mirror/Fail2Ban-Report
1
0
Fork 0
mirror of https://github.com/SubleXBle/Fail2Ban-Report.git synced 2026-01-30 13:28:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
802 Commits 2 Branches 10 Tags
f78b9a3d1cc2c1b009a24f9fc82e1dae0d71e4a5
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
SubleXBle f78b9a3d1c Create upload-json.sh
2025-08-22 13:10:18 +02:00
.github/ISSUE_TEMPLATE
Update issue templates
2025-07-30 04:57:31 +02:00
Backend
Update fail2ban_log2json.sh
2025-08-22 12:39:13 +02:00
Conf
Rename fail2ban-report.config to Conf/fail2ban-report.config
2025-08-16 20:18:40 +02:00
Docs
Update Setup-Instructions.md
2025-08-22 11:54:13 +02:00
Helper-Scripts
Create upload-json.sh
2025-08-22 13:10:18 +02:00
screenshots
Delete screenshots/text.txt
2025-08-17 22:37:58 +02:00
Web-UI
Update .htaccess
2025-08-21 12:45:43 +02:00
changelog.md
Update changelog.md
2025-08-21 12:21:54 +02:00
LICENSE
Initial commit
2025-07-27 18:42:34 +02:00
README.md
Update README.md
2025-08-17 23:48:21 +02:00

README.md

Fail2Ban-Report

Beta 5.0 | Version 0.5.0

A simple and clean web-based multi-Server dashboard to turn your daily Fail2Ban logs from your servers/hosts into searchable and filterable JSON reports — with optional IP blocklist management for UFW.

Integration

Designed for easy integration on a wide range of Linux systems — from small Raspberry Pis to modest business setups — though its not (yet) targeted at large-scale enterprise environments. High flexibility comes from the backend shell scripts, which you can adapt to your specific environment or log sources to provide the JSON data the web interface needs (daily JSON event files).

🛡️ Note: This tool is a visualization and management layer — it does not replace proper intrusion detection or access control. Deploy it behind IP restrictions or HTTP authentication.

🔐 Security Notice

Current Status:

Fail2Ban-Report currently manages bans and unbans through UFW, serving as a safe solution. It does not directly modify Fail2Ban jails or change existing fail2ban configurations as it uses ufw for it's own permanent "Jails" Fail2Ban-Report now supports multi-server setups and role-based access:
Viewer accounts are read-only, while Admins can manage bans/unbans via the dashboard.

Future Direction:

A potential long-term enhancement could include direct interaction with Fail2Ban jails — for example, user-controlled bans and unbans per jail.
The existing structured *.blocklist.json format is already designed to support this, ensuring that any future manual ban management can remain "persistent", reviewable, and fully auditable.

Please read the Installation Instructions carefully and secure your deployment with the provided .htaccess.

still a little experimental feature : Use the Installer Installer Setup Documentation It would be great if you tell me if the installer worked for your needs.

📚 What It Does

Fail2Ban-Report parses your fail2ban.log and generates JSON-based reports viewable via a responsive web dashboard.
It provides optional tools to:

  • 📊 Visualize ban and unban events, including per-jail statistics
  • Interact with IPs (e.g., manually block, unblock) — only Admins can perform actions
  • 📂 Maintain jail-specific and per-server persistent blocklists (JSON) with active, pending, and source metadata
  • 🔄 Sync those lists with your system firewall using ufw
  • 🌐 Switch between multiple servers in the dashboard for multi-server setups
  • 🚨 Show warning indicators when ban rates exceed configurable thresholds
  • 🚨 Show Markers when an IP Address is present multiple times in one (yellow) or more (red) jails

Note: Viewer accounts are read-only. Direct integration with other firewalls or native Fail2Ban jail commands is not yet implemented.

🧱 Architecture Overview

  • Backend Shell Scripts:

    • Parse logs and generate daily JSON event files
    • Maintain and update *.blocklist.json per server
    • Apply or remove firewall rules based on blocklist entries (ufw)
    • Support for multi-server environments (future: rsync backend)

  • Frontend Web Interface:

    • Displays event timelines, statistics, and per-jail blocklists
    • Allows multi-selection for bulk ban/report actions
    • Shows pending status for unprocessed manual actions
    • Displays real-time warning indicators
    • Server switching: choose which servers data to view
    • Authentication: Viewer (read-only) / Admin (Ban/Unban)

  • JSON Blocklists:

    • Stored per jail and per server
    • Contain IP entries with metadata (active, pending, timestamps, jail name, source)
    • Only admins can modify entries (block/unblock)

📦 Features

🔍 Searchable & filterable log reports — by date, jail, IP
🔧 Integrated JSON blocklist — persistent Block-Overview per server
🧱 Firewall sync — UFW supported (future: nftables, firewalld, rsync backend)
Lightweight setup — no DB, no frameworks
🔐 Secure & hardened — minimal external dependencies, strict headers, htaccess protected
🛠️ Installer / Setup scripts — automate folder creation, permissions, user management
🧩 Modular & extendable design — includes, paths, scripts clearly separated
🪵 Optional logging — block/unblock actions logged via firewall-update.sh
🕵️ Optional IP reputation check — AbuseIPDB manual lookup from UI
👥 User roles & authentication — Viewer (read-only) / Admin (Ban/Unban)
🌐 Multiserver support — switch between servers in UI, central blocklist management

🧰 Works even on small setups (Raspberry Pi, etc.)

