.. / fail2ban-client

Sponsor

Fork

Star

Sponsor

Fork

Star

• Command

Command

This executable can run non-interactive system commands.

• Comment

  The subprocess is immediately sent to the background, but fail2ban-client waits on a return code from the subprocess. The banip command will hang until the subprocess returns.

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  fail2ban-client add x
  fail2ban-client set x addaction x
  fail2ban-client set x action x actionban /path/to/command
  fail2ban-client start x
  fail2ban-client set x banip 999.999.999.999
  fail2ban-client set x unbanip 999.999.999.999
  fail2ban-client stop x

  Output

  The commands are executed but their output is hidden from the attacker.

• Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  cat >/path/to/temp-dir/fail2ban.conf <<EOF
  [Definition]
  EOF
  
  cat >/path/to/temp-dir/jail.local <<EOF
  [x]
  enabled = true
  action = x
  EOF
  
  mkdir -p /path/to/temp-dir/action.d/
  cat >/path/to/temp-dir/action.d/x.conf <<EOF
  [Definition]
  actionstart = /path/to/command
  EOF
  
  mkdir -p /path/to/temp-dir/filter.d/
  cat >/path/to/temp-dir/filter.d/x.conf <<EOF
  [Definition]
  EOF
  
  fail2ban-client -c /path/to/temp-dir/ -v restart

  Output

  The commands are executed but their output is hidden from the attacker.

Source | History