BreadCrumbs: Fail2ban

Fail2ban

From Luke Jackson

Revision as of 15:15, 18 September 2020; Ljackson (Talk | contribs)
(diff) ←Older revision | Current revision | Newer revision→ (diff)
Jump to: navigation, search

Extract Frequent Bans from Messages/Fail2ban.log

Extract frequent offender IP addresses

cat /var/log/messages | grep Ban | cut -d']' -f 2- | cut -d' ' -f 3 | sort | uniq -c | sort -n | cut -c 9-

Logfile excerpt:

Sep 17 23:42:40 core fail2ban.actions: WARNING [sasl-iptables] Ban 212.70.149.20
Sep 17 23:43:38 core fail2ban.actions: WARNING [sasl-iptables] Ban 45.142.120.83
Sep 17 23:44:14 core fail2ban.actions: WARNING [sasl-iptables] Ban 212.70.149.83
Sep 17 23:45:40 core fail2ban.actions: WARNING [sasl-iptables] Ban 212.70.149.52
Sep 18 00:02:05 core fail2ban.actions: WARNING [ssh-iptables] Ban 64.235.45.41
Sep 18 00:22:15 core fail2ban.actions: WARNING [sasl-iptables] Ban 193.169.253.168
Sep 18 00:39:59 core fail2ban.actions: WARNING [sasl-iptables] Ban 78.128.113.120
Sep 18 00:55:38 core fail2ban.actions: WARNING [sasl-iptables] Ban 212.70.149.4

Generate iptables rules (copy/paste IP addresses based on sorted list) [Mac OSX]

for i in `pbpaste`; do echo '-A INPUT -s '$i' -j DROP -m comment --comment "Fail2ban PermaBan!!"'; done
Personal tools