fail2ban: how unban ip (using fail2ban-client) [closed] - linux

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I using fail2ban v.0.8.2 but I can't unban an IP:
with fail2ban-client I see IP:
fail2ban-client status fail2ban
Status for the jail: fail2ban
|- filter
| |- File list: /var/log/fail2ban.log
| |- Currently failed: 1
| `- Total failed: 8
`- action
|- Currently banned: 2
| `- IP list: 151.10.65.197 151.10.72.169
`- Total banned: 2
from man page should be sufficiently do:
fail2ban-client get fail2ban actionunban 151.10.65.197
output of command does not return error but:
iptables -L -nv |grep -b2 -a1 151
16262- pkts bytes target prot opt in out source destination
16351: 0 0 DROP all -- * * 151.10.72.169 0.0.0.0/0
16440: 0 0 DROP all -- * * 151.10.65.197 0.0.0.0/0
16529- 181K 48M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
and the output of
fail2ban-client status fail2ban
is same of above, hence command does not run.

You need to use fail2ban-client get jail-name actionunban ipaddress That will allow you to unban an IP address. Use iptables -L -n to find the status of the correct jail-name to use?. The command you are giving: fail2ban-client get fail2ban actionunban xxx.xxx.xxx.xxx is correct given your output. Check status again to make sure it has not already been unblocked by the timeout. That would explain why the command fails.
Here is a good page Fail2ban Manual Unban Single Host (for iptables) There have been changes to the unban procedure syntax (get/set) depending on version.

Related

why use "use -elf" the result return username with "systemd+"? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 months ago.
Improve this question
when I use docker run -itd mysql,then to use ps -elf check the process infomation with "4 S systemd+ 257584 257561 1 80 0 - 712611 poll_s Jul17 ? 00:40:16 mysqld".
root#xx:/proc/257584/ns# ps -elf | grep mysqld
4 S systemd+ 257584 257561 1 80 0 - 712611 poll_s Jul17 ? 00:40:20 mysqld
root#xx:/proc/257584/ns# ps -el | grep mysqld
4 S 999 257584 257561 1 80 0 - 712611 poll_s ? 00:40:21 mysqld
But I use "cat /cat/passwd" can't find username equal to "systemd+".
docker Version: 20.10.12
os ubuntu20.04
ps (sadly) trims the username to 8 (if i'm counting right) characters and adds a + after the user name initial part. The username could be systemd-mysql or systemd-something that you can find in passwd.
From manual:
If the length of the username is greater than the length of the display column, the username will be truncated. See the -o and -O formatting options to customize length

How to get the gateway MAC address in Unix-like systems [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm connected to a private network where the IP addresses are like 192.168.xxx.xxx. I know the IP address of the default gateway but how do I get the gateway mac address? I'm working on iMac and Linux machines. Any Unix command for that?
This gives you list of everything:
netstat -rn
or this one to get default gateway:
netstat -rn | grep 'default'
WHAT YOU REALLY WANT:
netstat -rn | grep 'default' | awk '{print $2}'
Here the command line example for arping assuming your gateway's IP address is 192.168.1.1 and you have connected over eth0:
arping -f -I eth0 192.168.1.1
ARPING 192.168.1.1 from 192.168.1.24 eth0
Unicast reply from 192.168.1.1 [ab:cd:ef:01:02:03] 1.030ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
So in this case gateway's MAC address is ab:cd:ef:01:02:03

Open port 443 by adding a rule in iptables (Ubuntu) [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Im new to ubuntu and using ubuntu server 12.04.
When I run nmap localhost I get the following output :
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
This means that port 443(https) is closed. I want to open it.
So I did the following :
I ran the command
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
And to persist the changes I saved the file using sudo sh -c "iptables-save > /etc/iptables.rules"
and then I added the following lines to etc/network/interfaces :
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
After rebooting my system I ran sudo iptables -L and the line
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
was visible.
However now when I run nmap localhost I still dont see 443 as open.
Please help!
I bet you have nothing listening to port 443 on your host. Try this: in one terminal run sudo nc -lk 443 and then run your nmap localhost. This may not have anything to do with an iptables firewall rule.

Using nc to transfer large file [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I have a compressed file size of about 9.5 GB and want to transfer from one server to another server, I tried to use like the below,
server2:
nc -lp 1234 > file.tar.gz
server1:
nc -w 1 1234 < file.tar.gz
its not working.
I tried so many ways.
One machine is CentOS 6.4 and the other one is Ubuntu 12.04 LTS
Thanks in advance.
On receiving end:
nc -l 1234 > file.tar.gz
On sending end:
cat file.tar.gz | nc <reciever's ip or hostname> 1234
That should work. Depending on the speed, it may take a while but both processes will finish when the transfer is done.
From the nc(1) man page:
-l Used to specify that nc should listen for an incoming connection rather than initiate
a connection to a remote host. It is an error to use this option in conjunction with
the -p, -s, or -z options.
So your use of -p is wrong.
Use on server2:
nc -l 1234 > file.tar.gz
And on server1:
nc server2 1234 < file.tar.gz
from the sender
nc -v -w 30 1337 - l < filename
where "-v" from verbose, "-w 30" for a wait before and after 30 sec for the connection, "1337" port number, "-l" tell nc that this is a sender
from the receiver
nc -v -w 2 ip_add_of_sender 1337 > filename

Port mirroring on Linux [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have Kippo running on my VPS, and I can't get it to run under port 1024 due to restrictions in Linux not allowing normal accounts to use ports under 1024. If I try, it gives an error with some Python gibberish about not being able to listen on a port under 1024.
I'd rather not run Kippo run as root just in case some how they get out of the Kippo enviroment.
So what I'm looking at doing is using IPTables to "Mirror" all traffic going to port 2222 on 22 so that a "bot" can see SSH running on port 22 and do its thing.
Is that feasible? If so, how?
Use a DNAT rule:
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 22 -j REDIRECT --to-port 2222
You may want to lock down further with specific IP address filters

Resources