Tartalom
Adatok
Licenc: GNU GPLv2
Verziószám: 0.9.6 (Debian 9-ben)
Fejlesztő/tulajdonos: Cyril Jaquier, és 2008-tól a Fail2Ban közreműködői
Rövid leírás:
A fail2ban-client (linux parancs) manual oldala és súgója. A parancs segítségével a Fail2Ban program működését szabályozhatjuk, többek között a jail-okat (szűrőket) indíthatjuk és állíthatjuk le.
Man oldal kimenet
man fail2ban-client
FAIL2BAN-CLIENT(1) User Commands FAIL2BAN-CLIENT(1)
NAME
fail2ban-client - configure and control the server
SYNOPSIS
fail2ban-client [OPTIONS] <COMMAND>
DESCRIPTION
Fail2Ban v0.9.6 reads log file that contains password failure report and bans
the corresponding IP addresses using firewall rules.
OPTIONS
-c <DIR>
configuration directory
-s <FILE>
socket path
-p <FILE>
pidfile path
-d dump configuration. For debugging
-i interactive mode
-v increase verbosity
-q decrease verbosity
-x force execution of the server (remove socket file)
-b start server in background (default)
-f start server in foreground (note that the client forks once itself)
-h, --help
display this help message
-V, --version
print the version
COMMAND
BASIC
start starts the server and the jails
reload reloads the configuration
reload <JAIL>
reloads the jail <JAIL>
stop stops all jails and terminate the server
status gets the current status of the server
ping tests if the server is alive
help return this output
version
return the server version
LOGGING
set loglevel <LEVEL>
sets logging level to <LEVEL>. Levels: CRITICAL, ERROR, WARNING, NOTICE,
INFO, DEBUG
get loglevel
gets the logging level
set logtarget <TARGET>
sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file
get logtarget
gets logging target
set syslogsocket auto|<SOCKET>
sets the syslog socket path to auto or <SOCKET>. Only used if logtarget
is SYSLOG
get syslogsocket
gets syslog socket path
flushlogs
flushes the logtarget if a file and reopens it. For log rotation.
DATABASE
set dbfile <FILE>
set the location of fail2ban persistent datastore. Set to "None" to dis‐
able
get dbfile
get the location of fail2ban persistent datastore
set dbpurgeage <SECONDS>
sets the max age in <SECONDS> that history of bans will be kept
get dbpurgeage
gets the max age in seconds that history of bans will be kept
JAIL CONTROL
add <JAIL> <BACKEND>
creates <JAIL> using <BACKEND>
start <JAIL>
starts the jail <JAIL>
stop <JAIL>
stops the jail <JAIL>. The jail is removed
status <JAIL> [FLAVOR]
gets the current status of <JAIL>, with optional flavor or extended info
JAIL CONFIGURATION
set <JAIL> idle on|off
sets the idle state of <JAIL>
set <JAIL> addignoreip <IP>
adds <IP> to the ignore list of <JAIL>
set <JAIL> delignoreip <IP>
removes <IP> from the ignore list of <JAIL>
set <JAIL> addlogpath <FILE> ['tail']
adds <FILE> to the monitoring list of <JAIL>, optionally starting at the
'tail' of the file (default 'head').