👥 Discussions

If you want to join the conversation or have questions or ideas, visit the 💬 Discussions page.

🆕 What's New in V 0.5.0

  • Archive/ restructured → separated per server
  • /opt/Fail2Ban-Report/ reorganized → cleaner separation of configs and scripts
  • Centralized path management → reduced hardcoding, clearer structure
  • Multi-server dashboard → switch between servers seamlessly
  • Authentication → login with session, only admins can ban/unban
  • User management script (.sh) → manage Fail2Ban-Report User-List
  • User groups → Viewer (read-only) / Admin (ban/unban)
  • Working on the Sync-Backend

⚠️ Upgrade Notice

If you're upgrading from an existing installation

here will be added some new stuff

📄 Changelog

Details about all new features, improvements, and changed files can be found in the Changelog.

This is especially useful if you want to manually patch or update individual files.

🪳 Bugfixes (History)

  • Date filter now correctly limits displayed events (0.1.2)
  • Jail filter now correctly shows only the jails present in the displayed event list. (0.2.1)
  • File date filtering fix to include today's JSON logs and ensure latest files are listed correctly. (0.2.2)
  • Blocklist Path on unblocking fixed a possible bug that could lead to not finding the blocklist.json when unblocking from the Blocklist view. (0.2.2) → Hotfixed on 05.08.2025 at 13:10 (UTC+2) directly in latest (0.2.3)
  • Installer should now ask if you want to delete and reclone repo when allready existing (0.3.1)
  • Added FLOCK to lock json files to not loose data when several write processes write at the same time (0.3.2)

🛣️ Roadmap

I gave up the usual Roadmap - to have more freedom with development - Things like Multiserver was never on the Roadmap but allways in my mind. Using Fail2Ban-Report since it exists i have got some different views in terms of what Fail2Ban-Report is and how I think about what this project can become with a little time and polish. Suggestions and Ideas still welcome at any time (see Discussions) When you are using Fail2Ban-Report and you think "I would need to see .. " tell me, I am happy to see your Ideas!

👀 Outlook

  • 📦 Further Improvements & Security Enhancements

🖼️ Screenshots

screenshots/Header-050-1.png

New Header with Login/Logout and Server-Chooser - grey text when not logged in

screenshots/Header-050-2.png

Yellow Text when logged in user

screenshots/List-050-1.png

Fail2Ban - Event List

screenshots/Block-List-050-1.png

Blocklist

screenshots/Message-Toast-050-1.png

Message Toaster

screenshots/Message-Toast-050-2.png

New Feature : Block and Unblock Actions only for logged in admin role

🖥️ Demo

👀 Want to try out the look & feel? There's a simple demo version available here no backend, no real data: 👉 https://demo.suble.net/ 🔗

What It Is

  • A role-based web dashboard for Fail2Ban events: read-only for Viewers, action-enabled for Admins
  • A tool to visualize bans/unbans and manually manage blocked IPs
  • A log parser + JSON generator that works alongside your existing Fail2Ban setup
  • A way to sync a persistent, per-jail blocklist with your firewall (currently UFW only)
  • Supports multi-server setups, allowing you to switch between servers in the dashboard
  • Designed for sysadmins who want quick insights without SSH-ing into the server

What It Is Not

  • A replacement for Fail2Ban itself (it depends on Fail2Ban)
  • A real-time IDS/IPS (data updates depend on log parsing intervals)
  • A universal firewall manager (no native support for iptables/nftables, etc. — yet)
  • A tool for automatic jail management (manual actions only for now)
  • A heavy analytics platform — its lightweight and log-driven by design

🤝 Contributing

Pull requests, feature ideas and bug reports are very welcome!

  • Found a bug? → Open an issue
  • Want to contribute? → Fork and submit a pull request
  • Have an idea? → Start a discussion or reach out directly : visit the 💬 Discussions page

💡 “Wouldnt it be cool if it could also do XYZ?”
Absolutely — Im happy to hear your ideas.

📄 License

This project is licensed under the GPLv3.
Feel free to use, modify and share — but please respect the license terms.

Reference in New Issue View Git Blame Copy Permalink
Description
Web-based dashboard for Fail2Ban log filtering and blocklist control
Readme GPL-3.0 3.5 MiB
Languages
PHP 49.5%
JavaScript 24.1%
Shell 16.3%
CSS 10.1%