Fail2Ban Notes by Chris Heath

[back to chrisheath.us ⤶]

Fail2Ban Install/Setup/Config Guides:

Example jail.local:

  • [DEFAULT]
  •   # “ignoreip” can be an IP address, a CIDR mask or a DNS host
  •   ignoreip = 127.0.0.1 75.69.154.181 nh.comcast.net
  •   bantime = 86400 ; 1 day
  •   findtime = 604800 ; 1 week
  •   maxretry = 3
  • # SSH JAIL SETTINGS
  • [sshd]
  •   enabled = true
  •   filter = sshd
  •   action = iptables-allports[name=SSH, port=ssh, protocol=tcp]
  •   #sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
  •   logpath=/var/log/secure
  •   maxretry = 2
  • # JAIL FOR MULTIPLE OFFENDERS
  • [recidive]
  •   enabled = true
  •   filter = recidive
  •   logpath = /var/log/fail2ban.log
  •   action = iptables-allports[name=recidive]
  •   bantime = 604800 ; 1 week
  •   findtime = 604800 ; 1 week
  •   maxretry = 2

We begin with a basic script to check the status of all fail2ban jails.
This script will be modified later but is the base upon which we will build.

1
2
3
4
5
6
#!/bin/bash
JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
do
   fail2ban-client status $JAIL
done

PHP & HTML webpage to display the status of all jails (from a text file created by a bash script).

index.php 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
<html>
<body>
 <div style="font-family: monospace;">
  <div style="margin: 0 auto; width: 740px;">
   <p style="font-size: larger; text-align: center;"><strong>Fail2Ban Jail Status</strong></p>
   <div style="text-align: left;">
    <?php
     $f2b2_content = file_get_contents("f2b2");
     if ($f2b2_content !== false) {
         echo $f2b2_content;
     } else {
         echo "Failed to load Fail2Ban status data.";
     }
    ?>
   </div>
  </div>
 </div>
</body>
</html>

The bash script that will create the text file used by our index.php

/usr/bin/f2b2html 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#!/bin/bash
echo "<hr />" > /var/www/html/eyethrees.net/fail2ban/f2b2
date >> /var/www/html/eyethrees.net/fail2ban/f2b2
echo "<hr />" > /var/www/html/eyethrees.net/fail2ban/f2b
JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
 do
 fail2ban-client status $JAIL >> /var/www/html/eyethrees.net/fail2ban/f2b
 echo "<hr />" >> /var/www/html/eyethrees.net/fail2ban/f2b
done
while read -r line
 do
 if [[ "$line" == "<"* ]]
  then
  printf "$line\n" >> /var/www/html/eyethrees.net/fail2ban/f2b2
  else
  # Use grep to filter out lines containing "Banned IP list"
  if ! echo "$line" | grep -q "Banned IP list"
  then
    # Create a variable to store the formatted line
    formatted_line="$line"
    # Loop through JAILS and apply <strong> tags to each jail name
    for JAIL in $JAILS
    do
      formatted_line=$(echo "$formatted_line" | sed -e "s/\($JAIL\)/<strong>\1<\/strong>/g")
    done
    printf "$formatted_line<br />\n" >> /var/www/html/eyethrees.net/fail2ban/f2b2
  fi
 fi
done < /var/www/html/eyethrees.net/fail2ban/f2b


Finally, create a cron job that will run the f2b2html script periodically at your choosing.

[back to chrisheath.us ⤶]