zdb@dabin:~$ cat /etc/fail2ban/filter.d/sslproxy.local
[Definition]
failregex = read error remote error: tls: unknown certificate authority <HOST>:\d+
zdb@dabin:~$ cat /etc/fail2ban/jail.local
[sslproxy]
enabled = true
port = 443
filter = sslproxy
logpath = /tmp/sslserver2.err.log
maxretry = 2
bantime = 3600
findtime = 3600
zdb@dabin:~$ fail2ban-regex /tmp/sslserver2.err.log /etc/fail2ban/filter.d/sslproxy.local
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/sslproxy.local
Use log file : /tmp/sslserver2.err.log
Results
=======
Failregex
|- Regular expressions:
| [1] read error remote error: tls: unknown certificate authority <HOST>:\d+
|
`- Number of matches:
[1] 30062 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Addresses found:
[1]
58.211.187.150 (Wed Dec 28 06:34:44 2016)
zdb@dabin:~$ sudo fail2ban-client status sslproxy
Status for the jail: sslproxy
|- filter
| |- File list: /tmp/sslserver2.err.log
| |- Currently failed: 749
| `- Total failed: 30181
`- action
|- Currently banned: 70
| `- IP list: 180.111.66.108 222.129.49.81 183.6.154.181 219.140.225.199 115.236.175.131 112.64.60.206 106.38.101.46 118.193.97.36 159.226.47.211 121.207.32.136 180.168.164.107 113.105.10.46 117.82.142.224 119.41.196.189 124.74.131.122 119.6.9.179 113.72.153.32 171.221.203.127 36.47.160.143 183.15.17.221 111.200.18.1 180.139.140.233 14.154.202.154 219.217.250.115 202.105.68.78 119.98.210.62 202.108.14.240 110.52.140.226 218.4.157.82 221.239.96.186 123.207.142.193 123.85.0.34 116.228.145.98 202.105.84.98 222.205.104.143 117.71.53.46 180.171.201.162 58.214.6.66 60.191.108.98 116.31.92.195 58.240.111.198 103.254.68.227 125.34.210.201 114.224.104.61 218.247.17.100 116.233.8.180 117.28.251.189 106.39.107.121 42.84.228.0 183.129.172.36 183.6.129.98 180.168.43.50 42.120.75.3 202.197.74.106 119.36.54.139 219.228.146.60 120.32.116.51 115.156.233.60 125.88.24.155 124.126.210.160 119.188.36.2 223.104.38.124 59.173.177.248 202.105.116.213 183.240.19.60 123.126.70.237 139.205.146.69 111.200.23.26 218.25.39.56 125.35.5.254
`- Total banned: 2364
zdb@dabin:~$ tail -f /tmp/sslserver2.err.log
2016/12/30 03:09:18 read error remote error: tls: unknown certificate authority 60.168.82.74:51602
2016/12/30 03:09:20 read error remote error: tls: unknown certificate authority 125.71.214.16:53604
2016/12/30 03:09:30 read error remote error: tls: unknown certificate authority 202.113.176.16:10065
2016/12/30 03:09:31 read error remote error: tls: unknown certificate authority 166.111.32.213:48665
2016/12/30 03:09:33 read error remote error: tls: unknown certificate authority 61.50.123.86:19998