Changes

Changes

From SME Server

Jump to navigation Jump to search

Fail2ban (view source)

Revision as of 04:10, 22 March 2019

625 bytes removed , 04:10, 22 March 2019

→‎Check the fail2ban banned IP for all active jails

Line 5: Line 5:

== Maintainer ==

−

[[User:VIP-ire|Daniel B.]]<br/>

[[User:VIP-ire|Daniel B.]]<br />

[http://www.firewall-services.com Firewall Services]<br>

mailto:daniel@firewall-services.com

Line 364: Line 364:

for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//')

−

fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'

fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail'|sed 'N;s/\n/:/'|cut -d: -f2,4

done

then do

Line 373: Line 373:

output:

# sfail2ban

−

~~Status for the jail:~~ ftp

ftp:

−

~~`- Banned IP list~~:

imap:

−

~~Status for the jail: http-auth~~

pam-generic:

−

~~`- Banned IP list:~~

qpsmtpd:

−

~~Status for the jail~~: ~~http-badbots~~

recidive: 141.98.80.15

−

~~`- Banned IP list:~~

ssh:

−

~~Status for the jail: http-fakegooglebot~~

ssh-ddos:

−

~~`- Banned IP list:~~

wordpress:

−

~~Status for the jail: http-noscript~~

−

~~`- Banned IP list:~~

−

~~Status for the jail: http-overflows~~

−

~~`- Banned IP list:~~

−

~~Status for the jail: http-scan~~

−

~~`- Banned IP list:~~

−

~~Status for the jail: http-shellshock~~

−

~~`- Banned IP list:~~

−

~~Status for the jail: imap~~

−

~~`- Banned IP list:~~

−

~~Status for the jail:~~ pam-generic

−

~~`- Banned IP list~~:

−

~~Status for the jail:~~ qpsmtpd

−

~~`- Banned IP list~~:

−

~~Status for the jail:~~ recidive

−

~~`- Banned IP list~~:

−

~~Status for the jail:~~ ssh

−

~~`- Banned IP list~~:

−

~~Status for the jail:~~ ssh-ddos

−

~~`- Banned IP list~~:

====Print a summary of the fail2ban db====

Line 408: Line 388:

Paste this

<nowiki>#!/bin/bash

−

echo -e \

−

"IP \t"\

−

"BanTime \t"\

−

"UnbanTime \t"\

−

"Jail"

−

for ban in $(db fail2ban show |awk -F\= ' $2=="ban" {print $1}');

−

IP=$(db fail2ban getprop $ban Host)

−

Bantime=$(date +"%F %T" -d @$(db fail2ban getprop $ban BanTimestamp))

−

UnBanTime=$(date +"%F %T" -d @$(db fail2ban getprop $ban UnbanTimestamp))

−

LastJail=$(zgrep -H "Ban $IP" $(find /var/log/fail2ban -type f -ctime -7) |tail -1 |awk '{print $6}')

−

printf "%-15s" "$IP"

−

echo -e "\t$Bantime\t$UnBanTime\t$LastJail"

−

done

−

</nowiki>

save, then make executable

Line 433: Line 413:

Output:

<nowiki>IP BanTime UnbanTime Jail

−

46.246.39.228 2017-09-09 18:45:00 2017-09-10 18:45:00 [http-scan]

−

124.239.180.102 2017-09-09 12:07:32 2017-09-10 12:07:32 [http-scan]

−

212.237.54.93 2017-09-09 19:27:32 2017-09-10 19:27:32 [http-scan]

−

</nowiki>

===WordPress===

Unnilennium

Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators

3,240

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/37960"

Fail2ban (view source)

Revision as of 04:10, 22 March 2019

Navigation menu

Page actions

Page actions

Personal tools

Koozali SME Server

Recent activities

Koozali resources

Koozali SME Server wiki

Tools

Search