Line 164: |
Line 164: |
| /root/checklist_ban | | /root/checklist_ban |
| | | |
− |
| |
− | ====Show IPs banned by service====
| |
− |
| |
− | Here is another quick script that shows you the most recent IPs banned in the logs. Note that they may have been unbanned but there is no check for this.
| |
− |
| |
− | nano -w /root/IP_list.sh
| |
− |
| |
− | and copy and paste the below code into the file:
| |
− |
| |
− | #!/bin/sh
| |
− | # Set CLI vars to something we can read
| |
− | TYPE=$1
| |
− | LOG=$2
| |
− |
| |
− | # Set main grep string
| |
− | SEARCH="Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])"
| |
− |
| |
− | # Add the search term
| |
− | SEARCH="\[$TYPE]\ $SEARCH"
| |
− |
| |
− | # Now search the log
| |
− | grep -oE "\[$TYPE\] Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])" $LOG
| |
− |
| |
− | Save the file and make it executable:
| |
− | chmod 755 /root/IP_list.sh
| |
− |
| |
− | Usage :
| |
− | /root/IP_List.sh [service] [log]
| |
− |
| |
− | e.g.
| |
− | /root/IP_List.sh qpsmtpd /var/log/fail2ban/daemon.log
| |
| | | |
| ==== Unban an IP ==== | | ==== Unban an IP ==== |
Line 235: |
Line 204: |
| /etc/init.d/masq restart | | /etc/init.d/masq restart |
| signal-event fail2ban-conf | | signal-event fail2ban-conf |
| + | |
| + | |
| ====default jail.conf==== | | ====default jail.conf==== |
| [DEFAULT] | | [DEFAULT] |
Line 316: |
Line 287: |
| | | |
| | | |
− | === Uninstall ===
| + | == Uninstall == |
| yum remove smeserver-fail2ban fail2ban | | yum remove smeserver-fail2ban fail2ban |
| | | |
Line 339: |
Line 310: |
| | | |
| ^\s*\d+\s*logging::logterse plugin \(deny\): \` <HOST>\s*.*90\d.*msg denied before queued$ | | ^\s*\d+\s*logging::logterse plugin \(deny\): \` <HOST>\s*.*90\d.*msg denied before queued$ |
| + | |
| + | |
| + | ===Show IPs banned by service=== |
| + | |
| + | Here is another quick script that shows you the most recent IPs banned in the logs. Note that they may have been unbanned but there is no check for this. |
| + | |
| + | nano -w /root/IP_list.sh |
| + | |
| + | and copy and paste the below code into the file: |
| + | |
| + | #!/bin/sh |
| + | # Set CLI vars to something we can read |
| + | TYPE=$1 |
| + | LOG=$2 |
| + | |
| + | # Set main grep string |
| + | SEARCH="Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])" |
| + | |
| + | # Add the search term |
| + | SEARCH="\[$TYPE]\ $SEARCH" |
| + | |
| + | # Now search the log |
| + | grep -oE "\[$TYPE\] Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])" $LOG |
| + | |
| + | Save the file and make it executable: |
| + | chmod 755 /root/IP_list.sh |
| + | |
| + | Usage : |
| + | /root/IP_List.sh [service] [log] |
| + | |
| + | e.g. |
| + | /root/IP_List.sh qpsmtpd /var/log/fail2ban/daemon.log |
| | | |
| | | |