CLI commands for the IPS (FailToBan)
Command | Description | Example |
---|---|---|
spf2bd get | Shows the services that are protected by FailToBan | cli> spf2bd get service |ban_time|max_try|try_time --------+--------+-------+-------- sshd |3600 |3 |86400 admin-ui|3600 |3 |86400 user-ui |3600 |3 |86400 smtp |3600 |3 |86400 |
spf2bd del service | Removes the protection of a service | spf2bd del service sshd |
spf2bd new | Adds a service for monitoring | spf2bd new service sshd ban_time 3600 max_try 3 try_time 86400 |
spf2bd ip get | Shows IP addresses for which access to certain services is blocked and the duration of the remaining block | cli> spf2bd ip get ip |service|ban_time --------------+-------+-------- 192.168.175.86|user-ui|3586 |
spf2bd ip remove | Cancels the ban on an IP or service. |
cli> spf2bd ip remove service user-ui ip 192.168.175.86 |
spf2bd set | Changes parameters for monitoring services
|
spf2bd set service sshd ban_time 3600 |
Meaning of the parameters:
Parameter | Meaning |
---|---|
sshd | Access via SSH |
admin-ui | Access to the Admin Interface (Default: https://192.168.175.1:11115) |
user-ui | Access to the user interface (Default: https://192.168.175.1:443) |
smtp | Access for the smtp server (Default: Port 25) |
ban_time | Time period for which an access for an IP address is blocked. |
max_try | Number of attempts before access is blocked for an IP address |
try_time | Time period within which the trials are counted |
Further explanations in the Wiki article on IDS / IPS