.\n\n## Documentation\n\n* Installation: [`docs/installation.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/installation.md)\n* Configuration reference (env vars, callback URL/secret, OIDC): [`docs/configuration.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/configuration.md)\n* Reverse proxy guide: [`docs/reverse-proxy.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/reverse-proxy.md)\n* Webhook integration guide: [`docs/webhooks.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/webhooks.md)\n* Security guidance (recommended deployment posture): [`docs/security.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/security.md)\n* Architecture overview: [`docs/architecture.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/architecture.md)\n* API reference: [`docs/api.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/api.md)\n* Alert providers (Email, Webhook, Elasticsearch): [`docs/alert-providers.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/alert-providers.md)\n* Threat intelligence (AlienVault OTX / AbuseIPDB): [`docs/threat-intel.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/threat-intel.md)\n* Troubleshooting: [`docs/troubleshooting.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/troubleshooting.md)\n\nExisting deployment guides in this repository:\n\n* Container: [`deployment/container/README.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/deployment/container/README.md)\n* systemd: [`deployment/systemd/README.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/deployment/systemd/README.md)\n* Optional container SELinux modules (socket/log access): [`deployment/container/SELinux/`](https://github.com/swissmakers/fail2ban-ui/blob/main/deployment/container/SELinux/) — host Fail2Ban `curl` callbacks often need the `nis_enabled` boolean instead; see [`docs/security.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/security.md#selinux)\n\nDevelopment / testing stacks:\n* OIDC dev stack: [`development/oidc/README.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/development/oidc/README.md)\n* SSH and local connector dev stack: [`development/ssh_and_local/README.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/development/ssh_and_local/README.md)\n\n## Screenshots\n\nA set of screenshots is available in `screenshots/`\n\n### Main Dashboard\n![Dashboard](screenshots/0_Dashboard.png)\nThe main dashboard view showing an overview of all active jails, banned IPs, and real-time statistics. Displays total bans, recent activity, and quick access to key features.\n\n#### Unban IP\n![Unban IP](screenshots/0.1_Dashboard_unban_IP.png)\nUnbanning a IP addresses directly from the dashboard. Shows the unban confirmation dialog.\n\n### Server Management\n![Manage Servers](screenshots/1_Dashboard_Manage_Servers.png)\nServer management modal for configuring / adding and managing multiple Fail2Ban instances. Supports local, SSH, and API agent connections.\n\n### Jail / Filter Management\n![Manage Jails](screenshots/1.1_Dashboard_Manage_Jails.png)\nOverview of all configured jails with their enabled/disabled status. Allows centralized management of jail configurations across multiple servers.\n\n#### Edit Jail Configuration\n![Edit Jail](screenshots/1.2_Dashboard_Manage_Jails_Edit.png)\nWhen clicking on \"Edit Filter / Jail\" the Jail configuration editor is opened. It shows the current filter and jail configuration  with all options to modify the settings, test or add / modify the logpaths, and save changes.\n\n#### Logpath Test\n![Logpath Test](screenshots/1.3_Dashboard_Manage_Jails_Edit_Logpathtest.png)\nLogpath testing functionality that verifies log file paths and checks if files are accessible. Shows test results with visual indicators (✓/✗) for each log path.\n\n#### Create new Filter\n![Create Filter](screenshots/1.4_Dashboard_Manage_Jails_Create_Filter.png)\nThe first button opens the modal for creating new Fail2Ban filter files. Includes filter configuration editor with syntax highlighting and validation.\n\n#### Create new Jail\n![Create Jail](screenshots/1.5_Dashboard_Manage_Jails_Create_Jail.png)\nThe second button opens the jail creation modal for setting up new jails. It supports separate jail definitions with custom parameters and filter selection.\n\n### Search Functionality\n![Search](screenshots/1.6_Dashboard_search.png)\nSearch for a specific IPs, that where blocked in a specific jail - searches in all active jails. Provides a quick and painless filtering.\n\n### Internal Log Overview\n![Log Overview](screenshots/2_Dashboard_Log_Overview.png)\nComprehensive log overview showing ban / unban events, timestamps, and associated jails and recurring offenders. Provides detailed information about past security events.