docs: update changelog for release

Exit exporter when fail2ban is restarted

Closes #21

See merge request hectorjsmith/fail2ban-prometheus-exporter!69

.gitlab-ci.yml

@@ -1,23 +1,41 @@
-image: golang:latest
-
-before_script:
-  - make install-deps
-
 stages:
   - test
   - build
 
-format:
+.go_template:
+  image: golang:latest
+  before_script:
+    - make go/dependencies
+
+.docker_template:
+  image: docker:stable
+  services:
+    - docker:dind
+  before_script:
+    - apk add git
+    - apk add make
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+
+dependencies:
+  extends: .go_template
   stage: test
   script:
-    - make format
+    - make go/checkDependencies
+
+format:
+  extends: .go_template
+  stage: test
+  script:
+    - make go/checkFmt
 
 test:
+  extends: .go_template
   stage: test
   script:
-    - make test
+    - make go/test
 
 build:
+  extends: .go_template
   stage: build
   only:
     - main
@@ -31,19 +49,21 @@ build:
       - dist/checksums.txt
     expire_in: 1 day
 
-docker-gitlab:
+docker/gitlab:
+  extends: .docker_template
+  stage: build
+  only:
+    - tags
+  script:
+    - make docker/build/latest
+    - make docker/build/tag
+    - docker push registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter
+
+docker/gitlab/nightly:
+  extends: .docker_template
   stage: build
   only:
     - main
-    - tags
-  image: docker:stable
-  services:
-    - docker:dind
-  before_script:
-    - apk add git
-    - apk add make
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
   script:
-    - make docker/build-latest
-    - make docker/build-tag
+    - make docker/build/nightly
     - docker push registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter

.goreleaser.yml

@@ -1,14 +1,15 @@
 # This is an example goreleaser.yaml file with some sane defaults.
 # Make sure to check the documentation at http://goreleaser.com
+project_name: fail2ban_exporter
 before:
   hooks:
-    - make install-deps
+    - make go/dependencies
 builds:
   -
+    binary: fail2ban_exporter
     dir: src
     goos:
       - linux
-      - windows
       - darwin
     goarch:
       - amd64
@@ -21,6 +22,7 @@ builds:
 
 archives:
   -
+    wrap_in_directory: true
     files:
     - LICENSE
     - README.md

CHANGELOG.md

@@ -4,7 +4,92 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog], and this project adheres to [Semantic Versioning].
 
-## [Unreleased]## [0.1.0] - 2021-03-28
+## [Unreleased]
+*Nothing yet*
+
+## [0.7.0] - 2022-06-19
+
+### Added
+- (fd58b20) feat: option to exit on socket conn error ([#21](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/21))
+
+## [0.6.0] - 2022-02-20
+*Rewrite CLI flags and environment variables*
+
+### Added
+- (23e073f) feat: add example systemd service file
+- (3911eca) feat: rename output binary and archives
+- (f6e328a) feat: correctly handle shutdown signals
+- (6e575aa) feat: rewrite cli flags and environment variables
+- (0f0efe5) feat: remove startup script from docker image
+- (e2902b8) feat: improve logging on startup
+- (1f27dac) feat: add default value for fail2ban socket path
+- (b7e317e) feat: configure tool using environment variables ([#17](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/17))
+- (6f76a03) feat: add support for basic auth ([#16](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/16))
+
+### Fixed
+- (93da909) fix: use correct flag in dockerfile ([#18](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/18))
+
+### BREAKING CHANGE
+- Release binary name has been changed to `fail2ban_exporter`.
+- Replace `--socket` flag with `--collector.f2b.socket`.
+- Merge `--port` flag and `--web.listen-address` into a single flag.
+- Remove `--collector.textfile` flag, its value is now derived from `--collector.textfile.directory`.
+- Remove `F2B_COLLECTOR_TEXT` and `F2B_WEB_PORT` environment variables.
+- Using the textfile collector in docker now requires setting environment variables.
+- CLI params now require two dashes instead of one (e.g. `--socket`).
+
+## [0.5.0] - 2021-12-21
+*Remove deprecated code & support python2*
+
+### Added
+- (b397a51) feat: sample grafana dashboard ([#15](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/15))
+- (c208c8e) feat: add listen address parameter - thanks [@private-creator](https://gitlab.com/private-creator)!
+
+### Fixed
+- (7932ccb) fix: support python2 fail2ban ([#14](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/14)) - thanks [@private-creator](https://gitlab.com/private-creator)!
+
+### BREAKING CHANGE
+- Remove `-db` CLI flag
+- Remove `f2b_errors{type="db"}` metric
+
+## [0.4.0] - 2021-10-18
+*Add new fail2ban config metrics*
+
+### Added
+- (56730c8) feat: add new jail config metrics
+- (5a107cc) feat: support for textfile metrics ([#13](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/13))
+
+### Removed
+- (b268f86) remove: database-based metrics
+- (0b6a941) remove: windows builds
+
+## [0.3.0] - 2021-09-27
+*Export new version metrics ([#12](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/12))*
+
+### Added
+- (3c9a005) feat: render basic html page at root url
+- (22a165d) feat: improve startup logging
+- (fba9ee2) feat: export new version metric ([#12](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/12))
+
+## [0.2.0] - 2021-08-31
+*Collect metrics through fail2ban socket - based on [#11](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/11)*
+
+### Added
+- (39133d0) feat: collect new up metric from fail2ban socket
+- (4da46f3) feat: export metrics with socket errors
+- (bd841c3) feat: set up metric to 0 if errors found
+- (1964dde) feat: export metrics for failed/banned counts
+- (2ab1f7d) feat: support reading fail2ban socket in docker
+- (1282d63) feat: new metric for enabled jails ([#1](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/1))
+
+### Fixed
+- (526b1c7) fix: update banned metrics to exclude expired bans ([#11](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/11))
+
+### Deprecated
+- Use of the fail2ban database has been deprecated. The exporter now collects metrics through the fail2ban socket file. See [#11](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11) for more details.
+
+## [0.1.0] - 2021-03-28
+*Initial release*
 
 ### Added
 - (6355c9e) feat: fail on startup if database file does not exist ([#8](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/8))
@@ -18,13 +103,18 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic
 ### Fixed
 - (0842419) fix: compile tool without cgo_enabled flag
 
+## 0.0.0 - 2021-02-05
+*Repository creation*
 
 ---
 
-*This changelog is automatically generated by [git-chglog]*
-
 [Keep a Changelog]: https://keepachangelog.com/en/1.0.0/
 [Semantic Versioning]: https://semver.org/spec/v2.0.0.html
-[git-chglog]: https://github.com/git-chglog/git-chglog
-[Unreleased]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.1.0...main
+[Unreleased]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.7.0...main
 [0.1.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.0.0...0.1.0
+[0.2.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.1.0...0.2.0
+[0.3.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.2.0...0.3.0
+[0.4.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.3.0...0.4.0
+[0.5.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.4.0...0.5.0
+[0.6.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.5.0...0.6.0
+[0.7.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.6.0...0.7.0

Dockerfile

@@ -18,9 +18,6 @@ FROM debian:buster-slim
 WORKDIR /app
 
 # Copy compiled binary to release image
-COPY --from=build /build/src/exporter /app/fail2ban-prometheus-exporter
+COPY --from=build /build/src/fail2ban_exporter /app/fail2ban_exporter
 
-# Copy init script into main app folder and set as entry point
-COPY docker/run.sh /app/
-RUN chmod +x /app/*
-ENTRYPOINT /app/run.sh
+ENTRYPOINT ["/app/fail2ban_exporter"]

