Building a Web-Based Fail2Ban Monitoring Dashboard with Traceroute Functionality

By Jeff Butler | January 24, 2025

Image for Building a Web-Based Fail2Ban Monitoring Dashboard with Traceroute Functionality
Fail2Ban is a powerful tool for securing your server against unauthorized access by banning IP addresses with malicious activity. While its functionality is excellent, managing and monitoring it can be challenging without a user-friendly interface. In this article, we’ll walk through creating a lightweight web-based dashboard using PHP to monitor Fail2Ban activity and add a dynamic traceroute feature to investigate banned IP addresses.

What We'll Build

  • A PHP-based web dashboard to monitor Fail2Ban status.
  • Dynamic links for banned IPs to perform traceroute directly from the dashboard.
  • Secure scripting practices to ensure safe execution.

Prerequisites

Before we start, ensure the following:

Fail2Ban is Installed and Running: Install Fail2Ban on your server if it’s not already installed:

sudo apt-get install fail2ban
PHP and Apache Installed: You’ll need a web server like Apache and PHP (version 7.4 or higher) installed. You can set this up with:

sudo apt-get install apache2 php
Traceroute Installed: Ensure traceroute is installed to enable network diagnostics:

sudo apt-get install traceroute

Step 1: Setting Up the Dashboard

Set up Apache to serve your dashboard on a specific port, e.g., 8800. Edit the virtual host configuration:

sudo nano /etc/apache2/sites-available/fail2ban-dashboard.conf
Add the following configuration:

<VirtualHost *:8800>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/fail2ban-dashboard
    <Directory /var/www/fail2ban-dashboard>
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable the site and restart Apache:

sudo a2ensite fail2ban-dashboard.conf
sudo systemctl restart apache2

Create the Dashboard Directory

Create the directory for the dashboard:

sudo mkdir /var/www/fail2ban-dashboard
sudo chown -R www-data:www-data /var/www/fail2ban-dashboard
sudo chmod -R 755 /var/www/fail2ban-dashboard

Step 2: Building the PHP Script

Create the main index.php file in /var/www/fail2ban-dashboard: 
<?php
function getFail2BanDetails($jail) {
    $output = shell_exec('sudo fail2ban-client status ' . escapeshellarg($jail));
    $details = [];

    if (preg_match('/Currently banned:\\s*(\\d+)/', $output, $matches)) {
        $details['currently_banned'] = $matches[1];
    }

    if (preg_match('/Total banned:\\s*(\\d+)/', $output, $matches)) {
        $details['total_banned'] = $matches[1];
    }

    if (preg_match('/Banned IP list:\\s*(.*)/', $output, $matches)) {
        $ipList = explode(' ', $matches[1]);
        $details['banned_ips'] = array_map(function ($ip) {
            return "<a href='traceroute.php?ip=" . htmlspecialchars($ip) . "' target='_blank'>" . htmlspecialchars($ip) . "</a>";
        }, $ipList);
    }

    return $details;
}

$jailDetails = getFail2BanDetails('sshd');
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Fail2Ban Dashboard</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
</head>
<body>
    <div class="container mt-5">
        <h1>Fail2Ban Status</h1>
        <div class="mb-4">
            <h2>sshd</h2>
            <p>Currently Banned: <?php echo htmlspecialchars($jailDetails['currently_banned']); ?></p>
            <p>Total Banned: <?php echo htmlspecialchars($jailDetails['total_banned']); ?></p>
            <p>Banned IPs: <?php echo implode(', ', $jailDetails['banned_ips']); ?></p>
        </div>
    </div>
</body>
</html>

Traceroute Feature

Add a traceroute.php file for traceroute functionality:
<?php
$ip = $_GET['ip'] ?? '';

if (filter_var($ip, FILTER_VALIDATE_IP)) {
    echo "<h1>Traceroute Results for " . htmlspecialchars($ip) . ":</h1>";
    echo "<pre>";
    $output = shell_exec("traceroute " . escapeshellarg($ip) . " 2>&1");
    echo htmlspecialchars($output);
    echo "</pre>";
} else {
    echo "Invalid IP address.";
}
?>

Step 3: Configure Sudo Permissions

Allow the web server user (www-data) to run fail2ban-client and traceroute without a password. Edit the sudoers file:

sudo visudo

Add the following line: 
www-data ALL=(ALL) NOPASSWD: /usr/bin/fail2ban-client, /usr/bin/traceroute

Step 4: Test Your Dashboard

  1. Visit your dashboard: http://your-server-ip:8800
  2. Click on an IP to see the traceroute results.
  3. Confirm that Fail2Ban statuses and traceroute results are displayed correctly.

Security Considerations

  • Sanitize Inputs: Validate all user inputs to prevent injection attacks.
  • Access Control: Restrict access to the dashboard using basic HTTP authentication or IP whitelisting.
  • Rate Limiting: Implement rate limits for traceroute to avoid misuse.

Conclusion

With this setup, you now have a lightweight, user-friendly web dashboard to monitor Fail2Ban and perform network diagnostics for banned IPs. This tool provides better visibility into your server’s security and allows you to act on malicious traffic quickly.
« Previous Next » All Articles