set <JAIL> dellogpath <FILE>
removes <FILE> from the monitoring list of <JAIL>
set <JAIL> logencoding <ENCODING>
sets the <ENCODING> of the log files for <JAIL>
set <JAIL> addjournalmatch <MATCH>
adds <MATCH> to the journal filter of <JAIL>
set <JAIL> deljournalmatch <MATCH>
removes <MATCH> from the journal filter of <JAIL>
set <JAIL> addfailregex <REGEX>
adds the regular expression <REGEX> which must match failures for <JAIL>
set <JAIL> delfailregex <INDEX>
removes the regular expression at <INDEX> for failregex
set <JAIL> ignorecommand <VALUE>
sets ignorecommand of <JAIL>
set <JAIL> addignoreregex <REGEX>
adds the regular expression <REGEX> which should match pattern to exclude
for <JAIL>
set <JAIL> delignoreregex <INDEX>
removes the regular expression at <INDEX> for ignoreregex
set <JAIL> findtime <TIME>
sets the number of seconds <TIME> for which the filter will look back for
<JAIL>
set <JAIL> bantime <TIME>
sets the number of seconds <TIME> a host will be banned for <JAIL>
set <JAIL> datepattern <PATTERN>
sets the <PATTERN> used to match date/times for <JAIL>
set <JAIL> usedns <VALUE>
sets the usedns mode for <JAIL>
set <JAIL> banip <IP>
manually Ban <IP> for <JAIL>
set <JAIL> unbanip <IP>
manually Unban <IP> in <JAIL>
set <JAIL> maxretry <RETRY>
sets the number of failures <RETRY> before banning the host for <JAIL>
set <JAIL> maxlines <LINES>
sets the number of <LINES> to buffer for regex search for <JAIL>
set <JAIL> addaction <ACT>[ <PYTHONFILE> <JSONKWARGS>]
adds a new action named <ACT> for <JAIL>. Optionally for a Python based
action, a <PYTHONFILE> and <JSONKWARGS> can be specified, else will be a
Command Action
set <JAIL> delaction <ACT>
removes the action <ACT> from <JAIL>
COMMAND ACTION CONFIGURATION
set <JAIL> action <ACT> actionstart <CMD>
sets the start command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionstop <CMD> sets the stop command <CMD> of the
action <ACT> for <JAIL>
set <JAIL> action <ACT> actioncheck <CMD>
sets the check command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionban <CMD>
sets the ban command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionunban <CMD>
sets the unban command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> timeout <TIMEOUT>
sets <TIMEOUT> as the command timeout in seconds for the action <ACT> for
<JAIL>
GENERAL ACTION CONFIGURATION
set <JAIL> action <ACT> <PROPERTY> <VALUE>
sets the <VALUE> of <PROPERTY> for the action <ACT> for <JAIL>
set <JAIL> action <ACT> <METHOD>[ <JSONKWARGS>]
calls the <METHOD> with <JSONKWARGS> for the action <ACT> for <JAIL>
JAIL INFORMATION
get <JAIL> logpath
gets the list of the monitored files for <JAIL>
get <JAIL> logencoding
gets the encoding of the log files for <JAIL>
get <JAIL> journalmatch
gets the journal filter match for <JAIL>
get <JAIL> ignoreip
gets the list of ignored IP addresses for <JAIL>
get <JAIL> ignorecommand
gets ignorecommand of <JAIL>
get <JAIL> failregex
gets the list of regular expressions which matches the failures for
<JAIL>
get <JAIL> ignoreregex
gets the list of regular expressions which matches patterns to ignore for
<JAIL>
get <JAIL> findtime
gets the time for which the filter will look back for failures for <JAIL>
get <JAIL> bantime
gets the time a host is banned for <JAIL>
get <JAIL> datepattern
gets the patern used to match date/times for <JAIL>
get <JAIL> usedns
gets the usedns setting for <JAIL>
get <JAIL> maxretry
gets the number of failures allowed for <JAIL>
get <JAIL> maxlines
gets the number of lines to buffer for <JAIL>
get <JAIL> actions
gets a list of actions for <JAIL>
COMMAND ACTION INFORMATION
get <JAIL> action <ACT> actionstart
gets the start command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actionstop
gets the stop command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actioncheck
gets the check command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actionban
gets the ban command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actionunban
gets the unban command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> timeout
gets the command timeout in seconds for the action <ACT> for <JAIL>
GENERAL ACTION INFORMATION
get <JAIL> actionproperties <ACT>
gets a list of properties for the action <ACT> for <JAIL>
get <JAIL> actionmethods <ACT>
gets a list of methods for the action <ACT> for <JAIL>
get <JAIL> action <ACT> <PROPERTY>
gets the value of <PROPERTY> for the action <ACT> for <JAIL>
FILES
/etc/fail2ban/*
AUTHOR
Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many contributions by
Yaroslav O. Halchenko <debian@onerussian.com>.
REPORTING BUGS
Report bugs via Debian bug tracking system http://www.debian.org/Bugs/ .
