MOTDfetch/motdfetch.d/06-fail2ban

#!/usr/bin/env bash
#
# parse Fail2ban jail status, display failed and banned counts
# + Warning if currently more than 0
# + Danger  if currently more than 20
# 
# /!\ need root to display status, display warning for other user
#
# requirements: sudo apt install fail2ban

# GENERAL ###########################################################

# locale env
unset LC_ALL
export LC_MESSAGES=C

# check if module was disabled
module_disable=${module_fail2ban_disable:=0}
if (($module_disable == 1)); then
    exit 1
fi

# colors
c_txt=${c_txt:="39"}
c_txt_emphase=${c_txt_emphase:="35"}
c_txt_deco=${c_txt_deco:="97"}
c_txt_invert=${c_txt_invert:="30"}
c_bg=${c_bg_sec:="47"}
c_danger=${c_danger:="31"}
c_warning=${c_warning:="33"}
c_success=${c_success:="32"}
c_title=${c_title:="${c_bg};1;${c_txt_invert}m"}

# PREPARATIONS ######################################################

# check if fail2ban is available
if ! command -v fail2ban-client 1>/dev/null; then
    # output module header
    echo -e "\n\e[${c_title} Fail2Ban status  \e[0m\n"
    echo -e "  no Fail2Ban server available"
    exit 1
elif [[ ! `id -un` == "root" ]]; then
    echo -e "\n\e[${c_title} Fail2Ban status  \e[0m\n"
    echo -e "  you must be root to get Fail2Ban status"
    exit 1
fi

# OUTPUT ############################################################

echo -e "\n\e[${c_title} Fail2Ban status  \e[0m\n"

# fail2ban-client status to get all jails, takes about ~70ms
jails=($(fail2ban-client status | grep "Jail list:" | sed "s/ //g" | awk '{split($2,a,",");for(i in a) print a[i]}'))

out="\e[1;4;${c_txt}mJail name\e[24m,\e[4mFailed\e[24m,\e[4mTotal\e[24m,\e[4mBanned\e[24m,\e[4mTotal\e[24m\n"

for jail in ${jails[@]}; do
    # slow because fail2ban-client has to be called for every jail (~70ms per jail)
    status=$(fail2ban-client status ${jail})
    failed=$(echo "$status" | grep -ioP '(?<=Currently failed:\t)[[:digit:]]+')
    if [[ $failed -ge 20 ]]; then
        failed="\e[1;5;${c_danger}m${failed}\e[0m"
    elif [[ $failed -ge 1 ]]; then
        failed="\e[1;${c_warning}m${failed}\e[0m"
    fi
    totalfailed=$(echo "$status" | grep -ioP '(?<=Total failed:\t)[[:digit:]]+')
    banned=$(echo "$status" | grep -ioP '(?<=Currently banned:\t)[[:digit:]]+')
    if [[ $banned -ge 20 ]]; then
        banned="\e[1;5;${c_danger}m${banned}\e[0m"
    elif [[ $banned -ge 1 ]]; then
        banned="\e[1;${c_warning}m${banned}\e[0m"
    fi
    totalbanned=$(echo "$status" | grep -ioP '(?<=Total banned:\t)[[:digit:]]+')
    out+="\e[1;${c_txt_emphase}m${jail}\e[0m,$failed,$totalfailed,$banned,$totalbanned\n"
done

echo -e "$out" | column -ts $',' | sed 's/^/  /'
first commit 2023-02-07 10:10:46 +01:00			`#!/usr/bin/env bash`
			`#`
			`# parse Fail2ban jail status, display failed and banned counts`
			`# + Warning if currently more than 0`
			`# + Danger if currently more than 20`
			`#`
			`# /!\ need root to display status, display warning for other user`
			`#`
			`# requirements: sudo apt install fail2ban`

			`# GENERAL ###########################################################`

			`# locale env`
			`unset LC_ALL`
			`export LC_MESSAGES=C`

			`# check if module was disabled`
			`module_disable=${module_fail2ban_disable:=0}`
			`if (($module_disable == 1)); then`
			`exit 1`
			`fi`

			`# colors`
			`c_txt=${c_txt:="39"}`
			`c_txt_emphase=${c_txt_emphase:="35"}`
			`c_txt_deco=${c_txt_deco:="97"}`
			`c_txt_invert=${c_txt_invert:="30"}`
			`c_bg=${c_bg_sec:="47"}`
			`c_danger=${c_danger:="31"}`
			`c_warning=${c_warning:="33"}`
			`c_success=${c_success:="32"}`
			`c_title=${c_title:="${c_bg};1;${c_txt_invert}m"}`

			`# PREPARATIONS ######################################################`

			`# check if fail2ban is available`
			`if ! command -v fail2ban-client 1>/dev/null; then`
			`# output module header`
			`echo -e "\n\e[${c_title} Fail2Ban status \e[0m\n"`
			`echo -e " no Fail2Ban server available"`
			`exit 1`
			elif [[ ! `id -un` == "root" ]]; then
			`echo -e "\n\e[${c_title} Fail2Ban status \e[0m\n"`
			`echo -e " you must be root to get Fail2Ban status"`
			`exit 1`
			`fi`

			`# OUTPUT ############################################################`

			`echo -e "\n\e[${c_title} Fail2Ban status \e[0m\n"`

			`# fail2ban-client status to get all jails, takes about ~70ms`
			`jails=($(fail2ban-client status \| grep "Jail list:" \| sed "s/ //g" \| awk '{split($2,a,",");for(i in a) print a[i]}'))`

			`out="\e[1;4;${c_txt}mJail name\e[24m,\e[4mFailed\e[24m,\e[4mTotal\e[24m,\e[4mBanned\e[24m,\e[4mTotal\e[24m\n"`

			`for jail in ${jails[@]}; do`
			`# slow because fail2ban-client has to be called for every jail (~70ms per jail)`
			`status=$(fail2ban-client status ${jail})`
			`failed=$(echo "$status" \| grep -ioP '(?<=Currently failed:\t)[[:digit:]]+')`
			`if [[ $failed -ge 20 ]]; then`
			`failed="\e[1;5;${c_danger}m${failed}\e[0m"`
			`elif [[ $failed -ge 1 ]]; then`
			`failed="\e[1;${c_warning}m${failed}\e[0m"`
			`fi`
			`totalfailed=$(echo "$status" \| grep -ioP '(?<=Total failed:\t)[[:digit:]]+')`
			`banned=$(echo "$status" \| grep -ioP '(?<=Currently banned:\t)[[:digit:]]+')`
			`if [[ $banned -ge 20 ]]; then`
			`banned="\e[1;5;${c_danger}m${banned}\e[0m"`
			`elif [[ $banned -ge 1 ]]; then`
			`banned="\e[1;${c_warning}m${banned}\e[0m"`
			`fi`
			`totalbanned=$(echo "$status" \| grep -ioP '(?<=Total banned:\t)[[:digit:]]+')`
			`out+="\e[1;${c_txt_emphase}m${jail}\e[0m,$failed,$totalfailed,$banned,$totalbanned\n"`
			`done`

			`echo -e "$out" \| column -ts $',' \| sed 's/^/ /'`