Fail2Ban - Banned IP monitoring

Discussion in 'Installation/Configuration' started by sheshes, Feb 26, 2021.

  1. sheshes

    sheshes Member

    Does fail2ban store banned IPs in db?
    Is there a way to monitor banned ips for jails in ISPConfig webgui?
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You can view the banned IPs for a jail with
    fail2ban-client status JAILNAME
    Replace JAILNAME with the correct jailname.
  3. sheshes

    sheshes Member

    Yes I know that, but this is not very convenient on multiserver setup.

    Nevertheless for dovecot i get

    Status for the jail: dovecot
    |- Filter
    | |- Currently failed: 0
    | |- Total failed: 14
    | `- File list: /var/log/mail.log
    `- Actions
    |- Currently banned: 0
    |- Total banned: 1
    `- Banned IP list:

    What is this ban for?
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    It is currently not possible through the GUI as we can't monitor all jails that might be in use.

    It shows you currently no one is banned, one IP once was. It was banned because, well, it had too many failed login attempts.
  5. sheshes

    sheshes Member

    now it make sense.

    Thanks. It would be a nice feature though to add a tool to monitor bans as well as to manually remove/add jail bans
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    This is hard to do as the monitoring is updated with a cronjob, and it's hard to say which jails to monitor.
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You could have the slave server list jails (fail2ban-client does that) and loop through active jails to get the status and return what is reported to the master server.

    To unban an ip would work in the other direction, creating an event for the slave server with the jail name and ip to unban.

    You could create a feature request for it, though my guess is it wouldn't be very high priority. And I'm not sure how practical, as generally when I'm looking into mail issues and determine fail2ban is at play, I'm already logged in the mail server anyways, so heading over to the ispconfig interface to create a task which will be run one minute later would just be a nuisance on a number of levels. If mail users are regularly tripping the dovecot jail when you are helping them set up a new mailbox (so you are in the ui, not logged into the mail server), you probably need to relax the limits in that jail.

Share This Page