Changes

Jump to navigation Jump to search
1 byte removed ,  23:33, 22 June 2015
no edit summary
Line 164: Line 164:  
  /root/checklist_ban
 
  /root/checklist_ban
   −
  −
====Show IPs banned by service====
  −
  −
Here is another quick script that shows you the most recent IPs banned in the logs. Note that they may have been unbanned but there is no check for this.
  −
  −
nano -w /root/IP_list.sh
  −
  −
and copy and paste the below code into the file:
  −
  −
#!/bin/sh
  −
# Set CLI vars to something we can read
  −
TYPE=$1
  −
LOG=$2
  −
  −
# Set main grep string
  −
SEARCH="Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])"
  −
  −
# Add the search term
  −
SEARCH="\[$TYPE]\ $SEARCH"
  −
  −
# Now search the log
  −
grep -oE "\[$TYPE\] Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])" $LOG
  −
  −
Save the file and make it executable:
  −
chmod 755 /root/IP_list.sh
  −
  −
Usage :
  −
/root/IP_List.sh [service] [log]
  −
  −
e.g.
  −
/root/IP_List.sh qpsmtpd /var/log/fail2ban/daemon.log
      
==== Unban an IP ====
 
==== Unban an IP ====
Line 235: Line 204:  
  /etc/init.d/masq restart
 
  /etc/init.d/masq restart
 
  signal-event fail2ban-conf
 
  signal-event fail2ban-conf
 +
 +
 
====default jail.conf====
 
====default jail.conf====
 
  [DEFAULT]
 
  [DEFAULT]
Line 316: Line 287:       −
=== Uninstall ===
+
== Uninstall ==
 
  yum remove smeserver-fail2ban fail2ban
 
  yum remove smeserver-fail2ban fail2ban
   Line 339: Line 310:     
  ^\s*\d+\s*logging::logterse plugin \(deny\): \` <HOST>\s*.*90\d.*msg denied before queued$
 
  ^\s*\d+\s*logging::logterse plugin \(deny\): \` <HOST>\s*.*90\d.*msg denied before queued$
 +
 +
 +
===Show IPs banned by service===
 +
 +
Here is another quick script that shows you the most recent IPs banned in the logs. Note that they may have been unbanned but there is no check for this.
 +
 +
nano -w /root/IP_list.sh
 +
 +
and copy and paste the below code into the file:
 +
 +
#!/bin/sh
 +
# Set CLI vars to something we can read
 +
TYPE=$1
 +
LOG=$2
 +
 +
# Set main grep string
 +
SEARCH="Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])"
 +
 +
# Add the search term
 +
SEARCH="\[$TYPE]\ $SEARCH"
 +
 +
# Now search the log
 +
grep -oE "\[$TYPE\] Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])" $LOG
 +
 +
Save the file and make it executable:
 +
chmod 755 /root/IP_list.sh
 +
 +
Usage :
 +
/root/IP_List.sh [service] [log]
 +
 +
e.g.
 +
/root/IP_List.sh qpsmtpd /var/log/fail2ban/daemon.log
     

Navigation menu