CLI commands for the IPS (FailToBan)
| Command | Description | Example |
|---|---|---|
| spf2bd get | Shows the services that are protected by FailToBan | cli> spf2bd get service |ban_time|max_try|try_time --------+--------+-------+-------- sshd |3600 |3 |86400 admin-ui|3600 |3 |86400 user-ui |3600 |3 |86400 smtp |3600 |3 |86400 |
| spf2bd del service | Removes the protection of a service | spf2bd del service sshd |
| spf2bd new | Adds a service for monitoring | spf2bd new service sshd ban_time 3600 max_try 3 try_time 86400 |
| spf2bd ip get | Shows IP addresses for which access to certain services is blocked and the duration of the remaining block | cli> spf2bd ip get ip |service|ban_time --------------+-------+-------- 192.168.175.86|user-ui|3586 |
| spf2bd ip remove | Cancels the ban on an IP or service. |
cli> spf2bd ip remove service user-ui ip 192.168.175.86 |
| spf2bd set | Changes parameters for monitoring services
|
spf2bd set service sshd ban_time 3600 |
Meaning of the parameters:
| Parameter | Meaning |
|---|---|
| sshd | Access via SSH |
| admin-ui | Access to the Admin Interface (Default: https://192.168.175.1:11115) |
| user-ui | Access to the user interface (Default: https://192.168.175.1:443) |
| smtp | Access for the smtp server (Default: Port 25) |
| ban_time | Time period for which an access for an IP address is blocked. |
| max_try | Number of attempts before access is blocked for an IP address |
| try_time | Time period within which the trials are counted |
Further explanations in the Wiki article on IDS / IPS