#!/bin/bash
#
# Author: Gregg Lain  {gregg at mochabomb daht com}
# 
# Version 0.10 Initial release  Jan 11, 2008
#
# fail2ban-check : check your complete fail2ban configuration
#
# Usage: fail2ban-check  ( no ARGS )
#
# Purpose: Test fail2ban as configured in jail.conf and filter.d  
#          recursively for all tests that are "true" and search all
#          log files until a "Success" is found.  I wrote this because
#          it was a lot of work to test my regex _and_ find a log file
#          that had good failures to test against - and correctly 
#          configure many servers - you can see here I did not have 
#          dovecot configured correctly. That day I wrote this script.  
#
#
#  Sample output: startup status, test, regex, logfile, result
#
#      [root@server log]# /usr/local/sbin/fail2ban-check
#  
#      -----------   fail2ban setup check ---------------------------------------------
#      fail2ban        0:off   1:off   2:on    3:on    4:off   5:on    6:off
#      Fail2ban (pid 848
#      32460) is running...
#      Status
#      |- Number of jail:      3
#      `- Jail list:           dovecot-iptables, vsftpd-iptables, sasl-iptables
#      
#      ________________________________________________________________________________
#      /usr/bin/fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/dovecot.conf
#      dovecot    389 13565  0 03:03 ?        00:00:00 pop3-login
#      dovecot    844 13565  0 03:20 ?        00:00:00 pop3-login
#      root     13565     1  0 Jan08 ?        00:00:02 /usr/sbin/dovecot
#      root     13567 13565  0 Jan08 ?        00:00:01 dovecot-auth
#      dovecot  13571 13565  0 Jan08 ?        00:00:00 imap-login
#      dovecot  13572 13565  0 Jan08 ?        00:00:00 imap-login
#      dovecot  13573 13565  0 Jan08 ?        00:00:00 imap-login
#      dovecot  32404 13565  0 02:57 ?        00:00:00 pop3-login
#      Use regex file : /etc/fail2ban/filter.d/dovecot.conf
#      Use log file   : /var/log/secure
#      /var/log/secure.17   Success, the total number of match is 916
#      Test result: Success
#  
# ---------------  end sample output ------------------------------------------
#
# Props:   Thank you Cyril for your project - its help me sleep better. 
#
# Note: It will echo "Success" on the first fail2ban-regex logfile that 
#       it finds, starting for eample with /var/log/secure, then to 
#       secure.1 and so on.  If you have _many_ logs such as secure.760
#       it will search every one until moving onto the next test.
#
# Limitation: This is written for fail2ban 0.8 - may modify for other
#             versions
#
# Comments, bug reports - welcome to email above
#



#  Temp files for work - use apg or date based - date based is default
#  apg - clean tmp file names
#TESTFILE=/var/tmp/`apg -n 1 -a 0 -m 30` 2> /dev/null
#LOGFILE=/var/tmp/`apg -n 1 -a 0 -m 30` 2> /dev/null
#
# ** Note - if apg is not installed, use these instead (default)
TESTFILE=/var/tmp/`date '+%m%d%Ytest%m%H%S'`
LOGFILE=/var/tmp/`date '+%m%d%Ylog%m%H%S'`

touch ${TESTFILE}
touch ${LOGFILE}

cat /etc/fail2ban/jail.conf | sed -n -e '/= true/,/logpath/p' | egrep -v -e '^#' > ${TESTFILE}

FILTERARRAY=()
LOGARRAY=()
# Fill the arrays
i=0
j=0
AREWEOK="Fail"

imax=`cat $TESTFILE | grep filter | wc -l | awk {'print $1'}`

for FILTER in `grep filter ${TESTFILE} | sed 's/filter.*=//'`; do
FILTERARRAY[$i]=$FILTER
i=`expr $i + 1`
done

for LOGPATH in `grep logpath ${TESTFILE} | sed 's/logpath.*= //'`; do
LOGPATHARRAY[$j]=$LOGPATH
j=`expr $j + 1`
done

# echo fail2ban startup status and currently running?
echo ""
echo "-----------   fail2ban setup check ------------------------------------------------------------"
chkconfig --list | grep fail2ban
/etc/init.d/fail2ban status

m=1
n=0
while [ $n -lt $imax ]; do
echo ""; echo "________________________________________________________________________________"
echo "/usr/bin/fail2ban-regex ${LOGPATHARRAY[n]} /etc/fail2ban/filter.d/${FILTERARRAY[n]}.conf"
ps -ef | grep ${FILTERARRAY[n]} | egrep -v grep
/usr/bin/fail2ban-regex ${LOGPATHARRAY[n]} /etc/fail2ban/filter.d/${FILTERARRAY[n]}.conf | egrep 'Use|Success'
AREWEOKSTRING=`/usr/bin/fail2ban-regex ${LOGPATHARRAY[n]} /etc/fail2ban/filter.d/${FILTERARRAY[n]}.conf | grep 'Success'`
AREWEOK=`echo $AREWEOKSTRING | awk {'print $1'} | sed 's/,//'`
     # check previous logs against the regex as a test...
     while [ "$AREWEOK" != "Success" ]; do
       if [ -f ${LOGPATHARRAY[n]}.$m ]; then
           AREWEOKSTRING=`/usr/bin/fail2ban-regex ${LOGPATHARRAY[n]}.$m /etc/fail2ban/filter.d/${FILTERARRAY[n]}.conf | grep 'Success'`
           AREWEOK=`echo $AREWEOKSTRING | awk {'print $1'} | sed 's/,//'`
           LOGTHATHADREGEX="${LOGPATHARRAY[n]}.$m"
           m=`expr $m + 1`
       else 
           break
       fi
     done
     echo "$LOGTHATHADREGEX   $AREWEOKSTRING"
     echo "Test result: $AREWEOK"
     echo ""

     # Reinit for next round
     AREWEOKSTRING="___"
     AREWEOK="FAIL"
     LOGTHATHADREGEX="___"
     m=1

     n=`expr $n + 1`
done

# housecleaning
rm $TESTFILE
rm $LOGFILE

# End of script