server01:/# fail2ban-client -d
ERROR Invalid argument ['https"'] in 'name=BadBots, port="http,https"'
ERROR No file found for /var/log/postfix.log
['set', 'loglevel', 3]
['set', 'logtarget', '/var/log/fail2ban.log']
['add', 'ssh-iptables', 'auto']
['set', 'ssh-iptables', 'addlogpath', '/var/log/auth.log']
['set', 'ssh-iptables', 'maxretry', 3]
['set', 'ssh-iptables', 'addignoreip', '127.0.0.1']
['set', 'ssh-iptables', 'findtime', 600]
['set', 'ssh-iptables', 'bantime', 600]
['set', 'ssh-iptables', 'failregex', '(?:(?:Authentication failure|Failed [-/\\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>(?: port \\d*)?(?: ssh\\d*)?\\s*$']
['set', 'ssh-iptables', 'ignoreregex', '']
['set', 'ssh-iptables', 'addaction', 'iptables']
['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>']
['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
['set', 'ssh-iptables', 'actioncheck', 'iptables', 'iptables -n -L INPUT | grep -q fail2ban-<name>']
['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH']
['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', '10022']
['set', 'ssh-iptables', 'addaction', 'sendmail-whois']
['set', 'ssh-iptables', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip>\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere are more information about <ip>:\\n\n`/usr/bin/whois <ip>`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'ssh-iptables', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'ssh-iptables', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'ssh-iptables', 'actionunban', 'sendmail-whois', '']
['set', 'ssh-iptables', 'actioncheck', 'sendmail-whois', '']
['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'dest', 'xxx']
['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'name', 'SSH']
['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'sender', 'fail2ban@mail.com']
['add', 'postfix-tcpwrapper', 'auto']
['set', 'postfix-tcpwrapper', 'maxretry', 3]
['set', 'postfix-tcpwrapper', 'addignoreip', '127.0.0.1']
['set', 'postfix-tcpwrapper', 'findtime', 600]
['set', 'postfix-tcpwrapper', 'bantime', 300]
['set', 'postfix-tcpwrapper', 'failregex', 'reject: RCPT from (.*)\\[<HOST>\\]: 554']
['set', 'postfix-tcpwrapper', 'ignoreregex', '']
['set', 'postfix-tcpwrapper', 'addaction', 'hostsdeny']
['set', 'postfix-tcpwrapper', 'actionban', 'hostsdeny', 'IP=<ip> &&\nprintf %b "ALL: $IP\\n" >> <file>']
['set', 'postfix-tcpwrapper', 'actionstop', 'hostsdeny', '']
['set', 'postfix-tcpwrapper', 'actionstart', 'hostsdeny', '']
['set', 'postfix-tcpwrapper', 'actionunban', 'hostsdeny', 'IP=<ip> && sed -i.old /ALL:\\ $IP/d <file>']
['set', 'postfix-tcpwrapper', 'actioncheck', 'hostsdeny', '']
['set', 'postfix-tcpwrapper', 'setcinfo', 'hostsdeny', 'file', '/not/a/standard/path/hosts.deny']
['set', 'postfix-tcpwrapper', 'addaction', 'sendmail']
['set', 'postfix-tcpwrapper', 'actionban', 'sendmail', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip>\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'postfix-tcpwrapper', 'actionstop', 'sendmail', 'printf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'postfix-tcpwrapper', 'actionstart', 'sendmail', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'postfix-tcpwrapper', 'actionunban', 'sendmail', '']
['set', 'postfix-tcpwrapper', 'actioncheck', 'sendmail', '']
['set', 'postfix-tcpwrapper', 'setcinfo', 'sendmail', 'dest', 'xxx']
['set', 'postfix-tcpwrapper', 'setcinfo', 'sendmail', 'name', 'Postfix']
['set', 'postfix-tcpwrapper', 'setcinfo', 'sendmail', 'sender', 'fail2ban']
['add', 'apache-badbots', 'auto']
['set', 'apache-badbots', 'addlogpath', '/var/www/vhosts/xxx/statistics/logs/access_log']
['set', 'apache-badbots', 'maxretry', 1]
['set', 'apache-badbots', 'addignoreip', '127.0.0.1']
['set', 'apache-badbots', 'findtime', 600]
['set', 'apache-badbots', 'bantime', 172800]
['set', 'apache-badbots', 'failregex', '^<HOST> -.*"(GET|POST).*HTTP.*"(?:atSpider/1\\.0|autoemailspider|China Local Browse 2\\.6|ContentSmartz|DataCha0s/2\\.0|DataCha0s/2\\.0|DBrowse 1\\.4b|DBrowse 1\\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\\.0\\.x|ISC Systems iRc Search 2\\.1|IUPUI Research Bot v 1\\.9a|LARBIN-EXPERIMENTAL \\(efp@gmx\\.net\\)|LetsCrawl\\.com/1\\.0 +http\\://letscrawl\\.com/|Lincoln State Web Browser|LWP\\:\\:Simple/5\\.803|Mac Finder 1\\.0\\.xx|MFC Foundation Class Library 4\\.0|Microsoft URL Control - 6\\.00\\.8xxx|Missauga Locate 1\\.0\\.0|Missigua Locator 1\\.9|Missouri College Browse|Mizzu Labs 2\\.2|Mo College 1\\.9|Mozilla/2\\.0 \\(compatible; NEWT ActiveX; Win32\\)|Mozilla/3\\.0 \\(compatible; Indy Library\\)|Mozilla/4\\.0 \\(compatible; Advanced Email Extractor v2\\.xx\\)|Mozilla/4\\.0 \\(compatible; Iplexx Spider/1\\.0 http\\://www\\.iplexx\\.at\\)|Mozilla/4\\.0 \\(compatible; MSIE 5\\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\\.0 efp@gmx\\.net|Mozilla/5\\.0 \\(Version\\: xxxx Type\\:xx\\)|MVAClient|NASA Search 1\\.0|Nsauditor/1\\.x|PBrowse 1\\.4b|PEval 1\\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\\.0\\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\\.2|User-Agent\\: Mozilla/4\\.0 \\(compatible; MSIE 6\\.0; Windows NT 5\\.1\\)|WebVulnCrawl\\.blogspot\\.com/1\\.0 libwww-perl/5\\.803|Wells Search II|WEP Search 00|EmailCollector|WebEMailExtrac|TrackBack/1\\.02|sogou music spider)"$']
