I was tired of receiving a lot of fail2ban messages when booting. I could not find some script to check the fail2ban jails against the fail2ban configuration. Only solutions to list the active jails, for example like this: https://gist.github.com/kamermans/1076290 Problem is, when a jail is stopped then it disappears and no info about that jail. I did this script which first parse the fail2ban config, and then check all the configured enabled jails to know its state. I supppose it can be improved although it works as it is. Code: #!/bin/bash # # --- Fail2Ban: Status of all Jails and Service ---- # # This script is intended to replace the multiple fail2ban emails received when booting the machine. # It extract the active jails from fail2ban configuration and then check its state. # # To use in a crontab task at boot. For only screen output, un-comment the final lines. # # To disable the fail2ban start jail messages, comment the "actionstart=" section inside # file /etc/fail2ban/action.d/sendmail-common.conf or equivalent file. # # EMAIL="[email protected]" #-------------------------- # Check F2b service with systemctl F2BSTATE=`systemctl list-unit-files | grep fail2ban` F2BSTATE="Status: $F2BSTATE\n" #-------------------------- # Parse f2b config F2BPRE=`fail2ban-client -d | grep "'start'"` F2BPRE="${F2BPRE//[\'start\', \'}" F2BPRE="${F2BPRE//\'}" F2BPRE="${F2BPRE//]/,}" F2BPRE=$(echo $F2BPRE|tr -d '\n') F2BPRE="${F2BPRE// /}" F2BCONFIG=',' readarray -td, JCONF <<< "$F2BPRE" #-------------------------- # Check jails JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'` for JAIL in $JAILS do CHECK="$(fail2ban-client status $JAIL |grep 'Status for the jail')" SJAIL="${CHECK#*:}" SJAIL=${SJAIL//[[:blank:]]/} VJAIL=$VJAIL$SJAIL, done F2BWORK=',' read -r -a JWORK <<< "$VJAIL" #-------------------------- # List jails unset 'JCONF[${#JCONF[@]}-1]' for jailconf in "${JCONF[@]}" do for jailwork in "${JWORK[@]}" do if [[ "$jailwork," =~ "$jailconf," ]]; then Rtsj="$jailconf: ok" 2>&1 RESJ="$RESJ\n $Rtsj" else Rtsj="$jailconf: --- NOT WORKING! ---" 2>&1 RESJ="$RESJ\n $Rtsj" WARN="\nWARNING: Some jails are not working:\n" fi done done # build message MTEXT="\n$MTEXT Fail2Ban $F2BSTATE" MTEXT="$MTEXT--------------------------------------------\n" #-------------------------- # Output Screen echo -e $MTEXT $WARN $RESJ "\n\n--end--" #------------------------- # Send email echo -e $MTEXT $WARN $RESJ "\n\n--end--" | mail -s "Fail2Ban Status" $EMAIL Output: Code: Fail2Ban Status: fail2ban.service enabled -------------------------------------------- WARNING: Some jails are not working: sshd: ok sshd-ddos: ok apache-auth: ok apache-noscript: ok apache-overflows: ok apache-nohome: ok apache-shellshock: ok php-url-fopen: ok roundcube-auth: ok webmin-auth: --- NOT WORKING! --- pure-ftpd: ok postfix: ok postfix-rbl: ok dovecot: ok sieve: ok postfix-sasl: ok --end--
