Folks
I just started using fail2ban. It's a pretty good package. I wonder
if I could make some suggestions and/or ask for advice.
First, as a VERY SMALL comment, in the fail2ban-client status
request, the replay says "Number of jail:". To be a bit more
correct, it should probably say: "Number of jails".
Second, I'm trying to build a report for my own use, which would show
the current bans. Ideally, each line of the report contains:
- IP address that is banned
- When the ban started
- When the ban ends (or the duration of the ban)
- How many times the ban has been activated
- A reason for the ban
That last item, "reason for the ban", wouldn't have to be completely
accurate. It could, for example, be the important information from
the actual log event that activated the most recent ban.
As a 'hack', I have solved this by looking inside the internal
implementation, and at least until something changes, I can obtain
the information by using sqlite to read the internal database, and
then scanning the output of journalctl for a match on the IP
address. This isn't efficient nor good practice. If I could request
an enhancement, it would be:
- Augment the ban database to include an extract from the log-line
that activated the ban
- Provide a published method to read the current bans and return
the information, perhaps by modifying fail2ban-client.
Have I missed some more obvious way to get the information?
Thanks for the package.
David
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