Makefile

@@ -1,21 +1,23 @@
-install-deps:
+go/dependencies:
 	cd src/ && go mod download
 
-# Standard go test
-test:
-	cd src/ && go test ./... -v -race
-
 # Make sure no unnecessary dependencies are present
-go-mod-tidy:
+go/checkDependencies:
 	cd src/ && go mod tidy -v
 	git diff-index --quiet HEAD
 
-format:
-	cd src/ && go fmt $(go list ./... | grep -v /vendor/)
-	cd src/ && go vet $(go list ./... | grep -v /vendor/)
+# Standard go test
+go/test:
+	cd src/ && go test ./... -v -race
 
-generateChangelog:
-	./tools/git-chglog_linux_amd64 --config tools/chglog/config.yml 0.0.0.. > CHANGELOG.md
+go/fmt:
+	cd src/ && go fmt ./...
+
+go/checkFmt:
+	test -z $(shell gofmt -l .)
+
+docs/genChangelog:
+	./tools/git-chglog_linux_amd64 --config tools/chglog/config.yml 0.0.0.. > CHANGELOG_gen.md
 
 build/snapshot:
 	./tools/goreleaser_linux_amd64 --snapshot --rm-dist --skip-publish
@@ -24,11 +26,14 @@ build/release:
 	./tools/goreleaser_linux_amd64 --rm-dist --skip-publish
 
 build/docker:
-	cd src/ && go build -o exporter \
+	cd src/ && go build -o fail2ban_exporter \
      -ldflags '-X main.version=$(shell git describe --tags) -X main.commit=${shell git rev-parse HEAD} -X "main.date=${shell date --rfc-3339=seconds}" -X main.builtBy=docker' exporter.go
 
-docker/build-latest:
+docker/build/latest:
 	docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest .
 
-docker/build-tag:
+docker/build/nightly:
+	docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:nightly .
+
+docker/build/tag:
 	docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:$(shell git describe --tags) .

README.md

@@ -1,71 +1,48 @@
 # Fail2Ban Prometheus Exporter
 
-Go tool to collect and export metrics on Fail2Ban
+[![Pipeline](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/badges/main/pipeline.svg)](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter)
+
+Collect metrics from a running fail2ban instance.
 
 ## Table of Contents
-1. How to use
-2. Docker
-    1. Volumes
-    2. Docker run
-    3. Docker compose
-3. CLI usage
-4. Metrics
+1. Quick Start
+2. Metrics
+3. Configuration
+4. Building from source
+5. Textfile metrics
 
-## 1. How to use
+## 1. Quick Start
 
-Run the exporter by providing it with a fail2ban database to read data from.
-Read access to the database is required.
-Once the exporter is running, metrics are available at `localhost:9191/metrics`.
+The exporter can be run as a standalone binary or a docker container.
 
-The default port is `9191`, but this can be modified with the `-port` flag.
+### 1.1. Standalone
 
-**Note:** By default fail2ban stores the database file at: `/var/lib/fail2ban/fail2ban.sqlite3`
-
-**Fail2Ban Jails**
-
-fail2ban can be configured to process different log files and use different rules for each one.
-These separate configurations are referred to as *jails*.
-
-For example, fail2ban can be configured to watch the system logs for failed SSH connections and Nextcloud logs for failed logins.
-In this configuration, there will be two jails - one for IPs banned from the SSH logs, and one for IPs banned from the Nextcloud logs.
-
-This tool exports several metrics *per jail*, meaning that it is possible to track how many IPs are being banned in each jail as well as the overall total.
-This can be useful to track what services are seeing more failed logins.
-
-## 2. Docker
-
-An official docker image is available on the Gitlab container registry.
-Use it by pulling the following image:
+The following command will start collecting metrics from the `/var/run/fail2ban/fail2ban.sock` file and expose them on port `9191`.
 
 ```
-registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
+$ fail2ban_exporter --collector.f2b.socket=/var/run/fail2ban/fail2ban.sock --web.listen-address=":9191"
+
+2022/02/20 09:54:06 fail2ban exporter version 0.5.0
+2022/02/20 09:54:06 starting server at :9191
+2022/02/20 09:54:06 reading metrics from fail2ban socket: /var/run/fail2ban/fail2ban.sock
+2022/02/20 09:54:06 metrics available at '/metrics'
+2022/02/20 09:54:06 ready
 ```
 
-Use the `:latest` tag to get the most up to date code (less stable) or use one of the version tagged images to use a specific release.
-See the [registry page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags.
+Binary files for each release can be found on the [releases](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases) page.
 
-### 2.1. Volumes
-
-The docker image is designed to run by mounting the fail2ban sqlite3 database.
-The database should be mounted at: `/app/fail2ban.sqlite3`
-
-The database can be mounted with read-only permissions.
-
-### 2.2. Docker run
-
-Use the following command to run the forwarder as a docker container.
+### 1.2. Docker
 
+**Docker run**
 ```
 docker run -d \
     --name "fail2ban-exporter" \
-    -v /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro \
-    -p "9191:9191"
+    -v /var/run/fail2ban:/var/run/fail2ban:ro \
+    -p "9191:9191" \
     registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
 ```
 
-### 2.3. Docker compose
-
-The following is a simple docker-compose file to run the exporter.
+**Docker compose**
 
 ```
 version: "2"
@@ -73,51 +50,142 @@ services:
   exporter:
     image: registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
     volumes:
-    - /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro
+    - /var/run/fail2ban/:/var/run/fail2ban:ro
     ports:
     - "9191:9191"
 ```
 
-## 3. CLI usage
+Use the `:latest` tag to get the latest stable release. Or use the `:nightly` tag for the latest (unstable) version.
+See the [registry page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags.
 
+**NOTE:** While it is possible to mount the `fail2ban.sock` file directly, it is recommended to mount the parent folder instead.
+The `.sock` file is deleted by fail2ban on shutdown and re-created on startup and this causes problems for the docker mount.
+See [this reply](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11#note_665003499) for more details.
+
+## 2. Metrics
+
+The exporter exposes the following metrics:
+
+*All metric names are prefixed with `f2b_`*
+
+| Metric                       | Description                                                                        | Example                                             |
+|------------------------------|------------------------------------------------------------------------------------|-----------------------------------------------------|
+| `up`                         | Returns 1 if the exporter is up and running                                        | `f2b_up 1`                                          |
+| `errors`                     | Count the number of errors since startup by type                                   |                                                     |
+| `errors{type="socket_conn"}` | Errors connecting to the fail2ban socket (e.g. connection refused)                 | `f2b_errors{type="socket_conn"} 0`                  |
+| `errors{type="socket_req"}`  | Errors sending requests to the fail2ban server (e.g. invalid responses)            | `f2b_errors{type="socket_req"} 0`                   |
+| `jail_count`                 | Number of jails configured in fail2ban                                             | `f2b_jail_count 2`                                  |
+| `jail_banned_current`        | Number of IPs currently banned per jail                                            | `f2b_jail_banned_current{jail="sshd"} 15`           |
+| `jail_banned_total`          | Total number of banned IPs since fail2ban startup per jail (includes expired bans) | `f2b_jail_banned_total{jail="sshd"} 31`             |
+| `jail_failed_current`        | Number of current failures per jail                                                | `f2b_jail_failed_current{jail="sshd"} 6`            |
+| `jail_failed_total`          | Total number of failures since fail2ban startup per jail                           | `f2b_jail_failed_total{jail="sshd"} 125`            |
+| `jail_config_ban_time`       | How long an IP is banned for in this jail (in seconds)                             | `f2b_config_jail_ban_time{jail="sshd"} 600`         |
+| `jail_config_find_time`      | How far back the filter will look for failures in this jail (in seconds)           | `f2b_config_jail_find_time{jail="sshd"} 600`        |
+| `jail_config_max_retry`      | The max number of failures allowed before banning an IP in this jail               | `f2b_config_jail_max_retries{jail="sshd"} 5`        |
+| `version`                    | Version string of the exporter and fail2ban                                        | `f2b_version{exporter="0.5.0",fail2ban="0.11.1"} 1` |
+
+The metrics above correspond to the matching fields in the `fail2ban-client status <jail>` command:
 ```
-$ fail2ban-prometheus-exporter -h
-
-  -db string
-        path to the fail2ban sqlite database
-  -port int
-        port to use for the metrics server (default 9191)
-  -version
-        show version info and exit
+Status for the jail: sshd
+|- Filter
+|  |- Currently failed: 6
+|  |- Total failed:     125
+|  `- File list:        /var/log/auth.log
+`- Actions
+   |- Currently banned: 15
+   |- Total banned:     31
+   `- Banned IP list:   ...
 ```
 
