Linux Security
- Steps for Recovering from a UNIX or NT System Compromise
- Using fail2ban to ban bots for long periods
  - Unbanning

Linux Security

Steps for Recovering from a UNIX or NT System Compromise

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

Using fail2ban to ban bots for long periods

Note that restarting or reloading fail2ban clears all banned IP addresses.

Use the /etc/fail2ban/filter.d/recidive.conf filter, configuring fail2ban to monitor its own logs. See https://github.com/fail2ban/fail2ban/issues/19 for discussion.

-- Frank Dean - 22 Apr 2017

Unbanning

$ sudo fail2ban-client status
$ sudo fail2ban-client status $JAIL_NAME
$ sudo fail2ban-client get $JAIL_NAME banned
$ sudo fail2ban-client get $JAIL_NAME bantime
$ sudo fail2ban-client get $JAIL_NAME banip --with-time
$ sudo fail2ban-client unban $IP ... $IP
$ sudo fail2ban-client unban --all

-- Frank Dean - 28 Mar 2007

Related Topics: LinuxHintsAndTips