Skip to content

rework: enhance fail2ban Icinga2 check with new bans threshold#4

Open
JoyG1024 wants to merge 2 commits inton1tr0-5urf3r:masterfrom
tentwentyfour:master
Open

rework: enhance fail2ban Icinga2 check with new bans threshold#4
JoyG1024 wants to merge 2 commits inton1tr0-5urf3r:masterfrom
tentwentyfour:master

Conversation

@JoyG1024
Copy link

  • Added monitoring for new bans within a configurable time window (-m/-r/-R)
  • Cleaned output for proper Icinga2 format
  • Simplified per-jail display, removed IP list by default
  • Retained total banned IPs monitoring with warning/critical thresholds
  • Adjusted defaults to match site-specific values

Note: These changes have been made for personal use and on personal preference and as such may clash with the original creator's vision for the check, thus may be completely discarded

- Added monitoring for new bans within a configurable time window (-m/-r/-R)
- Cleaned output for proper Icinga2 format
- Simplified per-jail display, removed IP list by default
- Retained total banned IPs monitoring with warning/critical thresholds
- Adjusted defaults to match site-specific values
@JoyG1024 JoyG1024 marked this pull request as draft September 11, 2025 06:16
- Default output remains in the original format.
- New "-q" option provides a compact Nagios-style view.
- Note: these changes require read access to the fail2ban log files.
@JoyG1024
Copy link
Author

Added the -q option for the new short version OK: fail2ban running | total_banned=4531;5000;10000 new_bans_60min=8;25;50 as the old list one just wasn't readable at all due to a flood of banned bot ip still i changed it so that view remains default

@JoyG1024 JoyG1024 marked this pull request as ready for review September 11, 2025 07:10
@n1tr0-5urf3r
Copy link
Owner

Thanks for your PR! I will hopefully find the time to review your changes in the next days

@n1tr0-5urf3r
Copy link
Owner

@JoyG1024 after finally having a look, I'm not sure why you removed the check for the fail2ban-server binary, which is now hardcoded. Also your PR removes the check for sudo permissions. Did something change in fail2ban so that they are not required anymore?

@JoyG1024
Copy link
Author

JoyG1024 commented Nov 2, 2025

@n1tr0-5urf3r I am not currently on my work machine but my intention was not to remove checks i most likely forgot them as i toke the code apart checking and playing around and since my machine was not missing the permissions it didn’t come back to mind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants