Difference between revisions of "Commands"
From Fail2ban
Jump to navigationJump to searchDaniel.subs (talk | contribs) (0.8.11 release) |
Daniel.subs (talk | contribs) (→BASIC: release - adds flushlogs) |
||
| Line 6: | Line 6: | ||
$ fail2ban-client -i | $ fail2ban-client -i | ||
| + | |||
| Line 29: | Line 30: | ||
|- | |- | ||
| <span style="white-space:nowrap;"><tt>help</tt></span> || || return this output | | <span style="white-space:nowrap;"><tt>help</tt></span> || || return this output | ||
| + | |} | ||
| + | |||
| + | === LOGGING === | ||
| + | |||
| + | |||
| + | |||
| + | {| | ||
| + | | '''Command''' || || '''Description''' | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set loglevel <LEVEL></tt></span> || || sets logging level to <LEVEL>. 0 is minimal, 4 is debug | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get loglevel</tt></span> || || gets the logging level | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set logtarget <TARGET></tt></span> || || sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get logtarget</tt></span> || || gets logging target | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>flushlogs</tt></span> || || flushes the logtarget if a file and reopens it. For log rotation. | ||
| + | |} | ||
| + | |||
| + | === JAIL CONTROL === | ||
| + | |||
| + | |||
| + | |||
| + | {| | ||
| + | | '''Command''' || || '''Description''' | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>add <JAIL> <BACKEND></tt></span> || || creates <JAIL> using <BACKEND> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>start <JAIL></tt></span> || || starts the jail <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>stop <JAIL></tt></span> || || stops the jail <JAIL>. The jail is removed | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>status <JAIL></tt></span> || || gets the current status of <JAIL> | ||
| + | |} | ||
| + | |||
| + | === JAIL CONFIGURATION === | ||
| + | |||
| + | |||
| + | |||
| + | {| | ||
| + | | '''Command''' || || '''Description''' | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> idle on|off</tt></span> || || sets the idle state of <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> addignoreip <IP></tt></span> || || adds <IP> to the ignore list of <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> delignoreip <IP></tt></span> || || removes <IP> from the ignore list of <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> addlogpath <FILE></tt></span> || || adds <FILE> to the monitoring list of <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> dellogpath <FILE></tt></span> || || removes <FILE> from the monitoring list of <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> addfailregex <REGEX></tt></span> || || adds the regular expression <REGEX> which must match failures for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> delfailregex <INDEX></tt></span> || || removes the regular expression at <INDEX> for failregex | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> ignorecommand <VALUE></tt></span> || || sets ignorecommand of <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> addignoreregex <REGEX></tt></span> || || adds the regular expression <REGEX> which should match pattern to exclude for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> delignoreregex <INDEX></tt></span> || || removes the regular expression at <INDEX> for ignoreregex | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> findtime <TIME></tt></span> || || sets the number of seconds <TIME> for which the filter will look back for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> bantime <TIME></tt></span> || || sets the number of seconds <TIME> a host will be banned for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> usedns <VALUE></tt></span> || || sets the usedns mode for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> banip <IP></tt></span> || || manually Ban <IP> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> unbanip <IP></tt></span> || || manually Unban <IP> in <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> maxretry <RETRY></tt></span> || || sets the number of failures <RETRY> before banning the host for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> addaction <ACT></tt></span> || || adds a new action named <NAME> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> delaction <ACT></tt></span> || || removes the action <NAME> from <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> setcinfo <ACT> <KEY> <VALUE></tt></span> || || sets <VALUE> for <KEY> of the action <NAME> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> delcinfo <ACT> <KEY></tt></span> || || removes <KEY> for the action <NAME> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> actionstart <ACT> <CMD></tt></span> || || sets the start command <CMD> of the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> actionstop <ACT> <CMD></tt></span> || || sets the stop command <CMD> of the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> actioncheck <ACT> <CMD></tt></span> || || sets the check command <CMD> of the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> actionban <ACT> <CMD></tt></span> || || sets the ban command <CMD> of the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>set <JAIL> actionunban <ACT> <CMD></tt></span> || || sets the unban command <CMD> of the action <ACT> for <JAIL> | ||
| + | |} | ||
| + | |||
| + | === JAIL INFORMATION === | ||
