Troubleshooting fail2ban

Posted on May 14, 2019 by Damon Luong

One of the best ways of troubleshooting is to use the fail2ban-regex tool.

Feed this with the log-file you want to watch, and point it to the filter you want applied:

hostname ~ # /usr/bin/fail2ban-regex /var/log/messages /etc/fail2ban/filter.d/sshd.conf

or try this one "/usr/bin/fail2ban-client status ssh-iptables"

--

Extra Fun!

You can use this one-liner to parse through your /var/log/messages file and totalize the number of

times a specific IP-address has been attempting to access your machine:

awk ‘($(NF-7) = /invalid user/){print $(NF-3)}’ /var/log/messages | sort | uniq -c | sort

Once you have this listing, you can manually add IP-blocks of the form:

iptables -I INPUT -p tcp -s 83.103.96.33 –dport ssh -j REJECT –reject-with tcp-reset

About Damon Luong

San Jose, California

This entry was posted in Fail2Ban. Bookmark the permalink.

- WiFi Sonicwall VPN
- Dell switches wipe out/reset
- identify  domain controller
- windows 10 key finder
- Control Panel Tools