Difference between revisions of "Commands"

From Fail2ban
Jump to navigationJump to search
m (Reverted edits by Henryut (talk) to last revision by 83.103.186.217)
(0.8.11 release)
Line 8: Line 8:
  
  
=== Basic ===
+
 
 +
=== BASIC ===
  
  
Line 18: Line 19:
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>reload</tt></span> || || reloads the configuration
 
| <span style="white-space:nowrap;"><tt>reload</tt></span> || || reloads the configuration
 +
|-
 +
| <span style="white-space:nowrap;"><tt>reload <JAIL></tt></span> || || reloads the jail <JAIL>
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>stop</tt></span> || || stops all jails and terminate the server
 
| <span style="white-space:nowrap;"><tt>stop</tt></span> || || stops all jails and terminate the server
Line 24: Line 27:
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>ping</tt></span> || || tests if the server is alive
 
| <span style="white-space:nowrap;"><tt>ping</tt></span> || || tests if the server is alive
 +
|-
 +
| <span style="white-space:nowrap;"><tt>help</tt></span> || || return this output
 
|}
 
|}
  
=== Logging ===
+
=== LOGGING ===
  
  
Line 42: Line 47:
 
|}
 
|}
  
=== Jail control ===
+
=== JAIL CONTROL ===
  
  
Line 52: Line 57:
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>start <JAIL></tt></span> || || starts the jail <JAIL>
 
| <span style="white-space:nowrap;"><tt>start <JAIL></tt></span> || || starts the jail <JAIL>
|-
 
| <span style="white-space:nowrap;"><tt>reload <JAIL></tt></span> || || reloads the jail <JAIL>
 
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>stop <JAIL></tt></span> || || stops the jail <JAIL>. The jail is removed
 
| <span style="white-space:nowrap;"><tt>stop <JAIL></tt></span> || || stops the jail <JAIL>. The jail is removed
Line 60: Line 63:
 
|}
 
|}
  
=== Jail configuration ===
+
=== JAIL CONFIGURATION ===
  
  
Line 67: Line 70:
 
| '''Command''' || || '''Description'''
 
| '''Command''' || || '''Description'''
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>set <JAIL> idle on<nowiki>|</nowiki>off</tt></span> || || sets the idle state of <JAIL>
+
| <span style="white-space:nowrap;"><tt>set <JAIL> idle on|off</tt></span> || || sets the idle state of <JAIL>
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>set <JAIL> addignoreip <IP></tt></span> || || adds <IP> to the ignore list of <JAIL>
 
| <span style="white-space:nowrap;"><tt>set <JAIL> addignoreip <IP></tt></span> || || adds <IP> to the ignore list of <JAIL>
Line 75: Line 78:
 
| <span style="white-space:nowrap;"><tt>set <JAIL> addlogpath <FILE></tt></span> || || adds <FILE> to the monitoring list of <JAIL>
 
| <span style="white-space:nowrap;"><tt>set <JAIL> addlogpath <FILE></tt></span> || || adds <FILE> to the monitoring list of <JAIL>
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>set <JAIL> dellogpath <FILE></tt></span> || || removes <FILE> to the monitoring list of <JAIL>
+
| <span style="white-space:nowrap;"><tt>set <JAIL> dellogpath <FILE></tt></span> || || removes <FILE> from the monitoring list of <JAIL>
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>set <JAIL> timeregex <REGEX></tt></span> || || sets the regular expression <REGEX> to match the date format for <JAIL>. This will disable the autodetection feature.
+
| <span style="white-space:nowrap;"><tt>set <JAIL> addfailregex <REGEX></tt></span> || || adds the regular expression <REGEX> which must match failures for <JAIL>
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>set <JAIL> timepattern <PATTERN></tt></span> || || sets the pattern <PATTERN> to match the date format for <JAIL>. This will disable the autodetection feature.
+
| <span style="white-space:nowrap;"><tt>set <JAIL> delfailregex <INDEX></tt></span> || || removes the regular expression at <INDEX> for failregex
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>set <JAIL> failregex <REGEX></tt></span> || || sets the regular expression <REGEX> which must match failures for <JAIL>
+
| <span style="white-space:nowrap;"><tt>set <JAIL> addignoreregex <REGEX></tt></span> || || adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>set <JAIL> ignoreregex <REGEX></tt></span> || || sets the regular expression <REGEX> which should match pattern to exclude for <JAIL>
+
| <span style="white-space:nowrap;"><tt>set <JAIL> delignoreregex <INDEX></tt></span> || || removes the regular expression at <INDEX> for ignoreregex
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>set <JAIL> findtime <TIME></tt></span> || || sets the number of seconds <TIME> for which the filter will look back for <JAIL>
 