-## 4. Metrics
+### 2.1. Grafana
 
-Access exported metrics at `/metrics` (on the provided port).
+The metrics exported by this tool are compatible with Prometheus and Grafana.
+A sample grafana dashboard can be found in the [grafana.json](/examples/grafana/dashboard.json) file.
+Just import the contents of this file into a new Grafana dashboard to get started.
 
-**Note:** All metric names include the `fail2ban_` prefix to make sure they are unique and easier to find.
+*(Sample dashboard is compatible with Grafana `8.3.3` and above)*
 
-Exposed metrics:
-* `up` - Returns 1 if the service is up
-* `bad_ips` (per jail)
-    * A *bad IP* is defined as an IP that has been banned at least once in the past
-    * Bad IPs are counted per jail
-* `banned_ips` (per jail)
-    * A *banned IP* is defined as an IP that is currently banned on the firewall
-    * Banned IPs are counted per jail
+## 3. Configuration
 
-**Sample**
+The exporter is configured with CLI flags and environment variables.
+There are no configuration files.
+
+**CLI flags**
+```
+usage: exporter [<flags>]
+
+Flags:
+  -h, --help     Show context-sensitive help (also try --help-long and --help-man).
+  -v, --version  show version info and exit
+      --collector.f2b.socket="/var/run/fail2ban/fail2ban.sock"  
+                 path to the fail2ban server socket
+      --collector.textfile.directory=""  
+                 directory to read text files with metrics from
+      --web.listen-address=":9191"  
+                 address to use for the metrics server
+      --web.basic-auth.username=""  
+                 username to use to protect endpoints with basic auth
+      --web.basic-auth.password=""  
+                 password to use to protect endpoints with basic auth
+      --collector.f2b.exit-on-socket-connection-error  
+                 when set to true the exporter will immediately exit on a fail2ban socket connection error
+```
+
+**Environment variables**
+
+Each environment variable corresponds to a CLI flag.
+If both are specified, the CLI flag takes precedence.
+
+| Environment variable            | Corresponding CLI flag                            |
+|---------------------------------|---------------------------------------------------|
+| `F2B_COLLECTOR_SOCKET`          | `--collector.f2b.socket`                          |
+| `F2B_COLLECTOR_TEXT_PATH`       | `--collector.textfile.directory`                  |
+| `F2B_WEB_LISTEN_ADDRESS`        | `--web.listen-address`                            |
+| `F2B_WEB_BASICAUTH_USER`        | `--web.basic-auth.username`                       |
+| `F2B_WEB_BASICAUTH_PASS`        | `--web.basic-auth.password`                       |
+| `F2B_EXIT_ON_SOCKET_CONN_ERROR` | `--collector.f2b.exit-on-socket-connection-error` |
+
+## 4. Building from source
+
+The simplest way to build the project is to run the `build/snapshot` make command.
+This will use `goreleaser` to build out binaries and archives for the project.
+Binaries are stored in the `dist/` folder.
+
+Alternatively, `go mod download` and `go build` can be used from the `src/` folder to build out the project.
+This will download dependencies and build the project.
+
+## 5. Textfile metrics
+
+For more flexibility the exporter also allows exporting metrics collected from a text file.
+
+To enable textfile metrics provide the directory to read files from with the `--collector.textfile.directory` flag.
+
+Metrics collected from these files will be exposed directly alongside the other metrics without any additional processing.
+This means that it is the responsibility of the file creator to ensure the format is correct.
+
+By exporting textfile metrics an extra metric is also exported with an error count for each file:
 
 ```
-# HELP fail2ban_bad_ips Number of bad IPs stored in the database (per jail).
-# TYPE fail2ban_bad_ips gauge
-fail2ban_bad_ips{jail="jail1"} 6
-fail2ban_bad_ips{jail="jail2"} 8
-# HELP fail2ban_banned_ips Number of banned IPs stored in the database (per jail).
-# TYPE fail2ban_banned_ips gauge
-fail2ban_banned_ips{jail="jail1"} 3
-fail2ban_banned_ips{jail="jail2"} 2
-# HELP fail2ban_up Was the last fail2ban query successful.
-# TYPE fail2ban_up gauge
-fail2ban_up 1
+# HELP textfile_error Checks for errors while reading text files
+# TYPE textfile_error gauge
+textfile_error{path="file.prom"} 0
+```
+
+**NOTE:** Any file not ending with `.prom` will be ignored.
+
+**Running in Docker**
+
+To collect textfile metrics inside a docker container, a couple of things need to be done:
+1. Mount the folder with the metrics files
+2. Set the `F2B_COLLECTOR_TEXT_PATH` environment variable
+
+*For example:*
+```
+docker run -d \
+    --name "fail2ban-exporter" \
+    -v /var/run/fail2ban:/var/run/fail2ban:ro \
+    -v /path/to/metrics:/app/metrics/:ro \
+    -e F2B_COLLECTOR_TEXT_PATH=/app/metrics \
+    -p "9191:9191" \
+    registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
 ```

docker/run.sh

@@ -1,9 +0,0 @@
-#/bin/sh
-
-# Print version to logs for debugging purposes
-/app/fail2ban-prometheus-exporter -version
-
-# Start the exporter (use exec to support graceful shutdown)
-# Inspired by: https://akomljen.com/stopping-docker-containers-gracefully/
-exec /app/fail2ban-prometheus-exporter \
-    -db /app/fail2ban.sqlite3

