fail2ban-client man page

fail2ban-client — configure and control the server

Synopsis

fail2ban-client [Options] <Command>

Description

Fail2Ban v0.9.5 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules.

Options

-c <DIR>
configuration directory
-s <FILE>
socket path
-p <FILE>
pidfile path
-d
dump configuration. For debugging
-i
interactive mode
-v
increase verbosity
-q
decrease verbosity
-x
force execution of the server (remove socket file)
-b
start server in background (default)
-f
start server in foreground (note that the client forks once itself)
-h, --help
display this help message
-V, --version
print the version

Command

BASIC
start
starts the server and the jails
reload
reloads the configuration
reload <JAIL>
reloads the jail <JAIL>
stop
stops all jails and terminate the server
status
gets the current status of the server
ping
tests if the server is alive
help
return this output
version

return the server version

LOGGING

set loglevel <LEVEL>
sets logging level to <LEVEL>. Levels: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG
get loglevel
gets the logging level
set logtarget <TARGET>
sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file
get logtarget
gets logging target
set syslogsocket auto|<SOCKET>
sets the syslog socket path to auto or <SOCKET>. Only used if logtarget is SYSLOG
get syslogsocket
gets syslog socket path
flushlogs

flushes the logtarget if a file and reopens it. For log rotation.

DATABASE

set dbfile <FILE>
set the location of fail2ban persistent datastore. Set to "None" to disable
get dbfile
get the location of fail2ban persistent datastore
set dbpurgeage <SECONDS>
sets the max age in <SECONDS> that history of bans will be kept
get dbpurgeage

gets the max age in seconds that history of bans will be kept

JAIL CONTROL

add <JAIL> <BACKEND>
creates <JAIL> using <BACKEND>
start <JAIL>
starts the jail <JAIL>
stop <JAIL>
stops the jail <JAIL>. The jail is removed
status <JAIL> [FLAVOR]

gets the current status of <JAIL>, with optional flavor or extended info

JAIL CONFIGURATION

set <JAIL> idle on|off
sets the idle state of <JAIL>
set <JAIL> addignoreip <IP>
adds <IP> to the ignore list of <JAIL>
set <JAIL> delignoreip <IP>
removes <IP> from the ignore list of <JAIL>
set <JAIL> addlogpath <FILE> ['tail']
adds <FILE> to the monitoring list of <JAIL>, optionally starting at the 'tail' of the file (default 'head').
set <JAIL> dellogpath <FILE>
removes <FILE> from the monitoring list of <JAIL>
set <JAIL> logencoding <ENCODING>
sets the <ENCODING> of the log files for <JAIL>
set <JAIL> addjournalmatch <MATCH>
adds <MATCH> to the journal filter of <JAIL>
set <JAIL> deljournalmatch <MATCH>
removes <MATCH> from the journal filter of <JAIL>
set <JAIL> addfailregex <REGEX>
adds the regular expression <REGEX> which must match failures for <JAIL>
set <JAIL> delfailregex <INDEX>
removes the regular expression at <INDEX> for failregex
set <JAIL> ignorecommand <VALUE>
sets ignorecommand of <JAIL>
set <JAIL> addignoreregex <REGEX>
adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>
set <JAIL> delignoreregex <INDEX>
removes the regular expression at <INDEX> for ignoreregex
set <JAIL> findtime <TIME>
sets the number of seconds <TIME> for which the filter will look back for <JAIL>
set <JAIL> bantime <TIME>
sets the number of seconds <TIME> a host will be banned for <JAIL>
set <JAIL> datepattern <PATTERN>
sets the <PATTERN> used to match date/times for <JAIL>
set <JAIL> usedns <VALUE>
sets the usedns mode for <JAIL>
set <JAIL> banip <IP>
manually Ban <IP> for <JAIL>
set <JAIL> unbanip <IP>
manually Unban <IP> in <JAIL>
set <JAIL> maxretry <RETRY>
sets the number of failures <RETRY> before banning the host for <JAIL>
set <JAIL> maxlines <LINES>
sets the number of <LINES> to buffer for regex search for <JAIL>
set <JAIL> addaction <ACT>[ <PYTHONFILE> <JSONKWARGS>]
adds a new action named <ACT> for <JAIL>. Optionally for a Python based action, a <PYTHONFILE> and <JSONKWARGS> can be specified, else will be a Command Action
set <JAIL> delaction <ACT>

removes the action <ACT> from <JAIL>

Command ACTION CONFIGURATION

set <JAIL> action <ACT> actionstart <CMD>
sets the start command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionstop <CMD> sets the stop command <CMD> of the
action <ACT> for <JAIL>
set <JAIL> action <ACT> actioncheck <CMD>
sets the check command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionban <CMD>
sets the ban command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> actionunban <CMD>
sets the unban command <CMD> of the action <ACT> for <JAIL>
set <JAIL> action <ACT> timeout <TIMEOUT>

sets <TIMEOUT> as the command timeout in seconds for the action <ACT> for <JAIL>

GENERAL ACTION CONFIGURATION

set <JAIL> action <ACT> <PROPERTY> <VALUE>
sets the <VALUE> of <PROPERTY> for the action <ACT> for <JAIL>
set <JAIL> action <ACT> <METHOD>[ <JSONKWARGS>]

calls the <METHOD> with <JSONKWARGS> for the action <ACT> for <JAIL>

JAIL INFORMATION

get <JAIL> logpath
gets the list of the monitored files for <JAIL>
get <JAIL> logencoding
gets the encoding of the log files for <JAIL>
get <JAIL> journalmatch
gets the journal filter match for <JAIL>
get <JAIL> ignoreip
gets the list of ignored IP addresses for <JAIL>
get <JAIL> ignorecommand
gets ignorecommand of <JAIL>
get <JAIL> failregex
gets the list of regular expressions which matches the failures for <JAIL>
get <JAIL> ignoreregex
gets the list of regular expressions which matches patterns to ignore for <JAIL>
get <JAIL> findtime
gets the time for which the filter will look back for failures for <JAIL>
get <JAIL> bantime
gets the time a host is banned for <JAIL>
get <JAIL> datepattern
gets the patern used to match date/times for <JAIL>
get <JAIL> usedns
gets the usedns setting for <JAIL>
get <JAIL> maxretry
gets the number of failures allowed for <JAIL>
get <JAIL> maxlines
gets the number of lines to buffer for <JAIL>
get <JAIL> actions

gets a list of actions for <JAIL>

Command ACTION INFORMATION

get <JAIL> action <ACT> actionstart
gets the start command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actionstop
gets the stop command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actioncheck
gets the check command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actionban
gets the ban command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> actionunban
gets the unban command for the action <ACT> for <JAIL>
get <JAIL> action <ACT> timeout

gets the command timeout in seconds for the action <ACT> for <JAIL>

GENERAL ACTION INFORMATION

get <JAIL> actionproperties <ACT>
gets a list of properties for the action <ACT> for <JAIL>
get <JAIL> actionmethods <ACT>
gets a list of methods for the action <ACT> for <JAIL>
get <JAIL> action <ACT> <PROPERTY>
gets the value of <PROPERTY> for the action <ACT> for <JAIL>

Files

/etc/fail2ban/*

Author

Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>. Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.

Reporting Bugs

Report bugs to https://github.com/fail2ban/fail2ban/is…

See Also

fail2ban-server(1) jail.conf(5)

Referenced By

fail2ban(1), fail2ban-regex(1), fail2ban-server(1), fail2ban-testcases(1).

July 2016 fail2ban-client v0.9.5 User Commands