| <span style="white-space:nowrap;"><tt>set <JAIL> findtime <TIME></tt></span> || || sets the number of seconds <TIME> for which the filter will look back for <JAIL>
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>set <JAIL> bantime <TIME></tt></span> || || sets the number of seconds <TIME> a host will be banned for <JAIL>
 
| <span style="white-space:nowrap;"><tt>set <JAIL> bantime <TIME></tt></span> || || sets the number of seconds <TIME> a host will be banned for <JAIL>
 +
|-
 +
| <span style="white-space:nowrap;"><tt>set <JAIL> usedns <VALUE></tt></span> || || sets the usedns mode for <JAIL>
 +
|-
 +
| <span style="white-space:nowrap;"><tt>set <JAIL> banip <IP></tt></span> || || manually Ban <IP> for <JAIL>
 +
|-
 +
| <span style="white-space:nowrap;"><tt>set <JAIL> unbanip <IP></tt></span> || || manually Unban <IP> in <JAIL>
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>set <JAIL> maxretry <RETRY></tt></span> || || sets the number of failures <RETRY> before banning the host for <JAIL>
 
| <span style="white-space:nowrap;"><tt>set <JAIL> maxretry <RETRY></tt></span> || || sets the number of failures <RETRY> before banning the host for <JAIL>
Line 110: Line 119:
 
|}
 
|}
  
=== Jail information ===
+
=== JAIL INFORMATION ===
  
  
Line 121: Line 130:
 
| <span style="white-space:nowrap;"><tt>get <JAIL> ignoreip</tt></span> || || gets the list of ignored IP addresses for <JAIL>
 
| <span style="white-space:nowrap;"><tt>get <JAIL> ignoreip</tt></span> || || gets the list of ignored IP addresses for <JAIL>
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>get <JAIL> timeregex</tt></span> || || gets the regular expression used for the time detection for <JAIL>
+
| <span style="white-space:nowrap;"><tt>get <JAIL> failregex</tt></span> || || gets the list of regular expressions which matches the failures for <JAIL>
|-
 
| <span style="white-space:nowrap;"><tt>get <JAIL> timepattern</tt></span> || || gets the pattern used for the time detection for <JAIL>
 
|-
 
| <span style="white-space:nowrap;"><tt>get <JAIL> failregex</tt></span> || || gets the regular expression which matches the failures for <JAIL>
 
 
|-
 
|-
| <span style="white-space:nowrap;"><tt>get <JAIL> ignoreregex</tt></span> || || gets the regular expression which matches patterns to ignore for <JAIL>
+
| <span style="white-space:nowrap;"><tt>get <JAIL> ignoreregex</tt></span> || || gets the list of regular expressions which matches patterns to ignore for <JAIL>
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>get <JAIL> findtime</tt></span> || || gets the time for which the filter will look back for failures for <JAIL>
 
| <span style="white-space:nowrap;"><tt>get <JAIL> findtime</tt></span> || || gets the time for which the filter will look back for failures for <JAIL>
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>get <JAIL> bantime</tt></span> || || gets the time a host is banned for <JAIL>
 
| <span style="white-space:nowrap;"><tt>get <JAIL> bantime</tt></span> || || gets the time a host is banned for <JAIL>
 +
|-
 +
| <span style="white-space:nowrap;"><tt>get <JAIL> usedns</tt></span> || || gets the usedns setting for <JAIL>
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>get <JAIL> maxretry</tt></span> || || gets the number of failures allowed for <JAIL>
 
| <span style="white-space:nowrap;"><tt>get <JAIL> maxretry</tt></span> || || gets the number of failures allowed for <JAIL>
Line 146: Line 153:
 
|-
 
|-
 
| <span style="white-space:nowrap;"><tt>get <JAIL> actionunban <ACT></tt></span> || || gets the unban command for the action <ACT> for <JAIL>
 
| <span style="white-space:nowrap;"><tt>get <JAIL> actionunban <ACT></tt></span> || || gets the unban command for the action <ACT> for <JAIL>
 +
|-
 +
| <span style="white-space:nowrap;"><tt>get <JAIL> cinfo <ACT> <KEY></tt></span> || || gets the value for <KEY> for the action <ACT> for <JAIL>
 
|}
 
|}

Revision as of 22:39, 12 November 2013

The commands presented above can be executed using: 

