how to see a list of banned ip addresses and get its unban time? I know two methods to get list banned ip addresses.
Via fail2ban client:
sudo fail2ban-client status <jail name>
Via iptables:
sudo iptables --list --line-numbers --numeric
But both commands show only ban list. I need to know when this created iptables rules will be deleted.
sqlite3 -header -column 'file:/var/lib/fail2ban/fail2ban.sqlite3?mode=ro' \
"select * from bans where jail='<JAIL>' order by timeofban desc limit 10"
For instance this could be the statement to get all active bans:
select datetime(timeofban, 'unixepoch', 'localtime') as startofban,
datetime(timeofban + bantime, 'unixepoch', 'localtime') as endofban,
ip, jail, bantime, bancount, data from bips
where endofban > datetime('now', 'localtime')
order by jail, endofban
limit 10
Depending on version it can miss bantime field, then you have to replace it with static integer bantime set for the related jail in your configuration.
Here you can see banned ips unban time and some other information
while true; do
# Clear the terminal
clear
Display static header
echo -e "\e[1;44m List of Banned IPs \n\e[0m"
Fetch dynamic info
IPs=$(sudo fail2ban-client status sshd | grep "Banned IP list:" | sed 's/.*Banned IP list://g' | tr -s ' ' '\n')
current_count=$(echo -e "$IPs" | wc -l)
total_count=$(grep "Ban " /var/log/fail2ban.log | wc -l)
Display Currently Banned IPs and Total Banned to Date
echo -e "\e[1;32m Currently Banned IPs: $current_count\e[0m"
echo -e "\e[1;32m Total Banned to Date: $total_count\n\e[0m"
Display table headers
echo -e " ┌─────┬──────────────────────┬───────────┐"
echo -e " │ No. │ IP │ Unban In │"
echo -e " ├─────┼──────────────────────┼───────────┤"
Parse each IP and look up its ban time in the log file
echo -e "$IPs" | awk '{print NR, $1}' | while read -r num ip; do
ban_time=$(grep "$ip" /var/log/fail2ban.log | tail -1 | awk '{print $1 " " $2}' | xargs -I {} date -d {} +%s)
current_time=$(date +%s)
time_left=$(( 3600 - (current_time - ban_time) ))
mins=$(( (time_left + 59) / 60 ))
[ $mins -eq 0 ] && mins=1
printf " │ %2d │ %-15s │%4d mins │\n" "$num" "$ip" "$mins"
done
echo " └─────┴──────────────────────┴───────────┘" # Line below each IP
counter=0
server_info=""
for i in {59..0}; do
if ((counter % 10 == 0)); then
cpu_temp=$(cat /sys/class/thermal/thermal_zone0/temp 2>/dev/null)
cpu_load=$(uptime | awk -F 'load average: ' '{print $2}')
disk_usage=$(df -h / | awk 'NR==2 {print $5}')
memory_usage=$(free -m | awk 'NR==2 {print $3 "/" $2 "MB"}')
logged_users=$(who | awk '{print $1}' | sort -u | wc -l)
logged_users_list=$(who | awk '{print $1}' | sort | uniq | tr '\n' ', ' | sed 's/,$//')
cpu_temp_c=$(awk -v temp="$cpu_temp" 'BEGIN{printf "%.1f", temp / 1000}')
server_info="\e[1;32m\n - Server Info:\n - CPU Load : $cpu_load\n - CPU Temp : $cpu_temp_c °C\n - Disk Usage : $disk_usage\n - Memory Usage : $memory_usage\n - Count of unique logged-in users : $logged_users\n - Logged in as : $logged_users_list\n\e[0m"
fi
echo -e "\e[1;32m Current Time: $(date '+%H:%M:%S')\e[0m"
echo " ──────────────────────────────────────────"
echo -e "$server_info"
echo " ──────────────────────────────────────────"
counter=$((counter + 1))
sleep 1
# Clear the lines for server info and time, but no more than that
echo -ne "\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A"
done
done
