How can I cleanly list all currently banned IPs on fail2ban? with one IP per line?
Below is the list I get when I execute :
fail2ban-client status sshdon my Ubunutu 18.04 server. I know the bare minimum when it comes to linux and servers. I don't even know how to get the version of fail2ban I am using, and yes, I googled it a lot.
Is there a way to get one IP per line?
fail2ban-client status sshd Status for the jail: sshd
|- Filter
| |-Currently failed: 3
| |- Total failed: 1266
|- File list: /var/log/auth.log <br>- Actions
|- Currently banned: 118
|-Total banned: 345
`- Banned IP list:
61.177.173.10 49.234.214.215152.231.140.150 180.76.247.65 43.129.26.69 196.206.231.249 43.153.27.174 43.157.1.29 180.167.207.234 43.252.62.60 43.154.88.243 200.7.168.217 64.227.187.235 186.226.37.45 183.98.146.157 182.93.7.194 143.244.163.108 122.194.229.62 112.85.42.74 61.177.173.36 177.91.52.133 103.124.94.169 122.194.229.54 61.177.172.59 61.177.173.16 61.177.173.40 141.98.11.23 61.177.172.108 61.177.173.37 112.85.42.53 122.194.229.40 189.202.214.250 112.85.42.87 49.248.153.6 143.110.243.129 43.129.24.85 112.85.42.151 134.19.146.45 61.177.172.76 112.85.42.229 61.177.172.89 61.177.172.91 61.177.172.61 195.29.51.135 45.67.34.253 20.205.39.78 194.165.16.5 61.177.172.124 160.16.209.119 61.177.173.35 177.19.138.138 103.63.108.25 61.177.172.60 43.154.205.162 138.219.192.207 222.82.211.78 61.177.172.160 112.85.42.15 165.232.189.7 61.177.173.39 147.182.179.237 207.154.211.157 120.92.11.9 209.97.162.0 45.234.188.11 167.71.220.220 104.248.140.201 90.189.182.30 68.183.236.92 103.86.49.28 61.177.172.98 43.154.137.134 207.154.228.201 61.177.173.42 43.154.2.84 45.135.232.155 139.59.64.41 43.154.58.123 218.92.0.221 88.215.177.224 193.169.255.38 51.140.185.84 46.101.137.28 122.194.229.92 139.59.187.229 5.180.31.119 112.85.42.73 185.59.139.99 122.194.229.65 1.15.251.60 46.19.139.42 165.22.198.10 61.177.173.44 193.168.195.23 61.177.172.174 89.232.192.40 61.177.173.41 82.196.4.168 61.177.172.87 64.227.108.47 159.89.55.150 117.122.212.78 159.223.148.195 206.217.131.233 138.197.222.211 121.225.234.182 164.92.106.112 185.220.102.251 36.110.228.254 45.153.160.132 171.25.193.20 113.31.117.79 51.143.96.123 159.89.29.240 172.247.15.76 159.223.229.50 14.161.50.104 68.183.125.190
p.s. I don't really mind listing the IPs here. My server is not a public server, so anyone being banned is 99% a bot, or something else up to no good.
Best Answer
Use a regex:fail2ban-client status sshd | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
Fail2ban is a powerful tool that helps protect servers from malicious attacks by automatically banning IP addresses that are attempting to breach security measures. If you want to view a list of banned IP addresses in fail2ban, you can use the following command:
fail2ban-client status
This command will display a detailed status report of fail2ban, including a list of all currently banned IP addresses. The output will show the banned IP addresses along with other relevant information such as the corresponding jail, the date and time of the ban, and the number of failed attempts from that IP address.
The list of banned IP addresses is useful for monitoring the effectiveness of fail2ban and identifying any persistent attackers. By regularly checking the list, you can get insights into the most common sources of attacks and take appropriate action to strengthen your server's security.
In addition to the fail2ban-client status command, you can also use the fail2ban-client status [jail] command to view the banned IP addresses for a specific jail. This can be helpful if you want to focus on the banned IP addresses associated with a particular service or application.