Fail2Ban Notes by Chris Heath

[back to chrisheath.us ⤶]


Fail2Ban Install/Setup/Config Guides:


Example jail.local:

  • [DEFAULT]
  •   # “ignoreip” can be an IP address, a CIDR mask or a DNS host
  •   ignoreip = 127.0.0.1 75.69.154.181 nh.comcast.net
  •   bantime = 86400 ; 1 day
  •   findtime = 604800 ; 1 week
  •   maxretry = 3
  • # SSH JAIL SETTINGS
  • [sshd]
  •   enabled = true
  •   filter = sshd
  •   action = iptables-allports[name=SSH, port=ssh, protocol=tcp]
  •   #sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
  •   logpath=/var/log/secure
  •   maxretry = 2
  • # JAIL FOR MULTIPLE OFFENDERS
  • [recidive]
  •   enabled = true
  •   filter = recidive
  •   logpath = /var/log/fail2ban.log
  •   action = iptables-allports[name=recidive]
  •   bantime = 604800 ; 1 week
  •   findtime = 604800 ; 1 week
  •   maxretry = 2

Script to check the status of all fail2ban jails.

1
2
3
4
5
6
#!/bin/bash
JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
do
   fail2ban-client status $JAIL
done


PHP & HTML webpage to check the status of all jails with Bash script backend.

index.php
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
<html>
<body>
 <div style="font-family:monospace;">
  <div style="margin: 0 auto; width: 740px;">
   <p style="font-size:larger;text-align:center;"><strong>Fail2Ban Jail Status</strong></p>
   <div style="text-align:left;">
    <?php
     shell_exec('sudo /usr/bin/f2b2html');
     echo file_get_contents( "/tmp/f2b2" );
    ?>
   </div>
  </div>
 </div>
</body>
</html>

/usr/bin/f2b2html
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
#!/bin/bash
echo "<hr />" > /tmp/f2b2
date >> /tmp/f2b2
echo "<hr />" > /tmp/f2b
JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
 do
 fail2ban-client status $JAIL >> /tmp/f2b
 echo "<hr />" >> /tmp/f2b
done
while read -r line
 do
 if [[ "$line" == "<"* ]]
  then
  printf "$line\n" >> /tmp/f2b2
  else
  printf "$line<br />\n" >> /tmp/f2b2
 fi
done < /tmp/f2b

Important: Edit the sudoers file (with visudo) and add a rule that allows the web server user to run the f2b2html script.

  • visudo

I inserted the following at the end of /etc/sudoers with visudo

  • apache ALL=NOPASSWD: /usr/bin/f2b2html

[back to chrisheath.us ⤶]