check_fail2ban
This plugins checks your server for banned IPs by fail2ban and lists those and their bantime
check_fail2ban
Installation
This plugin requires fail2ban and sudo installed. Also several commands must be runnable by nagios user with sudo, so add the following to visudo:
# Needed for check_fail2ban
nagios ALL=NOPASSWD: /usr/bin/fail2ban-client status
nagios ALL=NOPASSWD: /usr/bin/fail2ban-client status *
nagios ALL=NOPASSWD: /usr/bin/fail2ban-client get * bantime
Usage
./check_fail2ban -h Display this message
-w defaults to 10
-c defaults to 20
-t Time: Display until when IPs will be banned
-j i.e. comma separated string of jails, i.e. ssh,postfix
Only check those jails
Examples
./check_fail2ban -t -w 5 -c 10 -j ssh,postfix
./check_fail2ban -t
Example Output
OK:
Jail: dovecot-pop3imap
Ban Time: 1200
Currently Banned: 0
Banned IPs: None
Jail: postfix-iredmail
Ban Time: 3600
Currently Banned: 0
Banned IPs: None
Jail: ssh
Ban Time: 3600
Currently Banned: 1
Banned IPs: 123.123.123.124 banned till 2020-03-23 12:34:08,
Total banned: 1 IPs