3,250
edits
Changes
From SME Server
Jump to navigationJump to search→Show IPs banned by service
===Show IPs banned by service===
===Show IPs banned by service===
====Check the fail2ban log====
Here is another quick script that shows you the most recent IPs banned in the logs. Note that they may have been unbanned but there is no check for this.
Here is another quick script that shows you the most recent IPs banned in the logs. Note that they may have been unbanned but there is no check for this.
mkdir /root/bin
mkdir /root/bin
e.g.
e.g.
IP_list.sh qpsmtpd /var/log/fail2ban/daemon.log
IP_list.sh qpsmtpd /var/log/fail2ban/daemon.log
====Check the fail2ban banned IP for all active jails ====
by [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
mkdir /root/bin
vim /root/bin/sfail2ban
paste this in it:
#!/bin/bash
for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//')
do
fail2ban-client status $SERVI |grep -E 'Banned IP list|Status for the jail'
done
then do
chmod 755 /root/bin/sfail2ban
Usage :
sfail2ban
output:
# sfail2ban
Status for the jail: ftp
`- Banned IP list:
Status for the jail: http-auth
`- Banned IP list:
Status for the jail: http-badbots
`- Banned IP list:
Status for the jail: http-fakegooglebot
`- Banned IP list:
Status for the jail: http-noscript
`- Banned IP list:
Status for the jail: http-overflows
`- Banned IP list:
Status for the jail: http-scan
`- Banned IP list:
Status for the jail: http-shellshock
`- Banned IP list:
Status for the jail: imap
`- Banned IP list:
Status for the jail: pam-generic
`- Banned IP list:
Status for the jail: qpsmtpd
`- Banned IP list:
Status for the jail: recidive
`- Banned IP list:
Status for the jail: ssh
`- Banned IP list:
Status for the jail: ssh-ddos
`- Banned IP list:
[[Category: Contrib]]
[[Category: Contrib]]
[[Category: Security]]
[[Category: Security]]
