View your Fail2Ban victims
Published -I wanted a way to see at a glance if I had caught any bad actors with my fail2ban filters. So I write a bash script to show them to me ๐ฎ
The script
#!/bin/bash
# Get all active jails
JAILS=$(sudo fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g')
# Print header
printf "%-20s | %-10s | %-10s | %-10s\n" "JAIL" "STATUS" "BANNED" "FAILED"
printf "%-20s | %-10s | %-10s | %-10s\n" "--------------------" "----------" "----------" "----------"
# Check each jail
for JAIL in $JAILS; do
# Get jail status
STATUS=$(sudo fail2ban-client status $JAIL)
# Extract banned IP count
BANNED=$(echo "$STATUS" | grep "Currently banned:" | awk '{print $NF}')
# Extract failed attempts count
FAILED=$(echo "$STATUS" | grep "Total failed:" | awk '{print $NF}')
# Print the information
printf "%-20s | %-10s | %-10s | %-10s\n" "$JAIL" "ACTIVE" "$BANNED" "$FAILED"
done
Output
JAIL | STATUS | BANNED | FAILED
-------------------- | ---------- | ---------- | ----------
sshd | ACTIVE | 2 | 45
nginx-http-auth | ACTIVE | 0 | 12
nginx-404 | ACTIVE | 5 | 87
- Shows all active jails automatically
- Displays current ban count and total failed attempts for each jail
- Clean, aligned output in table format
- Doesn't require you to manually specify jail names
Simples๐
I've added a call to the script at the end of my .bashrc file so when I log-in it shows me the log.
OK, so I get prompted for my sudo password as soon as I log in but that's fine with me. ๐
Stay Lucky ๐ค