COPYRIGHT
Copyright © 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors
Copyright of modifications held by their respective authors. Licensed under the
GNU General Public License v2 (GPL).
SEE ALSO
fail2ban-server(1) jail.conf(5)
fail2ban-client v0.9.6 December 2016 FAIL2BAN-CLIENT(1)
Súgó kimenet
fail2ban-client --help
Usage: /usr/bin/fail2ban-client [OPTIONS] <COMMAND>
Fail2Ban v0.9.6 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
Options:
-c <DIR> configuration directory
-s <FILE> socket path
-p <FILE> pidfile path
-d dump configuration. For debugging
-i interactive mode
-v increase verbosity
-q decrease verbosity
-x force execution of the server (remove socket file)
-b start server in background (default)
-f start server in foreground (note that the client forks once itself)
-h, --help display this help message
-V, --version print the version
Command:
BASIC
start starts the server and the jails
reload reloads the configuration
reload <JAIL> reloads the jail <JAIL>
stop stops all jails and terminate the
server
status gets the current status of the
server
ping tests if the server is alive
help return this output
version return the server version
LOGGING
set loglevel <LEVEL> sets logging level to <LEVEL>.
Levels: CRITICAL, ERROR, WARNING,
NOTICE, INFO, DEBUG
get loglevel gets the logging level
set logtarget <TARGET> sets logging target to <TARGET>.
Can be STDOUT, STDERR, SYSLOG or a
file
get logtarget gets logging target
set syslogsocket auto|<SOCKET> sets the syslog socket path to
auto or <SOCKET>. Only used if
logtarget is SYSLOG
get syslogsocket gets syslog socket path
flushlogs flushes the logtarget if a file
and reopens it. For log rotation.
DATABASE
set dbfile <FILE> set the location of fail2ban
persistent datastore. Set to
"None" to disable
get dbfile get the location of fail2ban
persistent datastore
set dbpurgeage <SECONDS> sets the max age in <SECONDS> that
history of bans will be kept
get dbpurgeage gets the max age in seconds that
history of bans will be kept
JAIL CONTROL
add <JAIL> <BACKEND> creates <JAIL> using <BACKEND>
start <JAIL> starts the jail <JAIL>
stop <JAIL> stops the jail <JAIL>. The jail is
removed
status <JAIL> [FLAVOR] gets the current status of <JAIL>,
with optional flavor or extended
info
JAIL CONFIGURATION
set <JAIL> idle on|off sets the idle state of <JAIL>
set <JAIL> addignoreip <IP> adds <IP> to the ignore list of
<JAIL>
set <JAIL> delignoreip <IP> removes <IP> from the ignore list
of <JAIL>
set <JAIL> addlogpath <FILE> ['tail'] adds <FILE> to the monitoring list
of <JAIL>, optionally starting at
the 'tail' of the file (default
'head').
set <JAIL> dellogpath <FILE> removes <FILE> from the monitoring
list of <JAIL>
set <JAIL> logencoding <ENCODING> sets the <ENCODING> of the log
files for <JAIL>
set <JAIL> addjournalmatch <MATCH> adds <MATCH> to the journal filter
of <JAIL>
set <JAIL> deljournalmatch <MATCH> removes <MATCH> from the journal
filter of <JAIL>
set <JAIL> addfailregex <REGEX> adds the regular expression
<REGEX> which must match failures
for <JAIL>
set <JAIL> delfailregex <INDEX> removes the regular expression at
<INDEX> for failregex
set <JAIL> ignorecommand <VALUE> sets ignorecommand of <JAIL>
set <JAIL> addignoreregex <REGEX> adds the regular expression
<REGEX> which should match pattern
to exclude for <JAIL>
set <JAIL> delignoreregex <INDEX> removes the regular expression at
<INDEX> for ignoreregex
set <JAIL> findtime <TIME> sets the number of seconds <TIME>
for which the filter will look
back for <JAIL>
set <JAIL> bantime <TIME> sets the number of seconds <TIME>
a host will be banned for <JAIL>
