Script to check Fail2ban service and jails

Discussion in 'Programming/Scripts' started by MaxT, Apr 19, 2019.

  1. MaxT

    MaxT Active Member

    I was tired of receiving a lot of fail2ban messages when booting. I could not find some script to check the fail2ban jails against the fail2ban configuration. Only solutions to list the active jails, for example like this: https://gist.github.com/kamermans/1076290
    Problem is, when a jail is stopped then it disappears and no info about that jail.

    I did this script which first parse the fail2ban config, and then check all the configured enabled jails to know its state.

    I supppose it can be improved although it works as it is.

    Code:
    #!/bin/bash
    #
    # --- Fail2Ban: Status of all Jails and Service ----
    #
    # This script is intended to replace the multiple fail2ban emails received when booting the machine.
    # It extract the active jails from fail2ban configuration and then check its  state.
    #
    # To use in a crontab task at boot. For only screen output, un-comment the final lines.
    #
    # To disable the fail2ban start jail messages, comment the "actionstart=" section inside
    # file /etc/fail2ban/action.d/sendmail-common.conf  or equivalent file.
    #
    #
    
    EMAIL="[email protected]"
    
    #--------------------------
    # Check F2b service with systemctl
    F2BSTATE=`systemctl list-unit-files | grep fail2ban`
    F2BSTATE="Status: $F2BSTATE\n"
    
    #--------------------------
    # Parse f2b config
    F2BPRE=`fail2ban-client -d | grep "'start'"`
    F2BPRE="${F2BPRE//[\'start\', \'}"
    F2BPRE="${F2BPRE//\'}"
    F2BPRE="${F2BPRE//]/,}"
    F2BPRE=$(echo $F2BPRE|tr -d '\n')
    F2BPRE="${F2BPRE// /}"
    F2BCONFIG=',' readarray -td, JCONF <<< "$F2BPRE"
    
    #--------------------------
    # Check jails
    JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
    for JAIL in $JAILS
    do
        CHECK="$(fail2ban-client status $JAIL |grep 'Status for the jail')"
        SJAIL="${CHECK#*:}"
        SJAIL=${SJAIL//[[:blank:]]/}
        VJAIL=$VJAIL$SJAIL,
    done
    F2BWORK=',' read -r -a JWORK <<< "$VJAIL"
    
    #--------------------------
    # List jails
    unset 'JCONF[${#JCONF[@]}-1]'
    for jailconf in "${JCONF[@]}"
    do
        for jailwork in "${JWORK[@]}"
        do
            if  [[ "$jailwork," =~ "$jailconf," ]]; then
               Rtsj="$jailconf: ok" 2>&1
               RESJ="$RESJ\n $Rtsj"
            else
               Rtsj="$jailconf: --- NOT WORKING! ---" 2>&1
               RESJ="$RESJ\n $Rtsj"
               WARN="\nWARNING: Some jails are not working:\n"
            fi
        done
    done
    
    # build message
    MTEXT="\n$MTEXT Fail2Ban $F2BSTATE"
    MTEXT="$MTEXT--------------------------------------------\n"
    
    
    #--------------------------
    # Output Screen
    echo -e $MTEXT $WARN $RESJ "\n\n--end--"
    
    #-------------------------
    # Send email
    echo -e $MTEXT $WARN $RESJ "\n\n--end--" | mail -s "Fail2Ban Status" $EMAIL
    
    Output:
    Code:
    
     Fail2Ban Status: fail2ban.service enabled
    --------------------------------------------
     
    WARNING: Some jails are not working:
     
     sshd: ok
     sshd-ddos: ok
     apache-auth: ok
     apache-noscript: ok
     apache-overflows: ok
     apache-nohome: ok
     apache-shellshock: ok
     php-url-fopen: ok
     roundcube-auth: ok
     webmin-auth: --- NOT WORKING! ---
     pure-ftpd: ok
     postfix: ok
     postfix-rbl: ok
     dovecot: ok
     sieve: ok
     postfix-sasl: ok
    
    --end--
    
    
     
    Last edited: Apr 19, 2019

Share This Page