$ fail2ban-client <COMMAND>

or by typing them in the interactive console available with: 

$ fail2ban-client -i


BASIC

Command Description
start starts the server and the jails
reload reloads the configuration
reload <JAIL> reloads the jail <JAIL>
stop stops all jails and terminate the server
status gets the current status of the server
ping tests if the server is alive
help return this output

LOGGING

Command Description
set loglevel <LEVEL> sets logging level to <LEVEL>. 0 is minimal, 4 is debug
get loglevel gets the logging level
set logtarget <TARGET> sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file
get logtarget gets logging target

JAIL CONTROL

Command Description
add <JAIL> <BACKEND> creates <JAIL> using <BACKEND>
start <JAIL> starts the jail <JAIL>
stop <JAIL> stops the jail <JAIL>. The jail is removed
status <JAIL> gets the current status of <JAIL>

JAIL CONFIGURATION

Command Description
off sets the idle state of <JAIL>
set <JAIL> addignoreip <IP> adds <IP> to the ignore list of <JAIL>
set <JAIL> delignoreip <IP> removes <IP> from the ignore list of <JAIL>
set <JAIL> addlogpath <FILE> adds <FILE> to the monitoring list of <JAIL>
set <JAIL> dellogpath <FILE> removes <FILE> from the monitoring list of <JAIL>
set <JAIL> addfailregex <REGEX> adds the regular expression <REGEX> which must match failures for <JAIL>
set <JAIL> delfailregex <INDEX> removes the regular expression at <INDEX> for failregex
set <JAIL> addignoreregex <REGEX> adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>
set <JAIL> delignoreregex <INDEX> removes the regular expression at <INDEX> for ignoreregex
set <JAIL> findtime sets the number of seconds
set <JAIL> bantime sets the number of seconds
set <JAIL> usedns <VALUE> sets the usedns mode for <JAIL>
set <JAIL> banip <IP> manually Ban <IP> for <JAIL>
set <JAIL> unbanip <IP> manually Unban <IP> in <JAIL>
set <JAIL> maxretry <RETRY> sets the number of failures <RETRY> before banning the host for <JAIL>
set <JAIL> addaction <ACT> adds a new action named <NAME> for <JAIL>
set <JAIL> delaction <ACT> removes the action <NAME> from <JAIL>
set <JAIL> setcinfo <ACT> <KEY> <VALUE> sets <VALUE> for <KEY> of the action <NAME> for <JAIL>
set <JAIL> delcinfo <ACT> <KEY> removes <KEY> for the action <NAME> for <JAIL>
set <JAIL> actionstart <ACT> <CMD> sets the start command <CMD> of the action <ACT> for <JAIL>
set <JAIL> actionstop <ACT> <CMD> sets the stop command <CMD> of the action <ACT> for <JAIL>
set <JAIL> actioncheck <ACT> <CMD> sets the check command <CMD> of the action <ACT> for <JAIL>
set <JAIL> actionban <ACT> <CMD> sets the ban command <CMD> of the action <ACT> for <JAIL>
set <JAIL> actionunban <ACT> <CMD> sets the unban command <CMD> of the action <ACT> for <JAIL>

JAIL INFORMATION

Command Description
get <JAIL> logpath gets the list of the monitored files for <JAIL>
get <JAIL> ignoreip gets the list of ignored IP addresses for <JAIL>
get <JAIL> failregex gets the list of regular expressions which matches the failures for <JAIL>
get <JAIL> ignoreregex gets the list of regular expressions which matches patterns to ignore for <JAIL>
get <JAIL> findtime gets the time for which the filter will look back for failures for <JAIL>
get <JAIL> bantime gets the time a host is banned for <JAIL>
get <JAIL> usedns gets the usedns setting for <JAIL>
get <JAIL> maxretry gets the number of failures allowed for <JAIL>
get <JAIL> addaction gets the last action which has been added for <JAIL>
get <JAIL> actionstart <ACT> gets the start command for the action <ACT> for <JAIL>
get <JAIL> actionstop <ACT> gets the stop command for the action <ACT> for <JAIL>
get <JAIL> actioncheck <ACT> gets the check command for the action <ACT> for <JAIL>
get <JAIL> actionban <ACT> gets the ban command for the action <ACT> for <JAIL>
get <JAIL> actionunban <ACT> gets the unban command for the action <ACT> for <JAIL>
get <JAIL> cinfo <ACT> <KEY> gets the value for <KEY> for the action <ACT> for <JAIL>
Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Commands&oldid=4916"