examples/grafana/dashboard.json

@@ -0,0 +1,807 @@
+{
+  "__inputs": [
+    {
+      "name": "DS_PROMETHEUS",
+      "label": "Prometheus",
+      "description": "",
+      "type": "datasource",
+      "pluginId": "prometheus",
+      "pluginName": "Prometheus"
+    }
+  ],
+  "__elements": [],
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "8.3.3"
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    },
+    {
+      "type": "panel",
+      "id": "table",
+      "name": "Table",
+      "version": ""
+    },
+    {
+      "type": "panel",
+      "id": "timeseries",
+      "name": "Time series",
+      "version": ""
+    }
+  ],
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": "-- Grafana --",
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 2,
+  "id": null,
+  "iteration": 1640159475017,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "auto",
+            "displayMode": "auto"
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          }
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byRegexp",
+              "options": ".*Time"
+            },
+            "properties": [
+              {
+                "id": "unit",
+                "value": "s"
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 6,
+        "w": 24,
+        "x": 0,
+        "y": 0
+      },
+      "id": 206,
+      "options": {
+        "footer": {
+          "fields": "",
+          "reducer": [
+            "sum"
+          ],
+          "show": false
+        },
+        "showHeader": true
+      },
+      "pluginVersion": "8.3.3",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": false,
+          "expr": "f2b_config_jail_max_retries",
+          "format": "table",
+          "instant": true,
+          "interval": "",
+          "legendFormat": "{{jail}}",
+          "refId": "A"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": false,
+          "expr": "f2b_config_jail_ban_time",
+          "format": "table",
+          "hide": false,
+          "instant": true,
+          "interval": "",
+          "legendFormat": "{{jail}}",
+          "refId": "B"
+        },
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": false,
+          "expr": "f2b_config_jail_find_time",
+          "format": "table",
+          "hide": false,
+          "instant": true,
+          "interval": "",
+          "legendFormat": "{{jail}}",
+          "refId": "C"
+        }
+      ],
+      "title": "F2B Config",
+      "transformations": [
+        {
+          "id": "merge",
+          "options": {}
+        },
+        {
+          "id": "groupBy",
+          "options": {
+            "fields": {
+              "Value #A": {
+                "aggregations": [
+                  "lastNotNull"
+                ],
+                "operation": "aggregate"
+              },
+              "Value #B": {
+                "aggregations": [
+                  "lastNotNull"
+                ],
+                "operation": "aggregate"
+              },
+              "Value #C": {
+                "aggregations": [
+                  "lastNotNull"
+                ],
+                "operation": "aggregate"
+              },
+              "jail": {
+                "aggregations": [],
+                "operation": "groupby"
+              }
+            }
+          }
+        },
+        {
+          "id": "organize",
+          "options": {
+            "excludeByName": {},
+            "indexByName": {},
+            "renameByName": {
+              "Value #A (lastNotNull)": "Max Retries",
+              "Value #B (lastNotNull)": "Ban Time",
+              "Value #C (lastNotNull)": "Find Time",
+              "jail": "Jail"
+            }
+          }
+        }
+      ],
+      "transparent": true,
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 6
+      },
+      "id": 190,
+      "options": {
+        "legend": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right"
+        },
+        "tooltip": {
+          "mode": "single"
+        }
+      },
+      "pluginVersion": "8.2.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": true,
+          "expr": "f2b_jail_failed_total",
+          "hide": false,
+          "interval": "",
+          "legendFormat": "{{jail}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Fail2Ban Failures (Total)",
+      "transparent": true,
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 6
+      },
+      "id": 191,
+      "options": {
+        "legend": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right"
+        },
+        "tooltip": {
+          "mode": "single"
+        }
+      },
+      "pluginVersion": "8.2.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": true,
+          "expr": "f2b_jail_banned_total",
+          "interval": "",
+          "legendFormat": "{{jail}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Fail2Ban Bans (Total)",
+      "transparent": true,
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 14
+      },
+      "id": 208,
+      "options": {
+        "legend": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right"
+        },
+        "tooltip": {
+          "mode": "single"
+        }
+      },
+      "pluginVersion": "8.2.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": true,
+          "expr": "f2b_jail_failed_current",
+          "interval": "",
+          "legendFormat": "{{jail}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Fail2Ban Failures (Current)",
+      "transparent": true,
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 14
+      },
+      "id": 209,
+      "options": {
+        "legend": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right"
+        },
+        "tooltip": {
+          "mode": "single"
+        }
+      },
+      "pluginVersion": "8.2.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": true,
+          "expr": "f2b_jail_banned_current",
+          "interval": "",
+          "legendFormat": "{{jail}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Fail2Ban Bans (Current)",
+      "transparent": true,
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "max": 1,
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 5,
+        "w": 12,
+        "x": 0,
+        "y": 22
+      },
+      "id": 203,
+      "options": {
+        "legend": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right"
+        },
+        "tooltip": {
+          "mode": "single"
+        }
+      },
+      "pluginVersion": "8.2.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": true,
+          "expr": "f2b_up",
+          "interval": "",
+          "legendFormat": "Up",
+          "refId": "A"
+        }
+      ],
+      "title": "Fail2Ban Up",
+      "transparent": true,
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "prometheus",
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 10,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "never",
+            "spanNulls": true,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "max": 1,
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              }
+            ]
+          },
+          "unit": "short"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 5,
+        "w": 12,
+        "x": 12,
+        "y": 22
+      },
+      "id": 204,
+      "options": {
+        "legend": {
+          "calcs": [
+            "lastNotNull"
+          ],
+          "displayMode": "table",
+          "placement": "right"
+        },
+        "tooltip": {
+          "mode": "single"
+        }
+      },
+      "pluginVersion": "8.2.1",
+      "targets": [
+        {
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
+          "exemplar": true,
+          "expr": "f2b_errors",
+          "interval": "",
+          "legendFormat": "{{type}}",
+          "refId": "A"
+        }
+      ],
+      "title": "Fail2Ban Exporter Errors",
+      "transparent": true,
+      "type": "timeseries"
+    }
+  ],
+  "refresh": "30s",
+  "schemaVersion": 34,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "current": {
+          "selected": true,
+          "text": "Prometheus",
+          "value": "Prometheus"
+        },
+        "hide": 0,
+        "includeAll": false,
+        "label": "Data Source",
+        "multi": false,
+        "name": "DataSource",
+        "options": [],
+        "query": "prometheus",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-6h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "F2B",
+  "uid": "cTkH9AT7z",
+  "version": 17,
+  "weekStart": ""
+}

examples/systemd/README.md

@@ -0,0 +1,7 @@
+# Systemd
+
+The `.service` file in this directory should be copied to the `/etc/systemd/system/` folder.
+- It expects the binary file to be installed at `/usr/sbin/fail2ban_exporter`.
+- It expects a user named `fail2ban_exporter` to exist. This user should not have a shell or any special privileges aside from read-access to the fail2ban socket file.
+
+The `ExecStart` line can be modified to add any custom CLI flags.

examples/systemd/fail2ban_exporter.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Fail2Ban Exporter
+
+[Service]
+User=fail2ban_exporter
+ExecStart=/usr/sbin/fail2ban_exporter
+
+[Install]
+WantedBy=multi-user.target

src/auth/hash.go

@@ -0,0 +1,18 @@
+package auth
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+)
+
+func Hash(data []byte) []byte {
+	if len(data) == 0 {
+		return []byte{}
+	}
+	b := sha256.Sum256(data)
+	return b[:]
+}
+
+func HashString(data string) string {
+	return hex.EncodeToString(Hash([]byte(data)))
+}

src/auth/hash_test.go

@@ -0,0 +1,26 @@
+package auth
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestHashString(t *testing.T) {
+	tests := []struct {
+		name string
+		args string
+		want string
+	}{
+		{"Happy path #1", "123", "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3"},
+		{"Happy path #2", "hello world", "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9"},
+		{"Happy path #3", "H3Ll0_W0RLD", "d58a27fe9a6e73a1d8a67189fb8acace047e7a1a795276a0056d3717ad61bd0e"},
+		{"Blank string", "", ""},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := HashString(tt.args); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("HashString() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

