Fail2Ban Notes by Chris Heath
Fail2Ban Install/Setup/Config Guides:
Example jail.local:
Script to check the status of all fail2ban jails.
1 2 3 4 5 6 | #!/bin/bash JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'` for JAIL in $JAILS do fail2ban-client status $JAIL done |
PHP & HTML webpage to check the status of all jails with Bash script backend.
index.php1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | <html> <body> <div style="font-family:monospace;"> <div style="margin: 0 auto; width: 740px;"> <p style="font-size:larger;text-align:center;"><strong>Fail2Ban Jail Status</strong></p> <div style="text-align:left;"> <?php shell_exec('sudo /usr/bin/f2b2html'); echo file_get_contents( "/tmp/f2b2" ); ?> </div> </div> </div> </body> </html> |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | #!/bin/bash echo "<hr />" > /tmp/f2b2 date >> /tmp/f2b2 echo "<hr />" > /tmp/f2b JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'` for JAIL in $JAILS do fail2ban-client status $JAIL >> /tmp/f2b echo "<hr />" >> /tmp/f2b done while read -r line do if [[ "$line" == "<"* ]] then printf "$line\n" >> /tmp/f2b2 else printf "$line<br />\n" >> /tmp/f2b2 fi done < /tmp/f2b |
Important: Edit the sudoers file (with visudo) and add a rule that allows the web server user to run the f2b2html script.
I inserted the following at the end of /etc/sudoers with visudo