Changes

From SME Server
Jump to navigationJump to search
625 bytes removed ,  03:10, 22 March 2019
Line 5: Line 5:     
== Maintainer ==
 
== Maintainer ==
[[User:VIP-ire|Daniel B.]]<br/>
+
[[User:VIP-ire|Daniel B.]]<br />
 
[http://www.firewall-services.com Firewall Services]<br>
 
[http://www.firewall-services.com Firewall Services]<br>
 
mailto:daniel@firewall-services.com
 
mailto:daniel@firewall-services.com
Line 364: Line 364:  
  for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//')
 
  for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//')
 
  do
 
  do
  fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'
+
  fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'|sed 'N;s/\n/:/'|cut -d: -f2,4
 
  done
 
  done
 
then do  
 
then do  
Line 373: Line 373:  
output:
 
output:
 
  # sfail2ban
 
  # sfail2ban
  Status for the jail: ftp
+
  ftp:  
    `- Banned IP list:
+
  imap:  
  Status for the jail: http-auth
+
  pam-generic:
    `- Banned IP list:
+
  qpsmtpd:
  Status for the jail: http-badbots
+
  recidive: 141.98.80.15
    `- Banned IP list:
+
  ssh:
  Status for the jail: http-fakegooglebot
+
  ssh-ddos:
    `- Banned IP list:
+
wordpress:
Status for the jail: http-noscript
  −
    `- Banned IP list:
  −
Status for the jail: http-overflows
  −
    `- Banned IP list:
  −
  Status for the jail: http-scan
  −
    `- Banned IP list:
  −
Status for the jail: http-shellshock
  −
    `- Banned IP list:
  −
Status for the jail: imap
  −
    `- Banned IP list:
  −
Status for the jail: pam-generic
  −
    `- Banned IP list:
  −
  Status for the jail: qpsmtpd
  −
    `- Banned IP list:
  −
  Status for the jail: recidive
  −
    `- Banned IP list:
  −
  Status for the jail: ssh
  −
    `- Banned IP list:
  −
  Status for the jail: ssh-ddos
  −
    `- Banned IP list:
      
====Print a summary of the fail2ban db====
 
====Print a summary of the fail2ban db====
Line 408: Line 388:  
Paste this
 
Paste this
 
  <nowiki>#!/bin/bash
 
  <nowiki>#!/bin/bash
echo -e \
+
echo -e \
"IP            \t"\
+
"IP            \t"\
"BanTime            \t"\
+
"BanTime            \t"\
"UnbanTime          \t"\
+
"UnbanTime          \t"\
"Jail"
+
"Jail"
 
+
for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}');  
+
for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}');  
  do
+
  do
    IP=$(db fail2ban getprop $ban Host)
+
    IP=$(db fail2ban getprop $ban Host)
    Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp))
+
    Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp))
    UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp))
+
    UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp))
    LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}')  
+
    LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}')  
 
+
    printf "%-15s" "$IP"
+
    printf "%-15s" "$IP"
    echo -e "\t$Bantime\t$UnBanTime\t$LastJail"
+
    echo -e "\t$Bantime\t$UnBanTime\t$LastJail"
  done
+
  done
</nowiki>
+
</nowiki>
    
save, then make executable
 
save, then make executable
Line 433: Line 413:  
Output:
 
Output:
 
  <nowiki>IP            BanTime            UnbanTime          Jail
 
  <nowiki>IP            BanTime            UnbanTime          Jail
46.246.39.228  2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan]
+
46.246.39.228  2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan]
124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan]
+
124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan]
212.237.54.93  2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan]
+
212.237.54.93  2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan]
</nowiki>
+
</nowiki>
    
===WordPress===
 
===WordPress===
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,254

edits

Navigation menu