From: Daminto L. <dl...@ya...> - 2014-06-24 06:39:24
|
Hi, I have recently updated my fail2ban to 0.9.0. And I also learnt that fail2ban uses the persistent database which is located at /var/lib/fail2ban/fail2ban.sqlite3. I'm sorry if I ask this dumb question - how do I access to this sqlite3 to view which IPs got blocked? I run Ubuntu Server 12.04 32bit. Any help would be greatly appreciated. Thank you very much |
From: Steven H. <ste...@hi...> - 2014-06-24 20:31:04
|
On 24/06/14 07:22, Daminto Lie wrote: > Hi, > > I have recently updated my fail2ban to 0.9.0. And I also learnt that > fail2ban uses the persistent database which is located at > /var/lib/fail2ban/fail2ban.sqlite3. > > I'm sorry if I ask this dumb question - how do I access to this sqlite3 > to view which IPs got blocked? > > I run Ubuntu Server 12.04 32bit. > > Any help would be greatly appreciated. > > Thank you very much > Daminto, The database is currently only used internally within Fail2Ban to support re-ban after restart, and allows actions to make use log lines capture across multiple bans for current or all jails (e.g. for X-ARF reporting in conjunction with `recidive` jail). You can access the Fail2BanDb class in fail2ban.server.database: http://fail2ban.readthedocs.org/en/latest/fail2ban.server.database.html#fail2ban.server.database.Fail2BanDb The above class should allow you to connect to and query the database. Contributions welcome if anyone is interested in making a tool, or fail2ban-client extension, to allow this to be queried ;-) You also may want to consider using services like badips.com or blocklist.de; they allow you to report bans via Fail2Ban and offer a stats and graphs of your bans; Fail2Ban has actions for both services. The "badips.py" action (a new Python based action) can also exploit other actions within a jail to act as a blacklist. Thanks -- Steven Hiscocks |