Beta 5

This version makes a big jump forward:

🌐 Multi-Server Support – view & manage multiple Fail2Ban servers from one dashboard
🔐 Authentication & Roles – viewer (read-only) and admin (ban/unban, blocklist mgmt.)
📂 Per-server archives & blocklists for cleaner organization
⚡ Performance improvements + refined marker system (repeat bans & ban increases)

It’s still shell + PHP (no DB, no frameworks), designed for small to medium setups, and works great on Raspberry Pi or VPS.

Author: SubleXBle

Backend/fail2ban_log2json.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+# This is the Logfile-Reader for the local installation - so you will have to edit the OUTPUT_JSON_DIR to fit your Webserver Installation
+#
+LOGFILE="/var/log/fail2ban.log"
+OUTPUT_JSON_DIR="/var/www/html/Fail2Ban-Report/archive/<SERVERNAME>/fail2ban"
+# <SERVERNAME> is the Name of your local Server Folder in archive/
+
+TODAY=$(date +"%Y-%m-%d")
+OUTPUT_JSON_FILE="$OUTPUT_JSON_DIR/fail2ban-events-$(date +"%Y%m%d").json"
+mkdir -p "$OUTPUT_JSON_DIR"
+
+echo "[" > "$OUTPUT_JSON_FILE"
+
+# Grep all relevant Events
+grep -E "(Ban|Unban)" "$LOGFILE" | awk -v today="$TODAY" '
+{
+    timestamp = $1 " " $2;
+    if (index(timestamp, today) != 1) next;
+
+    action = "";
+    ip = "";
+    if ($0 ~ /Increase Ban/) {
+        action = "Increase Ban";
+        match($0, /Increase Ban ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/, m);
+        if (m[1]) ip = m[1];
+    } else if ($0 ~ /Ban/) {
+        action = "Ban";
+        match($0, /Ban ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/, m);
+        if (m[1]) ip = m[1];
+    } else if ($0 ~ /Unban/) {
+        action = "Unban";
+        match($0, /Unban ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/, m);
+        if (m[1]) ip = m[1];
+    }
+
+    # Extract jail from first non-numeric bracketed section
+    text = $0;
+    c = 0;
+    delete arr;
+    while (match(text, /\[[^]]+\]/)) {
+        content = substr(text, RSTART+1, RLENGTH-2);
+        c++;
+        arr[c] = content;
+        text = substr(text, RSTART + RLENGTH);
+    }
+
+    jail = "unknown";
+    for(i=1; i<=c; i++) {
+        if (arr[i] !~ /^[0-9]+$/) {
+            jail = arr[i];
+            break;
+        }
+    }
+
+    if (ip != "") {
+        printf "  {\n    \"timestamp\": \"%s\",\n    \"action\": \"%s\",\n    \"ip\": \"%s\",\n    \"jail\": \"%s\"\n  },\n", timestamp, action, ip, jail;
+    }
+}
+' >> "$OUTPUT_JSON_FILE"
+
+# Remove last comma
+if [ -s "$OUTPUT_JSON_FILE" ]; then
+    sed -i '$ s/},/}/' "$OUTPUT_JSON_FILE"
+fi
+
+echo "]" >> "$OUTPUT_JSON_FILE"
+echo "✅ JSON created: $OUTPUT_JSON_FILE"

includes/unblock-ip.php Backend/firewall-update.shincludes/unblock-ip.php renamed to Backend/firewall-update.sh

@@ -1,11 +1,13 @@
 #!/bin/bash
-
+#
+# This is the Firewall-Update Script for the local installation - you you would have to edit the BLOCKLIST_DIR to fit your Installation
+#
 set -euo pipefail
 
 # --- Configuration ---
-BLOCKLIST_DIR="/var/www/vhosts/suble.org/xbkupx/Fail2Ban-Report/archive"
-LOGFILE="/opt/Fail2Ban-Report/Firewall-Report.log"
-LOGGING=true  # Set to true to enable logging
+BLOCKLIST_DIR="/var/www/html/Fail2Ban-Report/archive/<SERVERNAME>/blocklists"   # Or Webarchive when local
+LOGFILE="/opt/Fail2Ban-Report/Firewall.log"
+LOGGING=false  # Set to true to enable logging
 
