fail2ban-status.sh

chmod +x fail2ban-status.sh

# Запуск от root (или через sudo)
sudo ./fail2ban-status.sh

# Только определённый jail
sudo ./fail2ban-status.sh sshd

#!/usr/bin/env bash
set -euo pipefail

# fail2ban-status.sh — сводка по банам fail2ban
# Использование: sudo ./fail2ban-status.sh [jail]

if [ "$(id -u)" -ne 0 ]; then
    echo "Ошибка: запустите от root или через sudo" >&2
    exit 1
fi

JAIL_FILTER="${1:-}"
LOG="/var/log/fail2ban.log"
SINCE=$(date -d '24 hours ago' '+%Y-%m-%d %H:%M:%S' 2>/dev/null || date -v-24H '+%Y-%m-%d %H:%M:%S')

echo "═══ fail2ban: сводка ═══"
echo ""

# Получаем список jail
if [ -n "$JAIL_FILTER" ]; then
    JAILS="$JAIL_FILTER"
else
    JAILS=$(fail2ban-client status | grep "Jail list:" | sed 's/.*://;s/,/ /g' | xargs)
fi

TOTAL_BANNED=0

for jail in $JAILS; do
    STATUS=$(fail2ban-client status "$jail" 2>/dev/null) || continue
    CURRENT=$(echo "$STATUS" | grep "Currently banned:" | awk '{print $NF}')
    TOTAL=$(echo "$STATUS" | grep "Total banned:" | awk '{print $NF}')
    BANNED_IPS=$(echo "$STATUS" | grep "Banned IP list:" | sed 's/.*://' | xargs)

    echo "▸ $jail"
    echo "  Сейчас забанено: $CURRENT"
    echo "  Всего банов:     $TOTAL"
    [ -n "$BANNED_IPS" ] && echo "  IP: $BANNED_IPS"
    echo ""

    TOTAL_BANNED=$((TOTAL_BANNED + CURRENT))
done

echo "───────────────────────"
echo "Активных банов: $TOTAL_BANNED"
echo ""

# Топ IP за последние 24 часа из лога
if [ -f "$LOG" ]; then
    echo "▸ Топ-10 IP за 24ч:"
    grep "Ban " "$LOG" | awk -v since="$SINCE" '$0 >= since {print $NF}' | \
        sort | uniq -c | sort -rn | head -10 | \
        while read count ip; do
            printf "  %-16s %s раз\n" "$ip" "$count"
        done
fi

# Отчёт fail2ban каждое утро в 8:00
0 8 * * * /opt/scripts/fail2ban-status.sh | mail -s "fail2ban report" admin@example.com