fail2ban.txt

12/30/2016 - 3:01 AM
zdb@dabin:~$ cat /etc/fail2ban/filter.d/sslproxy.local 
[Definition]
failregex = read error remote error: tls: unknown certificate authority <HOST>:\d+


zdb@dabin:~$ cat /etc/fail2ban/jail.local 
[sslproxy]

enabled  = true
port     = 443
filter   = sslproxy
logpath  = /tmp/sslserver2.err.log
maxretry = 2
bantime = 3600
findtime = 3600



zdb@dabin:~$ fail2ban-regex /tmp/sslserver2.err.log /etc/fail2ban/filter.d/sslproxy.local

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/sslproxy.local
Use log file   : /tmp/sslserver2.err.log


Results
=======

Failregex
|- Regular expressions:
|  [1] read error remote error: tls: unknown certificate authority <HOST>:\d+
|
`- Number of matches:
   [1] 30062 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Addresses found:
[1]
    58.211.187.150 (Wed Dec 28 06:34:44 2016)



zdb@dabin:~$ sudo fail2ban-client status sslproxy
Status for the jail: sslproxy
|- filter
|  |- File list:        /tmp/sslserver2.err.log 
|  |- Currently failed: 749
|  `- Total failed:     30181
`- action
   |- Currently banned: 70
   |  `- IP list:       180.111.66.108 222.129.49.81 183.6.154.181 219.140.225.199 115.236.175.131 112.64.60.206 106.38.101.46 118.193.97.36 159.226.47.211 121.207.32.136 180.168.164.107 113.105.10.46 117.82.142.224 119.41.196.189 124.74.131.122 119.6.9.179 113.72.153.32 171.221.203.127 36.47.160.143 183.15.17.221 111.200.18.1 180.139.140.233 14.154.202.154 219.217.250.115 202.105.68.78 119.98.210.62 202.108.14.240 110.52.140.226 218.4.157.82 221.239.96.186 123.207.142.193 123.85.0.34 116.228.145.98 202.105.84.98 222.205.104.143 117.71.53.46 180.171.201.162 58.214.6.66 60.191.108.98 116.31.92.195 58.240.111.198 103.254.68.227 125.34.210.201 114.224.104.61 218.247.17.100 116.233.8.180 117.28.251.189 106.39.107.121 42.84.228.0 183.129.172.36 183.6.129.98 180.168.43.50 42.120.75.3 202.197.74.106 119.36.54.139 219.228.146.60 120.32.116.51 115.156.233.60 125.88.24.155 124.126.210.160 119.188.36.2 223.104.38.124 59.173.177.248 202.105.116.213 183.240.19.60 123.126.70.237 139.205.146.69 111.200.23.26 218.25.39.56 125.35.5.254 
   `- Total banned:     2364


zdb@dabin:~$ tail -f /tmp/sslserver2.err.log
2016/12/30 03:09:18 read error remote error: tls: unknown certificate authority 60.168.82.74:51602
2016/12/30 03:09:20 read error remote error: tls: unknown certificate authority 125.71.214.16:53604
2016/12/30 03:09:30 read error remote error: tls: unknown certificate authority 202.113.176.16:10065
2016/12/30 03:09:31 read error remote error: tls: unknown certificate authority 166.111.32.213:48665
2016/12/30 03:09:33 read error remote error: tls: unknown certificate authority 61.50.123.86:19998
Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

fail2ban.txt
