wynemo · December 30, 2016 03:10
diff --git a/fail2ban.txt b/fail2ban.txt
 zdb@dabin:~$ cat /etc/fail2ban/filter.d/sslproxy.local 
 [Definition]
 failregex = read error remote error: tls: unknown certificate authority <HOST>:\d+


 zdb@dabin:~$ cat /etc/fail2ban/jail.local 
 [sslproxy]

 enabled  = true
 port     = 443
 filter   = sslproxy
 logpath  = /tmp/sslserver2.err.log
 maxretry = 2
 bantime = 3600
 findtime = 3600



 zdb@dabin:~$ fail2ban-regex /tmp/sslserver2.err.log /etc/fail2ban/filter.d/sslproxy.local

 Running tests
 =============

 Use regex file : /etc/fail2ban/filter.d/sslproxy.local
 Use log file   : /tmp/sslserver2.err.log


 Results
 =======

 Failregex
 |- Regular expressions:
 |  [1] read error remote error: tls: unknown certificate authority <HOST>:\d+
 |
 `- Number of matches:
   [1] 30062 match(es)

 Ignoreregex
 |- Regular expressions:
 |
 `- Number of matches:

 Summary
 =======

 Addresses found:
 [1]
    58.211.187.150 (Wed Dec 28 06:34:44 2016)



 zdb@dabin:~$ sudo fail2ban-client status sslproxy
 Status for the jail: sslproxy
 |- filter
 |  |- File list:        /tmp/sslserver2.err.log 
 |  |- Currently failed: 749
 |  `- Total failed:     30181
 `- action
   |- Currently banned: 70
   |  `- IP list:       180.111.66.108 222.129.49.81 183.6.154.181 219.140.225.199 115.236.175.131 112.64.60.206 106.38.101.46 118.193.97.36 159.226.47.211 121.207.32.136 180.168.164.107 113.105.10.46 117.82.142.224 119.41.196.189 124.74.131.122 119.6.9.179 113.72.153.32 171.221.203.127 36.47.160.143 183.15.17.221 111.200.18.1 180.139.140.233 14.154.202.154 219.217.250.115 202.105.68.78 119.98.210.62 202.108.14.240 110.52.140.226 218.4.157.82 221.239.96.186 123.207.142.193 123.85.0.34 116.228.145.98 202.105.84.98 222.205.104.143 117.71.53.46 180.171.201.162 58.214.6.66 60.191.108.98 116.31.92.195 58.240.111.198 103.254.68.227 125.34.210.201 114.224.104.61 218.247.17.100 116.233.8.180 117.28.251.189 106.39.107.121 42.84.228.0 183.129.172.36 183.6.129.98 180.168.43.50 42.120.75.3 202.197.74.106 119.36.54.139 219.228.146.60 120.32.116.51 115.156.233.60 125.88.24.155 124.126.210.160 119.188.36.2 223.104.38.124 59.173.177.248 202.105.116.213 183.240.19.60 123.126.70.237 139.205.146.69 111.200.23.26 218.25.39.56 125.35.5.254 
   `- Total banned:     2364


 zdb@dabin:~$ tail -f /tmp/sslserver2.err.log
 2016/12/30 03:09:18 read error remote error: tls: unknown certificate authority 60.168.82.74:51602
 2016/12/30 03:09:20 read error remote error: tls: unknown certificate authority 125.71.214.16:53604
 2016/12/30 03:09:30 read error remote error: tls: unknown certificate authority 202.113.176.16:10065
 2016/12/30 03:09:31 read error remote error: tls: unknown certificate authority 166.111.32.213:48665
 2016/12/30 03:09:33 read error remote error: tls: unknown certificate authority 61.50.123.86:19998
	zdb@dabin:~$ cat /etc/fail2ban/filter.d/sslproxy.local
	[Definition]
	failregex = read error remote error: tls: unknown certificate authority <HOST>:\d+


	zdb@dabin:~$ cat /etc/fail2ban/jail.local
	[sslproxy]

	enabled = true
	port = 443
	filter = sslproxy
	logpath = /tmp/sslserver2.err.log
	maxretry = 2
	bantime = 3600
	findtime = 3600



	zdb@dabin:~$ fail2ban-regex /tmp/sslserver2.err.log /etc/fail2ban/filter.d/sslproxy.local

	Running tests
	=============

	Use regex file : /etc/fail2ban/filter.d/sslproxy.local
	Use log file : /tmp/sslserver2.err.log


	Results
	=======

	Failregex
	\|- Regular expressions:
	\| [1] read error remote error: tls: unknown certificate authority <HOST>:\d+
	\|
	`- Number of matches:
	[1] 30062 match(es)

	Ignoreregex
	\|- Regular expressions:
	\|
	`- Number of matches:

	Summary
	=======

	Addresses found:
	[1]
	58.211.187.150 (Wed Dec 28 06:34:44 2016)



	zdb@dabin:~$ sudo fail2ban-client status sslproxy
	Status for the jail: sslproxy
	\|- filter
	\| \|- File list: /tmp/sslserver2.err.log
	\| \|- Currently failed: 749
	\| `- Total failed: 30181
	`- action
	\|- Currently banned: 70
	\| `- IP list: 180.111.66.108 222.129.49.81 183.6.154.181 219.140.225.199 115.236.175.131 112.64.60.206 106.38.101.46 118.193.97.36 159.226.47.211 121.207.32.136 180.168.164.107 113.105.10.46 117.82.142.224 119.41.196.189 124.74.131.122 119.6.9.179 113.72.153.32 171.221.203.127 36.47.160.143 183.15.17.221 111.200.18.1 180.139.140.233 14.154.202.154 219.217.250.115 202.105.68.78 119.98.210.62 202.108.14.240 110.52.140.226 218.4.157.82 221.239.96.186 123.207.142.193 123.85.0.34 116.228.145.98 202.105.84.98 222.205.104.143 117.71.53.46 180.171.201.162 58.214.6.66 60.191.108.98 116.31.92.195 58.240.111.198 103.254.68.227 125.34.210.201 114.224.104.61 218.247.17.100 116.233.8.180 117.28.251.189 106.39.107.121 42.84.228.0 183.129.172.36 183.6.129.98 180.168.43.50 42.120.75.3 202.197.74.106 119.36.54.139 219.228.146.60 120.32.116.51 115.156.233.60 125.88.24.155 124.126.210.160 119.188.36.2 223.104.38.124 59.173.177.248 202.105.116.213 183.240.19.60 123.126.70.237 139.205.146.69 111.200.23.26 218.25.39.56 125.35.5.254
	`- Total banned: 2364


	zdb@dabin:~$ tail -f /tmp/sslserver2.err.log
	2016/12/30 03:09:18 read error remote error: tls: unknown certificate authority 60.168.82.74:51602
	2016/12/30 03:09:20 read error remote error: tls: unknown certificate authority 125.71.214.16:53604
	2016/12/30 03:09:30 read error remote error: tls: unknown certificate authority 202.113.176.16:10065
	2016/12/30 03:09:31 read error remote error: tls: unknown certificate authority 166.111.32.213:48665
	2016/12/30 03:09:33 read error remote error: tls: unknown certificate authority 61.50.123.86:19998