PowerShell version of Fail2Ban
This script monitors a Windows system for attempted brute force authentications. After the defined number of failures have occured, the script will create a firewall rule to block the IP for a defined period of time. Additionally, when an IP is banned, the event is written to the system's event log under and stored in a queryable SQL DB. The IP(s) of the system that is running the script are automatically whitelisted with the ability to add additional IPs to the whitelist.
- Download repo and unzip repo
- Edit script with your favorite text editor and adjust configs just after initial comment, as desired
- Save scrip and execute it
- Follow the options (see screenshots below)
- Configurable threshold of failed login attempts and how long an IP should be blocked
- IP whitelisting
- Logging blocked IPs to Windows event log with customizable event source and ID
- Logging blocked and whitelisted IPs to a queryable SQL database
- Customizable ban timeout
- Option for mass and quick removal of all banned IPs before a ban expiration occurs
Configuring the Whitelist (single IP or CIDR blocks)
Banned IP firewall rule(begins with "ban")
Retrieving banned IPs through the script