 # --- Set PATH ---
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
@@ -49,37 +51,50 @@
   fi
 
   # Extract active and inactive IPs
-  active_ips=$(jq -r '.[] | select(.active != false) | .ip' "$FILE")
-  inactive_ips=$(jq -r '.[] | select(.active == false) | .ip' "$FILE")
+  mapfile -t active_ips < <(jq -r '.[] | select(.active != false) | .ip' "$FILE")
+  mapfile -t inactive_ips < <(jq -r '.[] | select(.active == false) | .ip' "$FILE")
+
+  blocked_success=()
 
-  # Block new IPs and update pending flag
-  for ip in $active_ips; do
+  # --- BLOCK: Collect all new IPs and block them ---
+  for ip in "${active_ips[@]}"; do
     if ! grep -qw "$ip" "$TMP_BLOCKED"; then
       log "Blocking IP: $ip"
       if ufw deny from "$ip"; then
-        log "Blocked $ip successfully, updating pending flag"
-        tmp_file=$(mktemp)
-        jq --arg ip "$ip" 'map(if .ip == $ip then .pending = false else . end)' "$FILE" > "$tmp_file" \
-          && mv "$tmp_file" "$FILE"
+        blocked_success+=("$ip")
       else
         log "Failed to block $ip via ufw"
       fi
     fi
   done
 
-  # Remove UFW rules for inactive IPs
-  for ip in $inactive_ips; do
+  # Reload UFW once after all block actions
+  if ((${#blocked_success[@]} > 0)); then
+    log "Reloading UFW after block actions"
+    ufw reload
+  fi
+
+  # --- UNBLOCK: Process each inactive IP individually ---
+  for ip in "${inactive_ips[@]}"; do
     mapfile -t rules < <(ufw status numbered | grep "$ip" | grep "DENY IN" | tac)
     for rule in "${rules[@]}"; do
       rule_number=$(echo "$rule" | awk -F'[][]' '{print $2}')
-      log "Removing UFW rule #$rule_number for IP: $ip"
-      ufw --force delete "$rule_number"
+      if [[ -n "$rule_number" ]]; then
+        log "Removing UFW rule #$rule_number for IP: $ip"
+        ufw --force delete "$rule_number"
+      fi
     done
   done
 
-  # Clean up JSON by removing inactive entries
+  # --- JSON Update: pending=false for blocked_success, remove inactive entries ---
   tmp_file=$(mktemp)
-  jq 'map(select(.active != false))' "$FILE" > "$tmp_file" && mv "$tmp_file" "$FILE"
+  BLOCK_JSON=$(printf '%s\n' "${blocked_success[@]:-}" | jq -R . | jq -s .)
+  jq --argjson ips "$BLOCK_JSON" '
+    map(
+      if (.ip as $ip | $ips | index($ip)) then .pending = false else . end
+    )
+    | map(select(.active != false))
+  ' "$FILE" > "$tmp_file" && mv "$tmp_file" "$FILE"
 
   # Set ownership and permissions
   chown www-data:www-data "$FILE"

Backend/multi/Fail2Ban-Report-cronscript.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# Fail2Ban-Report-cronscript.sh
+
+# change dir for cronjobs
+cd /opt/Fail2Ban-Report/Backend
+
+LOGFILE="/opt/Fail2Ban-Report/cronjobs.log"
+
+echo "----- cronrun start ------ $(date '+%Y-%m-%d %H:%M:%S')" >> "$LOGFILE"
+
+# Step 1: JSON generation
+echo "📝 Step 1: Generating JSON from Fail2Ban logs..." >> "$LOGFILE"
+./fail2ban_log2json.sh >> "$LOGFILE" 2>&1
+sleep 1
+
+# Step 2: Check for updates
+echo "🔎 Step 2: Checking for updates..." >> "$LOGFILE"
+./download-checker.sh >> "$LOGFILE" 2>&1
+DOWNLOAD_STATUS=$?
+
+# Step 3: Run firewall & sync only if updates available
+if [ $DOWNLOAD_STATUS -eq 0 ]; then
+    echo "✅ Updates found, running sync cycle..." >> "$LOGFILE"
+    ./firewall-update.sh >> "$LOGFILE" 2>&1
+    ./syncback.sh >> "$LOGFILE" 2>&1
+else
+    echo "ℹ️ No Updates, firewall & syncback skipped" >> "$LOGFILE"
+fi
+
+# Step 4: Always mark end of cronrun
+echo "----- cronrun done! ------ $(date '+%Y-%m-%d %H:%M:%S')" >> "$LOGFILE"