set <JAIL> datepattern <PATTERN> sets the <PATTERN> used to match
date/times for <JAIL>
set <JAIL> usedns <VALUE> sets the usedns mode for <JAIL>
set <JAIL> banip <IP> manually Ban <IP> for <JAIL>
set <JAIL> unbanip <IP> manually Unban <IP> in <JAIL>
set <JAIL> maxretry <RETRY> sets the number of failures
<RETRY> before banning the host
for <JAIL>
set <JAIL> maxlines <LINES> sets the number of <LINES> to
buffer for regex search for <JAIL>
set <JAIL> addaction <ACT>[ <PYTHONFILE> <JSONKWARGS>]
adds a new action named <ACT> for
<JAIL>. Optionally for a Python
based action, a <PYTHONFILE> and
<JSONKWARGS> can be specified,
else will be a Command Action
set <JAIL> delaction <ACT> removes the action <ACT> from
<JAIL>
COMMAND ACTION CONFIGURATION
set <JAIL> action <ACT> actionstart <CMD>
sets the start command <CMD> of
the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionstop <CMD> sets the stop command <CMD> of the
action <ACT> for <JAIL>
set <JAIL> action <ACT> actioncheck <CMD>
sets the check command <CMD> of
the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionban <CMD> sets the ban command <CMD> of the
action <ACT> for <JAIL>
set <JAIL> action <ACT> actionunban <CMD>
sets the unban command <CMD> of
the action <ACT> for <JAIL>
set <JAIL> action <ACT> timeout <TIMEOUT>
sets <TIMEOUT> as the command
timeout in seconds for the action
<ACT> for <JAIL>
GENERAL ACTION CONFIGURATION
set <JAIL> action <ACT> <PROPERTY> <VALUE>
sets the <VALUE> of <PROPERTY> for
the action <ACT> for <JAIL>
set <JAIL> action <ACT> <METHOD>[ <JSONKWARGS>]
calls the <METHOD> with
<JSONKWARGS> for the action <ACT>
for <JAIL>
JAIL INFORMATION
get <JAIL> logpath gets the list of the monitored
files for <JAIL>
get <JAIL> logencoding gets the encoding of the log files
for <JAIL>
get <JAIL> journalmatch gets the journal filter match for
<JAIL>
get <JAIL> ignoreip gets the list of ignored IP
addresses for <JAIL>
get <JAIL> ignorecommand gets ignorecommand of <JAIL>
get <JAIL> failregex gets the list of regular
expressions which matches the
failures for <JAIL>
get <JAIL> ignoreregex gets the list of regular
expressions which matches patterns
to ignore for <JAIL>
get <JAIL> findtime gets the time for which the filter
will look back for failures for
<JAIL>
get <JAIL> bantime gets the time a host is banned for
<JAIL>
get <JAIL> datepattern gets the patern used to match
date/times for <JAIL>
get <JAIL> usedns gets the usedns setting for <JAIL>
get <JAIL> maxretry gets the number of failures
allowed for <JAIL>
get <JAIL> maxlines gets the number of lines to buffer
for <JAIL>
get <JAIL> actions gets a list of actions for <JAIL>
COMMAND ACTION INFORMATION
get <JAIL> action <ACT> actionstart gets the start command for the
action <ACT> for <JAIL>
get <JAIL> action <ACT> actionstop gets the stop command for the
action <ACT> for <JAIL>
get <JAIL> action <ACT> actioncheck gets the check command for the
action <ACT> for <JAIL>
get <JAIL> action <ACT> actionban gets the ban command for the
action <ACT> for <JAIL>
get <JAIL> action <ACT> actionunban gets the unban command for the
action <ACT> for <JAIL>
get <JAIL> action <ACT> timeout gets the command timeout in
seconds for the action <ACT> for
<JAIL>
GENERAL ACTION INFORMATION
get <JAIL> actionproperties <ACT> gets a list of properties for the
action <ACT> for <JAIL>
get <JAIL> actionmethods <ACT> gets a list of methods for the
action <ACT> for <JAIL>
get <JAIL> action <ACT> <PROPERTY> gets the value of <PROPERTY> for
the action <ACT> for <JAIL>
Report bugs to https://github.com/fail2ban/fail2ban/issues
Kapcsolódó tartalom
- 20 megtekintés