src/auth/middleware.go

@@ -0,0 +1,31 @@
+package auth
+
+import (
+	"net/http"
+)
+
+type BasicAuthProvider interface {
+	Enabled() bool
+	DoesBasicAuthMatch(username, password string) bool
+}
+
+func BasicAuthMiddleware(handlerFunc http.HandlerFunc, basicAuthProvider BasicAuthProvider) http.HandlerFunc {
+	if basicAuthProvider.Enabled() {
+		return func(w http.ResponseWriter, r *http.Request) {
+			if doesBasicAuthMatch(r, basicAuthProvider) {
+				handlerFunc.ServeHTTP(w, r)
+			} else {
+				w.WriteHeader(http.StatusUnauthorized)
+			}
+		}
+	}
+	return handlerFunc
+}
+
+func doesBasicAuthMatch(r *http.Request, basicAuthProvider BasicAuthProvider) bool {
+	rawUsername, rawPassword, ok := r.BasicAuth()
+	if ok {
+		return basicAuthProvider.DoesBasicAuthMatch(rawUsername, rawPassword)
+	}
+	return false
+}

src/auth/middleware_test.go

@@ -0,0 +1,58 @@
+package auth
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+type testAuthProvider struct {
+	enabled bool
+	match   bool
+}
+
+func (p testAuthProvider) Enabled() bool {
+	return p.enabled
+}
+
+func (p testAuthProvider) DoesBasicAuthMatch(username, password string) bool {
+	return p.match
+}
+
+func newTestRequest() *http.Request {
+	return httptest.NewRequest(http.MethodGet, "http://example.com", nil)
+}
+
+func executeBasicAuthMiddlewareTest(t *testing.T, authEnabled bool, authMatches bool, expectedCode int, expectedCallCount int) {
+	callCount := 0
+	testHandler := func(w http.ResponseWriter, r *http.Request) {
+		callCount++
+	}
+
+	handler := BasicAuthMiddleware(testHandler, testAuthProvider{enabled: authEnabled, match: authMatches})
+	recorder := httptest.NewRecorder()
+	request := newTestRequest()
+	if authEnabled {
+		request.SetBasicAuth("test", "test")
+	}
+	handler.ServeHTTP(recorder, request)
+
+	if recorder.Code != expectedCode {
+		t.Errorf("statusCode = %v, want %v", recorder.Code, expectedCode)
+	}
+	if callCount != expectedCallCount {
+		t.Errorf("callCount = %v, want %v", callCount, expectedCallCount)
+	}
+}
+
+func Test_GIVEN_DisabledBasicAuth_WHEN_MethodCalled_THEN_RequestProcessed(t *testing.T) {
+	executeBasicAuthMiddlewareTest(t, false, false, http.StatusOK, 1)
+}
+
+func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithCorrectCredentials_THEN_RequestProcessed(t *testing.T) {
+	executeBasicAuthMiddlewareTest(t, true, true, http.StatusOK, 1)
+}
+
+func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithIncorrectCredentials_THEN_RequestRejected(t *testing.T) {
+	executeBasicAuthMiddlewareTest(t, true, false, http.StatusUnauthorized, 0)
+}

src/cfg/basicAuth.go

@@ -0,0 +1,25 @@
+package cfg
+
+import "gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/auth"
+
+type hashedBasicAuth struct {
+	username string
+	password string
+}
+
+func newHashedBasicAuth(rawUsername, rawPassword string) *hashedBasicAuth {
+	return &hashedBasicAuth{
+		username: auth.HashString(rawUsername),
+		password: auth.HashString(rawPassword),
+	}
+}
+
+func (p *hashedBasicAuth) Enabled() bool {
+	return len(p.username) > 0 && len(p.password) > 0
+}
+
+func (p *hashedBasicAuth) DoesBasicAuthMatch(rawUsername, rawPassword string) bool {
+	username := auth.HashString(rawUsername)
+	password := auth.HashString(rawPassword)
+	return username == p.username && password == p.password
+}

src/cfg/basicAuth_test.go

@@ -0,0 +1,60 @@
+package cfg
+
+import "testing"
+
+func Test_hashedBasicAuth_DoesBasicAuthMatch(t *testing.T) {
+	type args struct {
+		username string
+		password string
+	}
+	type fields struct {
+		username string
+		password string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		args   args
+		want   bool
+	}{
+		{"Happy test #1", fields{username: "1234", password: "1234"}, args{username: "1234", password: "1234"}, true},
+		{"Happy test #2", fields{username: "test", password: "1234"}, args{username: "test", password: "1234"}, true},
+		{"Happy test #3", fields{username: "TEST", password: "1234"}, args{username: "TEST", password: "1234"}, true},
+		{"Non match #1", fields{username: "test", password: "1234"}, args{username: "1234", password: "1234"}, false},
+		{"Non match #2", fields{username: "1234", password: "test"}, args{username: "1234", password: "1234"}, false},
+		{"Non match #3", fields{username: "1234", password: "test"}, args{username: "1234", password: "TEST"}, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
+			if got := basicAuth.DoesBasicAuthMatch(tt.args.username, tt.args.password); got != tt.want {
+				t.Errorf("DoesBasicAuthMatch() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_hashedBasicAuth_Enabled(t *testing.T) {
+	type fields struct {
+		username string
+		password string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   bool
+	}{
+		{"Both blank", fields{username: "", password: ""}, false},
+		{"Single blank #1", fields{username: "test", password: ""}, false},
+		{"Single blank #1", fields{username: "", password: "test"}, false},
+		{"Both populated", fields{username: "test", password: "test"}, true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
+			if got := basicAuth.Enabled(); got != tt.want {
+				t.Errorf("Enabled() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

src/cfg/cfg.go

@@ -1,48 +1,109 @@
 package cfg
 
 import (
-	"flag"
 	"fmt"
+	"gopkg.in/alecthomas/kingpin.v2"
 	"os"
 )
 
 const (
-	minServerPort = 1000
-	maxServerPort = 65535
+	socketEnvName                = "F2B_COLLECTOR_SOCKET"
+	fileCollectorPathEnvName     = "F2B_COLLECTOR_TEXT_PATH"
+	addressEnvName               = "F2B_WEB_LISTEN_ADDRESS"
+	basicAuthUserEnvName         = "F2B_WEB_BASICAUTH_USER"
+	basicAuthPassEnvName         = "F2B_WEB_BASICAUTH_PASS"
+	exitOnSocketConnErrorEnvName = "F2B_EXIT_ON_SOCKET_CONN_ERROR"
 )
 
 type AppSettings struct {
-	VersionMode    bool
-	MetricsPort    int
-	Fail2BanDbPath string
+	VersionMode           bool
+	MetricsAddress        string
+	Fail2BanSocketPath    string
+	FileCollectorPath     string
+	BasicAuthProvider     *hashedBasicAuth
+	ExitOnSocketConnError bool
+}
+
+func init() {
+	kingpin.HelpFlag.Short('h')
 }
 
 func Parse() *AppSettings {
-	appSettings := &AppSettings{}
-	flag.BoolVar(&appSettings.VersionMode, "version", false, "show version info and exit")
-	flag.IntVar(&appSettings.MetricsPort, "port", 9191, "port to use for the metrics server")
-	flag.StringVar(&appSettings.Fail2BanDbPath, "db", "", "path to the fail2ban sqlite database")
+	settings := &AppSettings{}
+	readParamsFromCli(settings)
+	settings.validateFlags()
+	return settings
+}
 
