如何查看被禁 IP 地址列表并获取其解禁时间?我知道两种获取被禁 IP 地址列表的方法。
通过 fail2ban 客户端:
sudo fail2ban-client status <jail name>
通过 iptables:
sudo iptables --list --line-numbers --numeric
但两个命令都只显示禁止列表。我需要知道何时删除此创建的 iptables 规则。
答案1
- Fail2ban 自 0.11.1 版本起支持新命令,该命令将为您提供被禁止的 IP 列表及其时间,请参阅 man 或https://github.com/fail2ban/fail2ban/pull/2315#issuecomment-451779004了解详情。
- 否则,fail2ban 自 0.9 版本以来就有一个 sqlite 数据库,您也可以从中获取以下信息:
sqlite3 -header -column 'file:/var/lib/fail2ban/fail2ban.sqlite3?mode=ro' \
"select * from bans where jail='<JAIL>' order by timeofban desc limit 10"
例如,这可能是获取所有有效禁令的声明:
select datetime(timeofban, 'unixepoch', 'localtime') as startofban,
datetime(timeofban + bantime, 'unixepoch', 'localtime') as endofban,
ip, jail, bantime, bancount, data from bips
where endofban > datetime('now', 'localtime')
order by jail, endofban
limit 10
根据版本的不同,它可能会丢失bantime字段,然后您必须用配置中为相关监狱设置的静态整数 bantime 替换它。
- 如果你有一些开发背景,也可以使用 fail2ban python API
答案2
在这里你可以看到被禁IP、解禁时间以及其他一些信息
while true; do
# Clear the terminal
clear
# Display static header
echo -e "\e[1;44m List of Banned IPs \n\e[0m"
# Fetch dynamic info
IPs=$(sudo fail2ban-client status sshd | grep "Banned IP list:" | sed 's/.*Banned IP list://g' | tr -s ' ' '\n')
current_count=$(echo -e "$IPs" | wc -l)
total_count=$(grep "Ban " /var/log/fail2ban.log | wc -l)
# Display Currently Banned IPs and Total Banned to Date
echo -e "\e[1;32m Currently Banned IPs: $current_count\e[0m"
echo -e "\e[1;32m Total Banned to Date: $total_count\n\e[0m"
# Display table headers
echo -e " ┌─────┬──────────────────────┬───────────┐"
echo -e " │ No. │ IP │ Unban In │"
echo -e " ├─────┼──────────────────────┼───────────┤"
# Parse each IP and look up its ban time in the log file
echo -e "$IPs" | awk '{print NR, $1}' | while read -r num ip; do
ban_time=$(grep "$ip" /var/log/fail2ban.log | tail -1 | awk '{print $1 " " $2}' | xargs -I {} date -d {} +%s)
current_time=$(date +%s)
time_left=$(( 3600 - (current_time - ban_time) ))
mins=$(( (time_left + 59) / 60 ))
[ $mins -eq 0 ] && mins=1
printf " │ %2d │ %-15s │%4d mins │\n" "$num" "$ip" "$mins"
done
echo " └─────┴──────────────────────┴───────────┘" # Line below each IP
counter=0
server_info=""
for i in {59..0}; do
if ((counter % 10 == 0)); then
cpu_temp=$(cat /sys/class/thermal/thermal_zone0/temp 2>/dev/null)
cpu_load=$(uptime | awk -F 'load average: ' '{print $2}')
disk_usage=$(df -h / | awk 'NR==2 {print $5}')
memory_usage=$(free -m | awk 'NR==2 {print $3 "/" $2 "MB"}')
logged_users=$(who | awk '{print $1}' | sort -u | wc -l)
logged_users_list=$(who | awk '{print $1}' | sort | uniq | tr '\n' ', ' | sed 's/,$//')
cpu_temp_c=$(awk -v temp="$cpu_temp" 'BEGIN{printf "%.1f", temp / 1000}')
server_info="\e[1;32m\n - Server Info:\n - CPU Load : $cpu_load\n - CPU Temp : $cpu_temp_c °C\n - Disk Usage : $disk_usage\n - Memory Usage : $memory_usage\n - Count of unique logged-in users : $logged_users\n - Logged in as : $logged_users_list\n\e[0m"
fi
echo -e "\e[1;32m Current Time: $(date '+%H:%M:%S')\e[0m"
echo " ──────────────────────────────────────────"
echo -e "$server_info"
echo " ──────────────────────────────────────────"
counter=$((counter + 1))
sleep 1
# Clear the lines for server info and time, but no more than that
echo -ne "\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A\033[2K\033[A"
done
done