Fail2Ban-UI Systemd Setup
This guide provides two methods to run Fail2Ban-UI as a systemd service.
- Systemd service that starts the local compiled binary.
- Systemd service that starts the fail2ban-ui container.
For SELinux enabled systems (needed in bouth cases)
If SELinux is enabled, you must apply the required SELinux policies to allow Fail2Ban to communicate with the Fail2Ban-UI API via port 8080.
Apply the prebuilt SELinux Module with:
semodule -i fail2ban-curl-allow.pp
Build and running Fail2Ban-UI from Local Source Code
In this case we will run Fail2Ban-UI from /opt/fail2ban-ui/ using systemd.
Prerequisites
Install Go 1.22+ and required dependencies:
sudo dnf install -y golang git whois
Make sure you setup GeoIP and your country database is available under: /usr/share/GeoIP/GeoLite2-Country.mmdb
Clone the repository to /opt/fail2ban-ui:
sudo git clone https://github.com/swissmakers/fail2ban-ui.git /opt/fail2ban-ui
cd /opt/fail2ban-ui
sudo go build -o fail2ban-ui ./cmd/main.go
Create the fail2ban-ui.service
Save this file as /etc/systemd/system/fail2ban-ui.service:
[Unit]
Description=Fail2Ban UI
After=network.target fail2ban.service
Requires=fail2ban.service
[Service]
WorkingDirectory=/opt/fail2ban-ui
ExecStart=/opt/fail2ban-ui/fail2ban-ui
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target
Start & Enable the Service
- Reload systemd to detect our new service:
sudo systemctl daemon-reload - Enable and start the service:
sudo systemctl enable fail2ban-ui.service --now - Check the status:
sudo systemctl status fail2ban-ui.service
View Logs
To see the real-time logs of Fail2Ban-UI:
sudo journalctl -u fail2ban-ui.service -f
Restart or Stop
Restart:
sudo systemctl restart fail2ban-ui.service
Stop:
sudo systemctl stop fail2ban-ui.service
Running Fail2Ban-UI as a (Systemd controlled) Container
This method runs Fail2Ban-UI as a containerized service with automatic startup and handling through systemd.
Prerequisites
- Ensure Podman or Docker is installed.
For Podman:
sudo dnf install -y podman
For Docker (if preferred):
sudo dnf install -y docker
sudo systemctl enable --now docker
Make sure you setup GeoIP and your country database is available under: /usr/share/GeoIP/GeoLite2-Country.mmdb
Create the needed folder to store the fail2ban-ui config:
sudo mkdir /opt/podman-fail2ban-ui
Create the fail2ban-ui-container.service
Save this file as /etc/systemd/system/fail2ban-ui-container.service:
[Unit]
Description=Fail2Ban UI (Containerized)
After=network.target fail2ban.service
Requires=fail2ban.service
[Service]
ExecStart=/usr/bin/podman run --rm \
--name fail2ban-ui \
--network=host \
-v /opt/podman-fail2ban-ui:/config:Z \
-v /etc/fail2ban:/etc/fail2ban:Z \
-v /var/log:/var/log:ro \
-v /var/run/fail2ban:/var/run/fail2ban \
-v /usr/share/GeoIP:/usr/share/GeoIP:ro \
localhost/fail2ban-ui
Restart=always
RestartSec=10s
[Install]
WantedBy=multi-user.target
For SELinux enabled systems
If SELinux is enabled, you must apply the required SELinux policies to allow the container to communicate with Fail2Ban.
The policies are located here: "../container/SELinux/"
Apply the prebuilt SELinux Modules with:
semodule -i fail2ban-container-ui.pp
semodule -i fail2ban-container-client.pp
Manually Compile and Install SELinux Rules
If you want to change or compile the SELinux rules by yourself run:
checkmodule -M -m -o fail2ban-container-client.mod fail2ban-container-client.te
semodule_package -o fail2ban-container-client.pp -m fail2ban-container-client.mod
semodule -i fail2ban-container-client.pp
Start & Enable the Container Service
- Reload systemd to detect the new service:
sudo systemctl daemon-reload - Enable and start the containerized service:
sudo systemctl enable --now fail2ban-ui-container.service - Check the status:
sudo systemctl status fail2ban-ui-container.service
View Logs
sudo journalctl -u fail2ban-ui-container.service -f
Restart or Stop
Restart:
sudo systemctl restart fail2ban-ui-container.service
Stop:
sudo systemctl stop fail2ban-ui-container.service
Contact & Support
For issues, visit our GitHub repository:
🔗 GitHub Issues
For enterprise support:
🔗 Swissmakers GmbH