\n\n#### Whois Information\n![Whois](screenshots/2.1_Dashboard_Log_Overview_Whois.png)\nWhois lookup modal displaying detailed information about banned IP addresses, including geographic location, ISP details, and network information.\n\n#### Ban Logs\n![Ban Logs](screenshots/2.2_Dashboard_Log_Overview_BanLogs.png)\nDetailed ban log view showing log lines that triggered the ban, timestamps, and context information for each security event.\n\n### Filter Debugging\n![Filter Debug](screenshots/3_Filter_Debug.png)\nFilter debugging interface for testing Fail2Ban filter regex patterns against log lines. Helps validate filter configurations before deployment.\n\n#### Filter Test Results\n![Filter Test Results](screenshots/3.1_Filter_Debug_Testresult.png)\nResults from filter testing showing matched lines, regex performance, and validation feedback. Displays which log lines match the filter pattern.\n\n### Settings\n![Settings](screenshots/4_Settings.png)\nMain settings page with sections for different configuration categories including general settings, advanced ban actions, alert settings, and global fail2ban settings.\n\n#### Debug Console\n![Debug Console](screenshots/4.1_Settings_DebugConsole.png)\nWhen enabled the Debug console  showing real-time application logs, system messages, and debugging information. Useful for troubleshooting and monitoring without the need to query the container logs manually everytime.\n\n#### Advanced Ban Actions\n![Advanced Ban Actions](screenshots/4.2_Settings_AdvancedBanActions.png)\nConfiguration for advanced ban actions including permanent blocking, firewall integrations (Mikrotik, pfSense, OPNsense), and threshold settings for recurring offenders.\n\n#### Alert Settings\n![Alert Settings](screenshots/4.3_Settings_AlertSettings.png)\nAlert configuration supporting three providers: Email (SMTP), Webhook, and Elasticsearch. Includes country-based filtering, GeoIP provider selection, and per-event toggles for bans and unbans. See [`docs/alert-providers.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/alert-providers.md) for details.\n\n#### Global Settings\n![Global Settings](screenshots/4.4_Settings_GlobalSettings.png)\nGlobal Fail2Ban settings including default bantime, findtime, maxretry, banaction configuration (nftables/firewalld/iptables) and so on.\n\n## Security notes (think before exposing the UI)\n\n* Do not expose the UI directly to the public Internet. Put it behind a reverse proxy, VPN, firewall rules, and/or OIDC.\n* SSH connector should use a dedicated service account with minimal sudo permissions and ACLs (at minimum `sudo fail2ban-client *` and `sudo systemctl restart fail2ban`).\n* All IP addresses are validated (strict IPv4/IPv6/CIDR parsing) before being passed to any integration or command, preventing command injection.\n* WebSocket connections are protected by origin validation (same-origin only) and require authentication when OIDC is enabled.\n* For production proxy examples and WebSocket requirements, see [`docs/reverse-proxy.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/reverse-proxy.md).\n\nSee [`docs/security.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/docs/security.md) for details.\n\n## Contributing\n\nDocumentation and deployment guidance in security tooling is never \"done\", and engineers are not always the fastest at writing it down in docs.\n\nIf you see a clearer way to describe installation steps, safer container defaults, better reverse-proxy examples, SELinux improvements, or a more practical demo environment, please contribute. Small improvements (typos, wording, examples) are just as valuable as code changes.\n\nWant to add a new UI language? Copy `internal/locales/en.json`, translate all values, save it as `internal/locales/\u003clang\u003e.json`, and open a pull request.\nPlease use a proper lowercase locale short code for `\u003clang\u003e` (for example `ch`, `ch_de`, `es`, or `pt_br`).\n\n\nSee [`CONTRIBUTING.md`](https://github.com/swissmakers/fail2ban-ui/blob/main/CONTRIBUTING.md) for more info.\n\n## License\n\nFail2ban UI is licensed under the [PolyForm Shield License 1.0.0](https://polyformproject.org/licenses/shield/1.0.0/). See the [`LICENSE`](LICENSE) file for the full terms and required notices.","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswissmakers%2Ffail2ban-ui","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswissmakers%2Ffail2ban-ui","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswissmakers%2Ffail2ban-ui/lists"}