-	flag.Parse()
-	appSettings.validateFlags()
-	return appSettings
+func readParamsFromCli(settings *AppSettings) {
+	versionMode := kingpin.
+		Flag("version", "show version info and exit").
+		Short('v').
+		Default("false").
+		Bool()
+	socketPath := kingpin.
+		Flag("collector.f2b.socket", "path to the fail2ban server socket").
+		Default("/var/run/fail2ban/fail2ban.sock").
+		Envar(socketEnvName).
+		String()
+	fileCollectorPath := kingpin.
+		Flag("collector.textfile.directory", "directory to read text files with metrics from").
+		Default("").
+		Envar(fileCollectorPathEnvName).
+		String()
+	address := kingpin.
+		Flag("web.listen-address", "address to use for the metrics server").
+		Default(":9191").
+		Envar(addressEnvName).
+		String()
+	rawBasicAuthUsername := kingpin.
+		Flag("web.basic-auth.username", "username to use to protect endpoints with basic auth").
+		Default("").
+		Envar(basicAuthUserEnvName).
+		String()
+	rawBasicAuthPassword := kingpin.
+		Flag("web.basic-auth.password", "password to use to protect endpoints with basic auth").
+		Default("").
+		Envar(basicAuthPassEnvName).
+		String()
+	rawExitOnSocketConnError := kingpin.
+		Flag("collector.f2b.exit-on-socket-connection-error", "when set to true the exporter will immediately exit on a fail2ban socket connection error").
+		Default("false").
+		Envar(exitOnSocketConnErrorEnvName).
+		Bool()
+
+	kingpin.Parse()
+
+	settings.VersionMode = *versionMode
+	settings.MetricsAddress = *address
+	settings.Fail2BanSocketPath = *socketPath
+	settings.FileCollectorPath = *fileCollectorPath
+	settings.setBasicAuthValues(*rawBasicAuthUsername, *rawBasicAuthPassword)
+	settings.ExitOnSocketConnError = *rawExitOnSocketConnError
+}
+
+func (settings *AppSettings) setBasicAuthValues(rawUsername, rawPassword string) {
+	settings.BasicAuthProvider = newHashedBasicAuth(rawUsername, rawPassword)
 }
 
 func (settings *AppSettings) validateFlags() {
 	var flagsValid = true
 	if !settings.VersionMode {
-		if settings.Fail2BanDbPath == "" {
-			fmt.Println("missing flag 'db'")
+		if settings.Fail2BanSocketPath == "" {
+			fmt.Println("error: fail2ban socket path must not be blank")
 			flagsValid = false
 		}
-		if settings.MetricsPort < minServerPort || settings.MetricsPort > maxServerPort {
-			fmt.Printf("invalid server port, must be within %d and %d (found %d)\n",
-				minServerPort, maxServerPort, settings.MetricsPort)
+		if settings.MetricsAddress == "" {
+			fmt.Println("error: invalid server address, must not be blank")
+			flagsValid = false
+		}
+		if (len(settings.BasicAuthProvider.username) > 0) != (len(settings.BasicAuthProvider.password) > 0) {
+			fmt.Println("error: to enable basic auth both the username and the password must be provided")
 			flagsValid = false
 		}
 	}
 	if !flagsValid {
-		flag.Usage()
+		kingpin.Usage()
 		os.Exit(1)
 	}
 }

src/collector/f2b/collector.go

@@ -0,0 +1,60 @@
+package f2b
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/cfg"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/socket"
+	"log"
+	"os"
+)
+
+type Collector struct {
+	socketPath                 string
+	exporterVersion            string
+	lastError                  error
+	socketConnectionErrorCount int
+	socketRequestErrorCount    int
+	exitOnSocketConnError      bool
+}
+
+func NewExporter(appSettings *cfg.AppSettings, exporterVersion string) *Collector {
+	log.Printf("reading metrics from fail2ban socket: %s", appSettings.Fail2BanSocketPath)
+	return &Collector{
+		socketPath:                 appSettings.Fail2BanSocketPath,
+		exporterVersion:            exporterVersion,
+		lastError:                  nil,
+		socketConnectionErrorCount: 0,
+		socketRequestErrorCount:    0,
+		exitOnSocketConnError:      appSettings.ExitOnSocketConnError,
+	}
+}
+
+func (c *Collector) Describe(ch chan<- *prometheus.Desc) {
+	ch <- metricServerUp
+	ch <- metricJailCount
+	ch <- metricJailFailedCurrent
+	ch <- metricJailFailedTotal
+	ch <- metricJailBannedCurrent
+	ch <- metricJailBannedTotal
+	ch <- metricErrorCount
+}
+
+func (c *Collector) Collect(ch chan<- prometheus.Metric) {
+	s, err := socket.ConnectToSocket(c.socketPath)
+	if err != nil {
+		log.Printf("error opening socket: %v", err)
+		c.socketConnectionErrorCount++
+		if c.exitOnSocketConnError {
+			os.Exit(1)
+		}
+	} else {
+		defer s.Close()
+	}
+
+	c.collectServerUpMetric(ch, s)
+	if err == nil && s != nil {
+		c.collectJailMetrics(ch, s)
+		c.collectVersionMetric(ch, s)
+	}
+	c.collectErrorCountMetric(ch)
+}

