fail2ban configuration for Plex Media Server (PMS)
This was created using Fail2Ban v0.9.3 on Ubuntu
/etc/fail2ban/filter.d/plexmediaserver.conf
# Fail2Ban filter for plexmediaserver
#
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
failregex = ^ \[.*\] VERBOSE - We didn't receive any data from <HOST>:\d+ in time, dropping connection\.$
ignoreregex =
[Init]
# "maxlines" is number of log lines to buffer for multi-line regex searches
maxlines = 10
datepattern = %%b %%d, %%Y %%H:%%M:%%S.%%f
# Author: dthomson
/etc/fail2ban/jail.conf
[plexmediaserver]
enabled = true
logpath = /var/log/plexmediaserver/Plex_Media_Server.log
maxretry = 1
bantime = 172800
I had to create a symlink for the “Plex Media Server.log” as fail2ban seems to error when files/folders have spaces in their names.
mkdir /var/log/plexmediaserver/
ln -f "/home/dthomson/Library/Application Support/Plex Media Server/Logs/Plex Media Server.log" "/var/log/plexmediaserver/Plex_Media_Server.log"
I had to add an ExecStartPost to the systemd service on Ubuntu to get the symlink to update when Plex Media Server restarts so that fail2ban can read the log file I have described in the jail.conf.
/etc/systemd/system/plexmediaserver.service
ExecStartPost=/bin/ln -f "/home/dthomson/Library/Application Support/Plex Media Server/Logs/Plex Media Server.log" "/var/log/plexmediaserver/Plex_Media_Server.log"
Start fail2ban
fail2ban-client start
If you want to see the list of IPs that are being banned.
iptables -L f2b-plexmediaserver -n
NOTE fail2ban doesn’t like soft symlinks. It won’t detect them changing if/when you restart PMS.
There might be other log events that I haven’t found yet, but this seemed to be the most prominent in terms of attacking. Happy Banning!