['set', 'apache-badbots', 'ignoreregex', '']
['set', 'apache-badbots', 'addaction', 'iptables-multiport']
['set', 'apache-badbots', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
['set', 'apache-badbots', 'actionstop', 'iptables-multiport', 'iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
['set', 'apache-badbots', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
['set', 'apache-badbots', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
['set', 'apache-badbots', 'actioncheck', 'iptables-multiport', 'iptables -n -L INPUT | grep -q fail2ban-<name>']
['set', 'apache-badbots', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
['set', 'apache-badbots', 'setcinfo', 'iptables-multiport', 'name', 'BadBots']
['set', 'apache-badbots', 'setcinfo', 'iptables-multiport', 'port', '"http']
['set', 'apache-badbots', 'addaction', 'sendmail-buffered']
['set', 'apache-badbots', 'actionban', 'sendmail-buffered', 'printf %b "`date`: <ip> (<failures> failures)\\n" >> <tmpfile>\nLINE=$( wc -l <tmpfile> | awk \'{ print $1 }\' )\nif [ $LINE -ge <lines> ]; then\nprintf %b "Subject: [Fail2Ban] <name>: summary\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat <tmpfile>`\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>\nrm <tmpfile>\nfi']
['set', 'apache-badbots', 'actionstop', 'sendmail-buffered', 'if [ -f <tmpfile> ]; then\nprintf %b "Subject: [Fail2Ban] <name>: summary\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThese hosts have been banned by Fail2Ban.\\n\n`cat <tmpfile>`\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>\nrm <tmpfile>\nfi\nprintf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'apache-badbots', 'actionstart', 'sendmail-buffered', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nOutput will be buffered until <lines> lines are available.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'apache-badbots', 'actionunban', 'sendmail-buffered', '']
['set', 'apache-badbots', 'actioncheck', 'sendmail-buffered', '']
['set', 'apache-badbots', 'setcinfo', 'sendmail-buffered', 'dest', 'xxx']
['set', 'apache-badbots', 'setcinfo', 'sendmail-buffered', 'tmpfile', '/tmp/fail2ban-mail.txt']
['set', 'apache-badbots', 'setcinfo', 'sendmail-buffered', 'lines', '5']
['set', 'apache-badbots', 'setcinfo', 'sendmail-buffered', 'name', 'BadBots']
['set', 'apache-badbots', 'setcinfo', 'sendmail-buffered', 'sender', 'fail2ban']
['add', 'proftpd-iptables', 'auto']
['set', 'proftpd-iptables', 'addlogpath', '/var/log/auth.log']
['set', 'proftpd-iptables', 'maxretry', 5]
['set', 'proftpd-iptables', 'addignoreip', '127.0.0.1']
['set', 'proftpd-iptables', 'findtime', 600]
['set', 'proftpd-iptables', 'bantime', 600]
['set', 'proftpd-iptables', 'failregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ USER \\S+: no such user found from \\S+ \\[\\S+\\] to \\S+:\\S+$\n\\(\\S+\\[<HOST>\\]\\)[: -]+ USER \\S+ \\(Login failed\\): Incorrect password\\.$\n\\(\\S+\\[<HOST>\\]\\)[: -]+ SECURITY VIOLATION: \\S+ login attempted\\.$\n\\(\\S+\\[<HOST>\\]\\)[: -]+ Maximum login attempts \\(\\d+\\) exceeded$\nUSER \\S+: no such user found from \\S* ?\\[<HOST>\\] to \\S+\\s*$\nproftpd: \\(pam_unix\\) authentication failure; .*']
['set', 'proftpd-iptables', 'ignoreregex', '']
['set', 'proftpd-iptables', 'addaction', 'iptables']
['set', 'proftpd-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
['set', 'proftpd-iptables', 'actionstop', 'iptables', 'iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
['set', 'proftpd-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>']
['set', 'proftpd-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
['set', 'proftpd-iptables', 'actioncheck', 'iptables', 'iptables -n -L INPUT | grep -q fail2ban-<name>']
['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'name', 'ProFTPD']
['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'port', 'ftp']
['set', 'proftpd-iptables', 'addaction', 'sendmail-whois']
['set', 'proftpd-iptables', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip>\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere are more information about <ip>:\\n\n`/usr/bin/whois <ip>`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'proftpd-iptables', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'proftpd-iptables', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started\nFrom: Fail2Ban <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
['set', 'proftpd-iptables', 'actionunban', 'sendmail-whois', '']
['set', 'proftpd-iptables', 'actioncheck', 'sendmail-whois', '']
['set', 'proftpd-iptables', 'setcinfo', 'sendmail-whois', 'dest', 'xxx']
['set', 'proftpd-iptables', 'setcinfo', 'sendmail-whois', 'name', 'ProFTPD']
['set', 'proftpd-iptables', 'setcinfo', 'sendmail-whois', 'sender', 'fail2ban']
['start', 'ssh-iptables']
['start', 'postfix-tcpwrapper']
['start', 'apache-badbots']
['start', 'proftpd-iptables']