src/collector/f2b/socket.go

@@ -0,0 +1,179 @@
+package f2b
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/socket"
+	"log"
+)
+
+const (
+	namespace = "f2b"
+)
+
+var (
+	metricErrorCount = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "errors"),
+		"Number of errors found since startup",
+		[]string{"type"}, nil,
+	)
+	metricServerUp = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "up"),
+		"Check if the fail2ban server is up",
+		nil, nil,
+	)
+	metricJailCount = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "jail_count"),
+		"Number of defined jails",
+		nil, nil,
+	)
+	metricJailFailedCurrent = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "jail_failed_current"),
+		"Number of current failures on this jail's filter",
+		[]string{"jail"}, nil,
+	)
+	metricJailFailedTotal = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "jail_failed_total"),
+		"Number of total failures on this jail's filter",
+		[]string{"jail"}, nil,
+	)
+	metricJailBannedCurrent = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "jail_banned_current"),
+		"Number of IPs currently banned in this jail",
+		[]string{"jail"}, nil,
+	)
+	metricJailBannedTotal = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "jail_banned_total"),
+		"Total number of IPs banned by this jail (includes expired bans)",
+		[]string{"jail"}, nil,
+	)
+	metricJailBanTime = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "config", "jail_ban_time"),
+		"How long an IP is banned for in this jail (in seconds)",
+		[]string{"jail"}, nil,
+	)
+	metricJailFindTime = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "config", "jail_find_time"),
+		"How far back will the filter look for failures in this jail (in seconds)",
+		[]string{"jail"}, nil,
+	)
+	metricJailMaxRetry = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "config", "jail_max_retries"),
+		"The number of failures allowed until the IP is banned by this jail",
+		[]string{"jail"}, nil,
+	)
+	metricVersionInfo = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "version"),
+		"Version of the exporter and fail2ban server",
+		[]string{"exporter", "fail2ban"}, nil,
+	)
+)
+
+func (c *Collector) collectErrorCountMetric(ch chan<- prometheus.Metric) {
+	ch <- prometheus.MustNewConstMetric(
+		metricErrorCount, prometheus.CounterValue, float64(c.socketConnectionErrorCount), "socket_conn",
+	)
+	ch <- prometheus.MustNewConstMetric(
+		metricErrorCount, prometheus.CounterValue, float64(c.socketRequestErrorCount), "socket_req",
+	)
+}
+
+func (c *Collector) collectServerUpMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
+	var serverUp float64 = 0
+	if s != nil {
+		pingSuccess, err := s.Ping()
+		if err != nil {
+			c.socketRequestErrorCount++
+			log.Print(err)
+		}
+		if err == nil && pingSuccess {
+			serverUp = 1
+		}
+	}
+	ch <- prometheus.MustNewConstMetric(
+		metricServerUp, prometheus.GaugeValue, serverUp,
+	)
+}
+
+func (c *Collector) collectJailMetrics(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
+	jails, err := s.GetJails()
+	var count float64 = 0
+	if err != nil {
+		c.socketRequestErrorCount++
+		log.Print(err)
+	}
+	if err == nil {
+		count = float64(len(jails))
+	}
+	ch <- prometheus.MustNewConstMetric(
+		metricJailCount, prometheus.GaugeValue, count,
+	)
+
+	for i := range jails {
+		c.collectJailStatsMetric(ch, s, jails[i])
+		c.collectJailConfigMetrics(ch, s, jails[i])
+	}
+}
+
+func (c *Collector) collectJailStatsMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket, jail string) {
+	stats, err := s.GetJailStats(jail)
+	if err != nil {
+		c.socketRequestErrorCount++
+		log.Printf("failed to get stats for jail %s: %v", jail, err)
+		return
+	}
+
+	ch <- prometheus.MustNewConstMetric(
+		metricJailFailedCurrent, prometheus.GaugeValue, float64(stats.FailedCurrent), jail,
+	)
+	ch <- prometheus.MustNewConstMetric(
+		metricJailFailedTotal, prometheus.GaugeValue, float64(stats.FailedTotal), jail,
+	)
+	ch <- prometheus.MustNewConstMetric(
+		metricJailBannedCurrent, prometheus.GaugeValue, float64(stats.BannedCurrent), jail,
+	)
+	ch <- prometheus.MustNewConstMetric(
+		metricJailBannedTotal, prometheus.GaugeValue, float64(stats.BannedTotal), jail,
+	)
+}
+
+func (c *Collector) collectJailConfigMetrics(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket, jail string) {
+	banTime, err := s.GetJailBanTime(jail)
+	if err != nil {
+		c.socketRequestErrorCount++
+		log.Printf("failed to get ban time for jail %s: %v", jail, err)
+	} else {
+		ch <- prometheus.MustNewConstMetric(
+			metricJailBanTime, prometheus.GaugeValue, float64(banTime), jail,
+		)
+	}
+	findTime, err := s.GetJailFindTime(jail)
+	if err != nil {
+		c.socketRequestErrorCount++
+		log.Printf("failed to get find time for jail %s: %v", jail, err)
+	} else {
+		ch <- prometheus.MustNewConstMetric(
+			metricJailFindTime, prometheus.GaugeValue, float64(findTime), jail,
+		)
+	}
+	maxRetry, err := s.GetJailMaxRetries(jail)
+	if err != nil {
+		c.socketRequestErrorCount++
+		log.Printf("failed to get max retries for jail %s: %v", jail, err)
+	} else {
+		ch <- prometheus.MustNewConstMetric(
+			metricJailMaxRetry, prometheus.GaugeValue, float64(maxRetry), jail,
+		)
+	}
+}
+
+func (c *Collector) collectVersionMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
+	fail2banVersion, err := s.GetServerVersion()
+	if err != nil {
+		c.socketRequestErrorCount++
+		log.Printf("failed to get fail2ban server version: %v", err)
+	}
+
+	ch <- prometheus.MustNewConstMetric(
+		metricVersionInfo, prometheus.GaugeValue, float64(1), c.exporterVersion, fail2banVersion,
+	)
+}

src/collector/textfile/collector.go

@@ -0,0 +1,48 @@
+package textfile
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/cfg"
+	"log"
+)
+
+type Collector struct {
+	enabled    bool
+	folderPath string
+	fileMap    map[string]*fileData
+}
+
+type fileData struct {
+	readErrors   int
+	fileName     string
+	fileContents []byte
+}
+
+func NewCollector(appSettings *cfg.AppSettings) *Collector {
+	collector := &Collector{
+		enabled:    appSettings.FileCollectorPath != "",
+		folderPath: appSettings.FileCollectorPath,
+		fileMap:    make(map[string]*fileData),
+	}
+	if collector.enabled {
+		log.Printf("reading textfile metrics from: %s", collector.folderPath)
+	}
+	return collector
+}
+
+func (c *Collector) Describe(ch chan<- *prometheus.Desc) {
+	if c.enabled {
+		ch <- metricReadError
+	}
+}
+
+func (c *Collector) Collect(ch chan<- prometheus.Metric) {
+	if c.enabled {
+		c.collectFileContents()
+		c.collectFileErrors(ch)
+	}
+}
+
+func (c *Collector) appendErrorForPath(path string) {
+	c.fileMap[path].readErrors++
+}

src/collector/textfile/file.go

@@ -0,0 +1,55 @@
+package textfile
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+	"io/ioutil"
+	"log"
+	"path/filepath"
+	"strings"
+)
+
+const namespace = "textfile"
+
+var (
+	metricReadError = prometheus.NewDesc(
+		prometheus.BuildFQName(namespace, "", "error"),
+		"Checks for errors while reading text files",
+		[]string{"path"}, nil,
+	)
+)
+
+func (c *Collector) collectFileContents() {
+	files, err := ioutil.ReadDir(c.folderPath)
+	if err != nil {
+		log.Printf("error reading directory '%s': %v", c.folderPath, err)
+		return
+	}
+
+	for _, file := range files {
+		fileName := file.Name()
+		if !strings.HasSuffix(strings.ToLower(fileName), ".prom") {
+			continue
+		}
+		c.fileMap[fileName] = &fileData{
+			readErrors: 0,
+			fileName:   fileName,
+		}
+
+		fullPath := filepath.Join(c.folderPath, fileName)
+		content, err := ioutil.ReadFile(fullPath)
+		if err != nil {
+			c.appendErrorForPath(fileName)
+			log.Printf("error reading contents of file '%s': %v", fileName, err)
+		}
+
+		c.fileMap[fileName].fileContents = content
+	}
+}
+
+func (c *Collector) collectFileErrors(ch chan<- prometheus.Metric) {
+	for _, f := range c.fileMap {
+		ch <- prometheus.MustNewConstMetric(
+			metricReadError, prometheus.GaugeValue, float64(f.readErrors), f.fileName,
+		)
+	}
+}

src/collector/textfile/writer.go

@@ -0,0 +1,20 @@
+package textfile
+
+import (
+	"log"
+	"net/http"
+)
+
+func (c *Collector) WriteTextFileMetrics(w http.ResponseWriter, r *http.Request) {
+	if !c.enabled {
+		return
+	}
+
+	for _, f := range c.fileMap {
+		_, err := w.Write(f.fileContents)
+		if err != nil {
+			c.appendErrorForPath(f.fileName)
+			log.Printf("error writing file contents to response writer '%s': %v", f.fileName, err)
+		}
+	}
+}

