How to get list banned ip and its unban time in fail2ban on Linux?

1. Fail2ban since version 0.11.1 supports new command which would provide you the list of banned-IPs and its times, see man or https://github.com/fail2ban/fail2ban/pull/2315#issuecomment-451779004 for details.
2. Otherwise fail2ban since version 0.9 has a sqlite-database where you also could obtain this information:

sqlite3 -header -column 'file:/var/lib/fail2ban/fail2ban.sqlite3?mode=ro' \
"select * from bans where jail='<JAIL>' order by timeofban desc limit 10"

For instance this could be the statement to get all active bans:

select datetime(timeofban, 'unixepoch', 'localtime') as startofban, 
datetime(timeofban + bantime, 'unixepoch', 'localtime') as endofban,
ip, jail, bantime, bancount, data from bips
where endofban > datetime('now', 'localtime')
order by jail, endofban
limit 10

Depending on version it can miss bantime field, then you have to replace it with static integer bantime set for the related jail in your configuration.

3. If you have some development background, it would be also possible using fail2ban python API

Related videos on Youtube

08 : 01

Detect and stop 404 request attacks with Fail2Ban and NGINX Access Logs

Cleavr

960

11 : 17

Automatically block brute-force attackers with Fail2Ban

Attack Detect Defend

662

01 : 35

How to get list banned ip and its unban time in fail2ban on Linux?

Roel Van de Paar

37

11 : 52

Fail2ban Tutorial | How to Secure Your Server

Linode

25

09 : 43

How To Protect Ubuntu With fail2ban

Tony Teaches Tech

4

Author by

Admin

Updated on September 18, 2022