#!/usr/bin/env bash
#
# parse Fail2ban jail status, display failed and banned counts
# + Warning if currently more than 0
# + Danger  if currently more than 20
# 
# /!\ need root to display status, display warning for other user
#
# requirements: sudo apt install fail2ban

# GENERAL ###########################################################

# locale env
unset LC_ALL
export LC_MESSAGES=C

# check if module was disabled
module_disable=${module_fail2ban_disable:=0}
if (($module_disable == 1)); then
    exit 1
fi

# colors
c_txt=${c_txt:="39"}
c_txt_emphase=${c_txt_emphase:="35"}
c_txt_deco=${c_txt_deco:="97"}
c_txt_invert=${c_txt_invert:="30"}
c_bg=${c_bg_sec:="47"}
c_danger=${c_danger:="31"}
c_warning=${c_warning:="33"}
c_success=${c_success:="32"}
c_title=${c_title:="${c_bg};1;${c_txt_invert}m"}

# PREPARATIONS ######################################################

# check if fail2ban is available
if ! command -v fail2ban-client 1>/dev/null; then
    # output module header
    echo -e "\n\e[${c_title} Fail2Ban status  \e[0m\n"
    echo -e "  no Fail2Ban server available"
    exit 1
elif [[ ! `id -un` == "root" ]]; then
    echo -e "\n\e[${c_title} Fail2Ban status  \e[0m\n"
    echo -e "  you must be root to get Fail2Ban status"
    exit 1
fi

# OUTPUT ############################################################

echo -e "\n\e[${c_title} Fail2Ban status  \e[0m\n"

# fail2ban-client status to get all jails, takes about ~70ms
jails=($(fail2ban-client status | grep "Jail list:" | sed "s/ //g" | awk '{split($2,a,",");for(i in a) print a[i]}'))

out="\e[1;4;${c_txt}mJail name\e[24m,\e[4mFailed\e[24m,\e[4mTotal\e[24m,\e[4mBanned\e[24m,\e[4mTotal\e[24m\n"

for jail in ${jails[@]}; do
    # slow because fail2ban-client has to be called for every jail (~70ms per jail)
    status=$(fail2ban-client status ${jail})
    failed=$(echo "$status" | grep -ioP '(?<=Currently failed:\t)[[:digit:]]+')
    if [[ $failed -ge 20 ]]; then
        failed="\e[1;5;${c_danger}m${failed}\e[0m"
    elif [[ $failed -ge 1 ]]; then
        failed="\e[1;${c_warning}m${failed}\e[0m"
    fi
    totalfailed=$(echo "$status" | grep -ioP '(?<=Total failed:\t)[[:digit:]]+')
    banned=$(echo "$status" | grep -ioP '(?<=Currently banned:\t)[[:digit:]]+')
    if [[ $banned -ge 20 ]]; then
        banned="\e[1;5;${c_danger}m${banned}\e[0m"
    elif [[ $banned -ge 1 ]]; then
        banned="\e[1;${c_warning}m${banned}\e[0m"
    fi
    totalbanned=$(echo "$status" | grep -ioP '(?<=Total banned:\t)[[:digit:]]+')
    out+="\e[1;${c_txt_emphase}m${jail}\e[0m,$failed,$totalfailed,$banned,$totalbanned\n"
done

echo -e "$out" | column -ts $',' | sed 's/^/  /'