3,704
edits
Changes
From SME Server
Jump to navigationJump to searchno edit summary
/root/checklist_ban
/root/checklist_ban
==== Unban an IP ====
==== Unban an IP ====
/etc/init.d/masq restart
/etc/init.d/masq restart
signal-event fail2ban-conf
signal-event fail2ban-conf
====default jail.conf====
====default jail.conf====
[DEFAULT]
[DEFAULT]
== Uninstall ==
yum remove smeserver-fail2ban fail2ban
yum remove smeserver-fail2ban fail2ban
^\s*\d+\s*logging::logterse plugin \(deny\): \` <HOST>\s*.*90\d.*msg denied before queued$
^\s*\d+\s*logging::logterse plugin \(deny\): \` <HOST>\s*.*90\d.*msg denied before queued$
===Show IPs banned by service===
Here is another quick script that shows you the most recent IPs banned in the logs. Note that they may have been unbanned but there is no check for this.
nano -w /root/IP_list.sh
and copy and paste the below code into the file:
#!/bin/sh
# Set CLI vars to something we can read
TYPE=$1
LOG=$2
# Set main grep string
SEARCH="Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])"
# Add the search term
SEARCH="\[$TYPE]\ $SEARCH"
# Now search the log
grep -oE "\[$TYPE\] Ban ((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])" $LOG
Save the file and make it executable:
chmod 755 /root/IP_list.sh
Usage :
/root/IP_List.sh [service] [log]
e.g.
/root/IP_List.sh qpsmtpd /var/log/fail2ban/daemon.log