Backend/multi/config.env

@@ -0,0 +1,17 @@
+# === Shared Fail2Ban Report Client Config ===
+
+# Authentication
+CLIENT_USER="MyClientName"
+CLIENT_PASS="MyPassword"
+CLIENT_UUID="MyUUID"
+
+# Server URLs
+ENDPOINT_URL="https://my.server.tld/Fail2Ban-Report/endpoint/index.php"
+UPDATE_URL="https://my.server.tld/Fail2Ban-Report/endpoint/update.php"
+DOWNLOAD_URL="https://my.server.tld/Fail2Ban-Report/endpoint/download.php"
+BACKSYNC_URL="https://my.server.tld/Fail2Ban-Report/endpoint/backsync.php"
+
+# Local Paths
+OUTPUT_JSON_DIR="/opt/Fail2Ban-Report/archive/fail2ban"
+BLOCKLIST_DIR="/opt/Fail2Ban-Report/archive/blocklists"
+CLIENT_LOG="/var/log/fail2ban-report-client.log"

Backend/multi/downlod-checker.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+set -euo pipefail
+
+# === Config laden ===
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/config.env"
+
+mkdir -p "$BLOCKLIST_DIR"
+
+# --- Update-Check ---
+response=$(curl -s -X POST "$UPDATE_URL" \
+  -F "username=$CLIENT_USER" \
+  -F "password=$CLIENT_PASS" \
+  -F "uuid=$CLIENT_UUID")
+
+echo "Server Response:"
+echo "$response"
+
+updates=$(echo "$response" | jq -r '.updates | length')
+
+if [ "$updates" -eq 0 ]; then
+  echo "ℹ️ No updates available."
+  exit 1
+fi
+
+echo "✅ Updates available: $updates blocklist(s)."
+
+# --- download Blocklists ---
+for FILE in $(echo "$response" | jq -r '.updates[]'); do
+  echo "⬇️ Downloading $FILE ..."
+  curl -s -X POST "$DOWNLOAD_URL?file=$FILE" \
+    -d "username=$CLIENT_USER" \
+    -d "password=$CLIENT_PASS" \
+    -d "uuid=$CLIENT_UUID" \
+    -o "$BLOCKLIST_DIR/$FILE"
+
+  if [ $? -eq 0 ] && [ -s "$BLOCKLIST_DIR/$FILE" ]; then
+    echo "✅ $FILE downloaded successfully."
+  else
+    echo "❌ Failed to download $FILE"
+  fi
+done
+
+echo "🎉 All blocklists processed."