| + | |||
| + | |||
| + | |||
| + | {| | ||
| + | | '''Command''' || || '''Description''' | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> logpath</tt></span> || || gets the list of the monitored files for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> ignoreip</tt></span> || || gets the list of ignored IP addresses for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> ignorecommand</tt></span> || || gets ignorecommand of <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> failregex</tt></span> || || gets the list of regular expressions which matches the failures for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> ignoreregex</tt></span> || || gets the list of regular expressions which matches patterns to ignore for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> findtime</tt></span> || || gets the time for which the filter will look back for failures for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> bantime</tt></span> || || gets the time a host is banned for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> usedns</tt></span> || || gets the usedns setting for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> maxretry</tt></span> || || gets the number of failures allowed for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> addaction</tt></span> || || gets the last action which has been added for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> actionstart <ACT></tt></span> || || gets the start command for the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> actionstop <ACT></tt></span> || || gets the stop command for the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> actioncheck <ACT></tt></span> || || gets the check command for the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> actionban <ACT></tt></span> || || gets the ban command for the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> actionunban <ACT></tt></span> || || gets the unban command for the action <ACT> for <JAIL> | ||
| + | |- | ||
| + | | <span style="white-space:nowrap;"><tt>get <JAIL> cinfo <ACT> <KEY></tt></span> || || gets the value for <KEY> for the action <ACT> for <JAIL> | ||
|} | |} | ||
Revision as of 23:15, 21 January 2014
The commands presented above can be executed using:
$ fail2ban-client <COMMAND>
or by typing them in the interactive console available with:
$ fail2ban-client -i
BASIC
| Command | Description | |
| start | starts the server and the jails | |
| reload | reloads the configuration | |
| reload <JAIL> | reloads the jail <JAIL> | |
| stop | stops all jails and terminate the server | |
| status | gets the current status of the server | |
| ping | tests if the server is alive | |
| help | return this output |
LOGGING
| Command | Description | |
| set loglevel <LEVEL> | sets logging level to <LEVEL>. 0 is minimal, 4 is debug | |
| get loglevel | gets the logging level | |
| set logtarget <TARGET> | sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file | |
| get logtarget | gets logging target | |
| flushlogs | flushes the logtarget if a file and reopens it. For log rotation. |
JAIL CONTROL
| Command | Description | |
| add <JAIL> <BACKEND> | creates <JAIL> using <BACKEND> | |
| start <JAIL> | starts the jail <JAIL> | |
| stop <JAIL> | stops the jail <JAIL>. The jail is removed | |
| status <JAIL> | gets the current status of <JAIL> |
JAIL CONFIGURATION
| Command | Description | |
| off | sets the idle state of <JAIL> | |
| set <JAIL> addignoreip <IP> | adds <IP> to the ignore list of <JAIL> | |
| set <JAIL> delignoreip <IP> | removes <IP> from the ignore list of <JAIL> | |
| set <JAIL> addlogpath <FILE> | adds <FILE> to the monitoring list of <JAIL> | |
| set <JAIL> dellogpath <FILE> | removes <FILE> from the monitoring list of <JAIL> | |
| set <JAIL> addfailregex <REGEX> | adds the regular expression <REGEX> which must match failures for <JAIL> | |
| set <JAIL> delfailregex <INDEX> | removes the regular expression at <INDEX> for failregex | |
| set <JAIL> ignorecommand <VALUE> | sets ignorecommand of <JAIL> | |
| set <JAIL> addignoreregex <REGEX> | adds the regular expression <REGEX> which should match pattern to exclude for <JAIL> | |
| set <JAIL> delignoreregex <INDEX> | removes the regular expression at <INDEX> for ignoreregex | |
| set <JAIL> findtime | sets the number of seconds | |
| set <JAIL> bantime | sets the number of seconds | |
| set <JAIL> usedns <VALUE> | sets the usedns mode for <JAIL> | |
| set <JAIL> banip <IP> | manually Ban <IP> for <JAIL> | |
| set <JAIL> unbanip <IP> | manually Unban <IP> in <JAIL> | |
| set <JAIL> maxretry <RETRY> | sets the number of failures <RETRY> before banning the host for <JAIL> | |
| set <JAIL> addaction <ACT> | adds a new action named <NAME> for <JAIL> | |
| set <JAIL> delaction <ACT> | removes the action <NAME> from <JAIL> | |
| set <JAIL> setcinfo <ACT> <KEY> <VALUE> | sets <VALUE> for <KEY> of the action <NAME> for <JAIL> | |
| set <JAIL> delcinfo <ACT> <KEY> | removes <KEY> for the action <NAME> for <JAIL> | |
| set <JAIL> actionstart <ACT> <CMD> | sets the start command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actionstop <ACT> <CMD> | sets the stop command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actioncheck <ACT> <CMD> | sets the check command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actionban <ACT> <CMD> | sets the ban command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actionunban <ACT> <CMD> | sets the unban command <CMD> of the action <ACT> for <JAIL> |
