#!/usr/bin/bash ####################################################################### #Script Name: fail2ban-block-report.sh #Version: 1.6 #Description: Wrapper for installing Da server #AbuseIPDB #Last Modify Date: 03102021 #Author:Brent Dacus #Email:brent[at]thedacus[dot]net ####################################################################### # Variables # ####################################################################### export COLUMNS=100 server=$(hostname -s) FAIL2BAN_PATH="/var/log/fail2ban*" LOGFILE="/var/log/fail2ban_report_$(date +%m%d%Y).log" MAILTOADDRESS="tech@delainhosting.com" MAILFROMADDRESS="tech@delainhosting.com" SUBJECT="Weekly Fail2Ban Report for $server." ####################################################################### # Functions # ####################################################################### linebreak() { printf '%*s\n' "${COLUMNS:-$(tput cols)}" '' | tr ' ' - >>$LOGFILE } ####################################################################### # Main # ####################################################################### printf "Report Date: %s.\n" "$(date +%m/%d/%Y)" >$LOGFILE linebreak printf "TOP 20 FREQUENTLY BANNED IP ADDRESSES.\n" >>$LOGFILE printf "Count\tIP Address\n" >>$LOGFILE linebreak # show only the most problomatic IP Addresses awk '/Ban/ {print $0}' /var/log/fail2ban.log | awk '!/Restore|Increase|Unban|INFO/ {print $8,$6}' | sort | uniq -cd | sort -nr | head -20 | awk '{printf "%-4d\t%-36s\t%-20s\n", $1, $2, $3}' >> $LOGFILE ## Generate GeoIP report echo '' >>$LOGFILE echo '' >>$LOGFILE echo '' >>$LOGFILE printf "IP Address\tCountry\n" >>$LOGFILE linebreak for ip in $(awk '/Ban/ {print $0}' /var/log/fail2ban.log | awk '!/Restore|Increase|Unban|INFO/ {print $8,$6}' | sort | uniq -cd | sort -nr | head -20 | awk '{print $2}'); do geo=$(geoiplookup -l $ip | cut -d ':' -f2) printf "%s\t%s\n" "$ip" "$geo" >>$LOGFILE done # EMail File after completion (wait 10 seconds to finish writing log first) sleep 10 mail -s "$SUBJECT" -r "$MAILFROMADDRESS" "$MAILTOADDRESS" <$LOGFILE