Backend/multi/fail2ban_log2json.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+# fail2ban_log2json.sh
+set -euo pipefail
+
+# === Config laden ===
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/config.env"
+
+# === Lokale Variablen ===
+LOGFILE="/var/log/fail2ban.log"
+TODAY=$(date +"%Y-%m-%d")
+TODAY_SHORT=$(date +"%Y%m%d")
+OUTPUT_JSON_FILE="$OUTPUT_JSON_DIR/fail2ban-events-$TODAY_SHORT.json"
+mkdir -p "$OUTPUT_JSON_DIR"
+
+echo "[" > "$OUTPUT_JSON_FILE"
+
+# Grep all relevant Events
+grep -E "(Ban|Unban)" "$LOGFILE" | awk -v today="$TODAY" '
+{
+    timestamp = $1 " " $2;
+    if (index(timestamp, today) != 1) next;
+
+    action = "";
+    ip = "";
+    if ($0 ~ /Increase Ban/) {
+        action = "Increase Ban";
+        match($0, /Increase Ban ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/, m);
+        if (m[1]) ip = m[1];
+    } else if ($0 ~ /Ban/) {
+        action = "Ban";
+        match($0, /Ban ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/, m);
+        if (m[1]) ip = m[1];
+    } else if ($0 ~ /Unban/) {
+        action = "Unban";
+        match($0, /Unban ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/, m);
+        if (m[1]) ip = m[1];
+    }
+
+    # Extract jail from first non-numeric bracketed section
+    text = $0;
+    c = 0;
+    delete arr;
+    while (match(text, /\[[^]]+\]/)) {
+        content = substr(text, RSTART+1, RLENGTH-2);
+        c++;
+        arr[c] = content;
+        text = substr(text, RSTART + RLENGTH);
+    }
+
+    jail = "unknown";
+    for(i=1; i<=c; i++) {
+        if (arr[i] !~ /^[0-9]+$/) {
+            jail = arr[i];
+            break;
+        }
+    }
+
+    if (ip != "") {
+        printf "  {\n    \"timestamp\": \"%s\",\n    \"action\": \"%s\",\n    \"ip\": \"%s\",\n    \"jail\": \"%s\"\n  },\n", timestamp, action, ip, jail;
+    }
+}
+' >> "$OUTPUT_JSON_FILE"
+
+if [ -s "$OUTPUT_JSON_FILE" ]; then
+    sed -i '$ s/},/}/' "$OUTPUT_JSON_FILE"
+fi
+echo "]" >> "$OUTPUT_JSON_FILE"
+echo "✅ JSON created: $OUTPUT_JSON_FILE"
+
+# === Upload JSON to Server ===
+upload_file() {
+    local file=$1
+    echo "🔄 Uploading $file ..."
+
+    response=$(curl -s -w "\n%{http_code}" -X POST "$ENDPOINT_URL" \
+        -F "username=$CLIENT_USER" \
+        -F "password=$CLIENT_PASS" \
+        -F "uuid=$CLIENT_UUID" \
+        -F "file=@$file" || true)
+
+    http_code=$(tail -n1 <<< "$response")
+    body=$(sed '$d' <<< "$response")
+
+    if [ "$http_code" -eq 0 ]; then
+        echo "$(date '+%Y-%m-%d %H:%M:%S') ❌ Connection failed to $ENDPOINT_URL" | tee -a "$CLIENT_LOG"
+        return 1
+    fi
+
+    echo "$(date '+%Y-%m-%d %H:%M:%S') HTTP Status: $http_code" | tee -a "$CLIENT_LOG"
+    echo "$(date '+%Y-%m-%d %H:%M:%S') Response Body: $body" | tee -a "$CLIENT_LOG"
+
+    if [ "$http_code" -ne 200 ]; then
+        echo "$(date '+%Y-%m-%d %H:%M:%S') ❌ Upload failed (HTTP $http_code)" | tee -a "$CLIENT_LOG"
+        return 1
+    fi
+
+    success=$(echo "$body" | jq -r '.success // empty')
+    if [ "$success" != "true" ]; then
+        message=$(echo "$body" | jq -r '.message // empty')
+        echo "$(date '+%Y-%m-%d %H:%M:%S') ❌ Endpoint rejected the file: $message" | tee -a "$CLIENT_LOG"
+        return 1
+    fi
+
+    echo "$(date '+%Y-%m-%d %H:%M:%S') ✅ Upload succeeded for $file" | tee -a "$CLIENT_LOG"
+}
+
+upload_file "$OUTPUT_JSON_FILE"
+echo "✅ Upload completed."

firewall-update.sh Backend/multi/firewall-update.shfirewall-update.sh renamed to Backend/multi/firewall-update.sh

@@ -3,8 +3,8 @@
 set -euo pipefail
 
 # --- Configuration ---
-BLOCKLIST_DIR="/path/to/web/archive"
-LOGFILE="/var/log/Fail2Ban-Report.log"
+BLOCKLIST_DIR="/opt/Fail2Ban-Report/archive/blocklists"   # Or Webarchive when local
+LOGFILE="/opt/Fail2Ban-Report/Firewall.log"
 LOGGING=true  # Set to true to enable logging
 
 # --- Set PATH ---