JAIL INFORMATION
| Command | Description | |
| get <JAIL> logpath | gets the list of the monitored files for <JAIL> | |
| get <JAIL> ignoreip | gets the list of ignored IP addresses for <JAIL> | |
| get <JAIL> ignorecommand | gets ignorecommand of <JAIL> | |
| get <JAIL> failregex | gets the list of regular expressions which matches the failures for <JAIL> | |
| get <JAIL> ignoreregex | gets the list of regular expressions which matches patterns to ignore for <JAIL> | |
| get <JAIL> findtime | gets the time for which the filter will look back for failures for <JAIL> | |
| get <JAIL> bantime | gets the time a host is banned for <JAIL> | |
| get <JAIL> usedns | gets the usedns setting for <JAIL> | |
| get <JAIL> maxretry | gets the number of failures allowed for <JAIL> | |
| get <JAIL> addaction | gets the last action which has been added for <JAIL> | |
| get <JAIL> actionstart <ACT> | gets the start command for the action <ACT> for <JAIL> | |
| get <JAIL> actionstop <ACT> | gets the stop command for the action <ACT> for <JAIL> | |
| get <JAIL> actioncheck <ACT> | gets the check command for the action <ACT> for <JAIL> | |
| get <JAIL> actionban <ACT> | gets the ban command for the action <ACT> for <JAIL> | |
| get <JAIL> actionunban <ACT> | gets the unban command for the action <ACT> for <JAIL> | |
| get <JAIL> cinfo <ACT> <KEY> | gets the value for <KEY> for the action <ACT> for <JAIL> |
LOGGING
| Command | Description | |
| set loglevel <LEVEL> | sets logging level to <LEVEL>. 0 is minimal, 4 is debug | |
| get loglevel | gets the logging level | |
| set logtarget <TARGET> | sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file | |
| get logtarget | gets logging target |
JAIL CONTROL
| Command | Description | |
| add <JAIL> <BACKEND> | creates <JAIL> using <BACKEND> | |
| start <JAIL> | starts the jail <JAIL> | |
| stop <JAIL> | stops the jail <JAIL>. The jail is removed | |
| status <JAIL> | gets the current status of <JAIL> |
JAIL CONFIGURATION
| Command | Description | |
| off | sets the idle state of <JAIL> | |
| set <JAIL> addignoreip <IP> | adds <IP> to the ignore list of <JAIL> | |
| set <JAIL> delignoreip <IP> | removes <IP> from the ignore list of <JAIL> | |
| set <JAIL> addlogpath <FILE> | adds <FILE> to the monitoring list of <JAIL> | |
| set <JAIL> dellogpath <FILE> | removes <FILE> from the monitoring list of <JAIL> | |
| set <JAIL> addfailregex <REGEX> | adds the regular expression <REGEX> which must match failures for <JAIL> | |
| set <JAIL> delfailregex <INDEX> | removes the regular expression at <INDEX> for failregex | |
| set <JAIL> addignoreregex <REGEX> | adds the regular expression <REGEX> which should match pattern to exclude for <JAIL> | |
| set <JAIL> delignoreregex <INDEX> | removes the regular expression at <INDEX> for ignoreregex | |
| set <JAIL> findtime | sets the number of seconds | |
| set <JAIL> bantime | sets the number of seconds | |
| set <JAIL> usedns <VALUE> | sets the usedns mode for <JAIL> | |
| set <JAIL> banip <IP> | manually Ban <IP> for <JAIL> | |
| set <JAIL> unbanip <IP> | manually Unban <IP> in <JAIL> | |
| set <JAIL> maxretry <RETRY> | sets the number of failures <RETRY> before banning the host for <JAIL> | |
| set <JAIL> addaction <ACT> | adds a new action named <NAME> for <JAIL> | |
| set <JAIL> delaction <ACT> | removes the action <NAME> from <JAIL> | |
| set <JAIL> setcinfo <ACT> <KEY> <VALUE> | sets <VALUE> for <KEY> of the action <NAME> for <JAIL> | |
| set <JAIL> delcinfo <ACT> <KEY> | removes <KEY> for the action <NAME> for <JAIL> | |
| set <JAIL> actionstart <ACT> <CMD> | sets the start command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actionstop <ACT> <CMD> | sets the stop command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actioncheck <ACT> <CMD> | sets the check command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actionban <ACT> <CMD> | sets the ban command <CMD> of the action <ACT> for <JAIL> | |
| set <JAIL> actionunban <ACT> <CMD> | sets the unban command <CMD> of the action <ACT> for <JAIL> |
JAIL INFORMATION
| Command | Description | |
| get <JAIL> logpath | gets the list of the monitored files for <JAIL> | |
| get <JAIL> ignoreip | gets the list of ignored IP addresses for <JAIL> | |
| get <JAIL> failregex | gets the list of regular expressions which matches the failures for <JAIL> | |
| get <JAIL> ignoreregex | gets the list of regular expressions which matches patterns to ignore for <JAIL> | |
| get <JAIL> findtime | gets the time for which the filter will look back for failures for <JAIL> | |
| get <JAIL> bantime | gets the time a host is banned for <JAIL> | |
| get <JAIL> usedns | gets the usedns setting for <JAIL> | |
| get <JAIL> maxretry | gets the number of failures allowed for <JAIL> | |
| get <JAIL> addaction | gets the last action which has been added for <JAIL> | |
| get <JAIL> actionstart <ACT> | gets the start command for the action <ACT> for <JAIL> | |
| get <JAIL> actionstop <ACT> | gets the stop command for the action <ACT> for <JAIL> | |
| get <JAIL> actioncheck <ACT> | gets the check command for the action <ACT> for <JAIL> | |
| get <JAIL> actionban <ACT> | gets the ban command for the action <ACT> for <JAIL> | |
| get <JAIL> actionunban <ACT> | gets the unban command for the action <ACT> for <JAIL> | |
| get <JAIL> cinfo <ACT> <KEY> | gets the value for <KEY> for the action <ACT> for <JAIL> |
