check_fail2ban

This plugins checks your server for banned IPs by fail2ban and lists those and their bantime

check_fail2ban

Installation

This plugin requires fail2ban and sudo installed. Also several commands must be runnable by nagios user with sudo, so add the following to visudo:

    # Needed for check_fail2ban
    nagios  ALL=NOPASSWD: /usr/bin/fail2ban-client status
    nagios  ALL=NOPASSWD: /usr/bin/fail2ban-client status *
    nagios  ALL=NOPASSWD: /usr/bin/fail2ban-client get * banip
    nagios  ALL=NOPASSWD: /usr/bin/fail2ban-client get * banip --with-time
    nagios  ALL=NOPASSWD: /usr/bin/fail2ban-client get * bantime

Usage

        ./check_fail2ban -h Display this message
                         -w  defaults to 10
                         -c  defaults to 20
                         -t Time: Display until when IPs will be banned
                         -j  i.e. comma separated string of jails, i.e. ssh,postfix
                            Only check those jails

Examples

        ./check_fail2ban -t -w 5 -c 10 -j ssh,postfix
        ./check_fail2ban -t

Example Output

    OK:
    Jail: dovecot-pop3imap
    Ban Time: 1200
    Currently Banned: 0
    Banned IPs: None

    Jail: postfix-iredmail
    Ban Time: 3600
    Currently Banned: 0
    Banned IPs: None

    Jail: ssh
    Ban Time: 3600
    Currently Banned: 1
    Banned IPs: 123.123.123.124 banned till 2020-03-23 12:34:08, 

    Total banned: 1 IPs

Icinga

Events

Learn

Support