--On Tuesday, May 17, 2022 10:52 AM -0400 Robert Kudyba wrote:
Nice script. Couple comments.
Thanks. I created it mainly to avoid the per-message emails and get a summary once a day.
The reported duration is a hack. Durations are stored per-ban so if you change the duration for a jail, the duration on earlier bans won't change. This script just reports the duration on the newest ban in a jail, assuming that's the current setting.
I probably should have attempted to write it in Python, which is what fail2ban is written in, but I'm more familiar with Perl. Now that it's coded, it should be easy to cut and paste fragments to produce other reports.
For the recidive jail, it shows -1, most admins will recognize this but you might consider a word like "permanent" : jail recidive for -1 seconds Also: jail apache-auth for 1 hours Perhaps 'hour(s)'?
Sounds reasonable.
Lastly if increment bans are set the script does not pick these up: 2022-05-17 08:59:27,832 fail2ban.observer [692536]: INFO [pam-generic] Found *46.101.38.229*, bad - 2022-05-17 08:59:27, 4 # -> 3, Ban
I wasn't aware of the incremental mode. I wonder if that stores bans in a different table?
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
