Line 5: |
Line 5: |
| | | |
| == Maintainer == | | == Maintainer == |
− | [[User:VIP-ire|Daniel B.]]<br/> | + | [[User:VIP-ire|Daniel B.]]<br /> |
| [http://www.firewall-services.com Firewall Services]<br> | | [http://www.firewall-services.com Firewall Services]<br> |
| mailto:daniel@firewall-services.com | | mailto:daniel@firewall-services.com |
Line 364: |
Line 364: |
| for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//') | | for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//') |
| do | | do |
− | fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail' | + | fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'|sed 'N;s/\n/:/'|cut -d: -f2,4 |
| done | | done |
| then do | | then do |
Line 373: |
Line 373: |
| output: | | output: |
| # sfail2ban | | # sfail2ban |
− | Status for the jail: ftp | + | ftp: |
− | `- Banned IP list:
| + | imap: |
− | Status for the jail: http-auth | + | pam-generic: |
− | `- Banned IP list:
| + | qpsmtpd: |
− | Status for the jail: http-badbots | + | recidive: 141.98.80.15 |
− | `- Banned IP list:
| + | ssh: |
− | Status for the jail: http-fakegooglebot | + | ssh-ddos: |
− | `- Banned IP list:
| + | wordpress: |
− | Status for the jail: http-noscript
| |
− | `- Banned IP list:
| |
− | Status for the jail: http-overflows
| |
− | `- Banned IP list:
| |
− | Status for the jail: http-scan | |
− | `- Banned IP list:
| |
− | Status for the jail: http-shellshock
| |
− | `- Banned IP list:
| |
− | Status for the jail: imap
| |
− | `- Banned IP list:
| |
− | Status for the jail: pam-generic
| |
− | `- Banned IP list:
| |
− | Status for the jail: qpsmtpd | |
− | `- Banned IP list:
| |
− | Status for the jail: recidive | |
− | `- Banned IP list:
| |
− | Status for the jail: ssh | |
− | `- Banned IP list:
| |
− | Status for the jail: ssh-ddos | |
− | `- Banned IP list:
| |
| | | |
| ====Print a summary of the fail2ban db==== | | ====Print a summary of the fail2ban db==== |
Line 408: |
Line 388: |
| Paste this | | Paste this |
| <nowiki>#!/bin/bash | | <nowiki>#!/bin/bash |
− | echo -e \ | + | echo -e \ |
− | "IP \t"\ | + | "IP \t"\ |
− | "BanTime \t"\ | + | "BanTime \t"\ |
− | "UnbanTime \t"\ | + | "UnbanTime \t"\ |
− | "Jail" | + | "Jail" |
− | | + | |
− | for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}'); | + | for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}'); |
− | do
| + | do |
− | IP=$(db fail2ban getprop $ban Host)
| + | IP=$(db fail2ban getprop $ban Host) |
− | Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp))
| + | Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp)) |
− | UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp))
| + | UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp)) |
− | LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}')
| + | LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}') |
− | | + | |
− | printf "%-15s" "$IP"
| + | printf "%-15s" "$IP" |
− | echo -e "\t$Bantime\t$UnBanTime\t$LastJail"
| + | echo -e "\t$Bantime\t$UnBanTime\t$LastJail" |
− | done
| + | done |
− | </nowiki> | + | </nowiki> |
| | | |
| save, then make executable | | save, then make executable |
Line 433: |
Line 413: |
| Output: | | Output: |
| <nowiki>IP BanTime UnbanTime Jail | | <nowiki>IP BanTime UnbanTime Jail |
− | 46.246.39.228 2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan] | + | 46.246.39.228 2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan] |
− | 124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan] | + | 124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan] |
− | 212.237.54.93 2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan] | + | 212.237.54.93 2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan] |
− | </nowiki> | + | </nowiki> |
| | | |
| ===WordPress=== | | ===WordPress=== |