fail2ban


fail2ban seems to accumulate records in sqlite database forever.

https://github.com/ffzg/fail2ban-helpers

check bans in database

dpavlin@mjesec:/var/lib/fail2ban$ ls -alh
total 165M
drwxr-xr-x  2 root root 4.0K May 12  2020 .
drwxr-xr-x 82 root root 4.0K May 12  2020 ..
-rw-------  1 root root 165M Nov 30 09:30 fail2ban.sqlite3
dpavlin@mjesec:/var/lib/fail2ban$ sqlite3 fail2ban.sqlite3
Error: unable to open database "fail2ban.sqlite3": unable to open database file
dpavlin@mjesec:/var/lib/fail2ban$ sudo sqlite3 fail2ban.sqlite3

sqlite> select datetime(min(timeofban),'unixepoch'),datetime(max(timeofban),'unixepoch') from bans ;
2020-05-12 18:25:57|2020-11-30 08:34:41


cleanup old entries

dpavlin@syslog:~$ cat /etc/cron.daily/fail2ban-sqlite
#!/bin/sh

sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "delete from bans where timeofban <= strftime('%s', date('now', '-30 days'));"
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "vacuum;"