src/db/db.go

@@ -1,79 +0,0 @@
-package db
-
-import (
-	"database/sql"
-	"log"
-	"os"
-)
-
-const queryBadIpsPerJail = "SELECT j.name, (SELECT COUNT(1) FROM bips b WHERE j.name = b.jail) FROM jails j"
-const queryBannedIpsPerJail = "SELECT j.name, (SELECT COUNT(1) FROM bans b WHERE j.name = b.jail) FROM jails j"
-
-type Fail2BanDB struct {
-	DatabasePath string
-	sqliteDB     *sql.DB
-}
-
-func MustConnectToDb(databasePath string) *Fail2BanDB {
-	if _, err := os.Stat(databasePath); os.IsNotExist(err) {
-		log.Fatalf("database path does not exist: %v", err)
-	}
-	db, err := sql.Open("sqlite3", databasePath)
-	if err != nil {
-		log.Fatal(err)
-	}
-	return &Fail2BanDB{
-		DatabasePath: databasePath,
-		sqliteDB:     db,
-	}
-}
-
-func (db *Fail2BanDB) CountBannedIpsPerJail() (map[string]int, error) {
-	return db.RunJailNameToCountQuery(queryBannedIpsPerJail)
-}
-
-func (db *Fail2BanDB) CountBadIpsPerJail() (map[string]int, error) {
-	return db.RunJailNameToCountQuery(queryBadIpsPerJail)
-}
-
-func (db *Fail2BanDB) RunJailNameToCountQuery(query string) (map[string]int, error) {
-	stmt, err := db.sqliteDB.Prepare(query)
-	defer db.mustCloseStatement(stmt)
-
-	if err != nil {
-		return nil, err
-	}
-
-	jailNameToCountMap := map[string]int{}
-	rows, err := stmt.Query()
-	if err != nil {
-		return nil, err
-	}
-	if rows == nil {
-		return jailNameToCountMap, nil
-	}
-
-	for rows.Next() {
-		if rows.Err() != nil {
-			return nil, err
-		}
-		jailName := ""
-		count := 0
-		err = rows.Scan(&jailName, &count)
-		if err != nil {
-			return nil, err
-		}
-
-		jailNameToCountMap[jailName] = count
-	}
-	return jailNameToCountMap, nil
-}
-
-func (db *Fail2BanDB) mustCloseStatement(stmt *sql.Stmt) {
-	if stmt != nil {
-		err := stmt.Close()
-		if err != nil {
-			log.Fatal(err)
-		}
-	}
-}

src/exporter.go

@@ -1,103 +1,103 @@
 package main
 
 import (
-	"fail2ban-prometheus-exporter/cfg"
-	fail2banDb "fail2ban-prometheus-exporter/db"
 	"fmt"
-	_ "github.com/mattn/go-sqlite3"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/auth"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/cfg"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/collector/f2b"
+	"gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/collector/textfile"
 	"log"
 	"net/http"
+	"os"
+	"os/signal"
+	"syscall"
 )
 
-const namespace = "fail2ban"
+const (
+	metricsPath = "/metrics"
+)
 
 var (
 	version = "dev"
 	commit  = "none"
 	date    = "unknown"
 	builtBy = "unknown"
-
-	metricUp = prometheus.NewDesc(
-		prometheus.BuildFQName(namespace, "", "up"),
-		"Was the last fail2ban query successful.",
-		nil, nil,
-	)
-	metricBannedIpsPerJail = prometheus.NewDesc(
-		prometheus.BuildFQName(namespace, "", "banned_ips"),
-		"Number of banned IPs stored in the database (per jail).",
-		[]string{"jail"}, nil,
-	)
-	metricBadIpsPerJail = prometheus.NewDesc(
-		prometheus.BuildFQName(namespace, "", "bad_ips"),
-		"Number of bad IPs stored in the database (per jail).",
-		[]string{"jail"}, nil,
-	)
 )
 
-type Exporter struct {
-	db *fail2banDb.Fail2BanDB
-}
-
-func (e *Exporter) Describe(ch chan<- *prometheus.Desc) {
-	ch <- metricUp
-	ch <- metricBadIpsPerJail
-	ch <- metricBannedIpsPerJail
-}
-
-func (e *Exporter) Collect(ch chan<- prometheus.Metric) {
-	ch <- prometheus.MustNewConstMetric(
-		metricUp, prometheus.GaugeValue, 1,
-	)
-	e.collectBadIpsPerJailMetrics(ch)
-	e.collectBannedIpsPerJailMetrics(ch)
-}
-
-func (e *Exporter) collectBadIpsPerJailMetrics(ch chan<- prometheus.Metric) {
-	jailNameToCountMap, err := e.db.CountBadIpsPerJail()
-	if err != nil {
-		log.Print(err)
-	}
-
-	for jailName, count := range jailNameToCountMap {
-		ch <- prometheus.MustNewConstMetric(
-			metricBadIpsPerJail, prometheus.GaugeValue, float64(count), jailName,
-		)
-	}
-}
-
-func (e *Exporter) collectBannedIpsPerJailMetrics(ch chan<- prometheus.Metric) {
-	jailNameToCountMap, err := e.db.CountBannedIpsPerJail()
-	if err != nil {
-		log.Print(err)
-	}
-
-	for jailName, count := range jailNameToCountMap {
-		ch <- prometheus.MustNewConstMetric(
-			metricBannedIpsPerJail, prometheus.GaugeValue, float64(count), jailName,
-		)
-	}
-}
-
 func printAppVersion() {
 	fmt.Println(version)
 	fmt.Printf("    build date:  %s\r\n    commit hash: %s\r\n    built by:    %s\r\n", date, commit, builtBy)
 }
 
+func rootHtmlHandler(w http.ResponseWriter, r *http.Request) {
+	_, err := w.Write([]byte(
+		`<html>
+			<head><title>Fail2Ban Exporter</title></head>
+			<body>
+			<h1>Fail2Ban Exporter</h1>
+			<p><a href="` + metricsPath + `">Metrics</a></p>
+			</body>
+		</html>`))
+	if err != nil {
+		log.Printf("error handling root url: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+}
+
+func metricHandler(w http.ResponseWriter, r *http.Request, collector *textfile.Collector) {
+	promhttp.Handler().ServeHTTP(w, r)
+	collector.WriteTextFileMetrics(w, r)
+}
+
 func main() {
 	appSettings := cfg.Parse()
 	if appSettings.VersionMode {
 		printAppVersion()
 	} else {
-		log.Print("starting fail2ban exporter")
+		handleGracefulShutdown()
+		log.Printf("fail2ban exporter version %s", version)
+		log.Printf("starting server at %s", appSettings.MetricsAddress)
 
-		exporter := &Exporter{
-			db: fail2banDb.MustConnectToDb(appSettings.Fail2BanDbPath),
+		f2bCollector := f2b.NewExporter(appSettings, version)
+		prometheus.MustRegister(f2bCollector)
+
+		textFileCollector := textfile.NewCollector(appSettings)
+		prometheus.MustRegister(textFileCollector)
+
+		http.HandleFunc("/", auth.BasicAuthMiddleware(rootHtmlHandler, appSettings.BasicAuthProvider))
+		http.HandleFunc(metricsPath, auth.BasicAuthMiddleware(
+			func(w http.ResponseWriter, r *http.Request) {
+				metricHandler(w, r, textFileCollector)
+			},
+			appSettings.BasicAuthProvider,
+		))
+		log.Printf("metrics available at '%s'", metricsPath)
+		if appSettings.BasicAuthProvider.Enabled() {
+			log.Printf("basic auth enabled")
 		}
-		prometheus.MustRegister(exporter)
 
-		http.Handle("/metrics", promhttp.Handler())
-		log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", appSettings.MetricsPort), nil))
+		svrErr := make(chan error)
+		go func() {
+			svrErr <- http.ListenAndServe(appSettings.MetricsAddress, nil)
+		}()
+		log.Print("ready")
+
+		err := <-svrErr
+		log.Print(err)
 	}
 }
+
+func handleGracefulShutdown() {
+	var signals = make(chan os.Signal)
+
+	signal.Notify(signals, syscall.SIGTERM)
+	signal.Notify(signals, syscall.SIGINT)
+
+	go func() {
+		sig := <-signals
+		log.Printf("caught signal: %+v", sig)
+		os.Exit(0)
+	}()
+}

src/go.mod

@@ -1,8 +1,10 @@
-module fail2ban-prometheus-exporter
+module gitlab.com/hectorjsmith/fail2ban-prometheus-exporter
 
 go 1.15
 
 require (
-	github.com/mattn/go-sqlite3 v1.14.6
+	github.com/kisielk/og-rek v1.1.0
+	github.com/nlpodyssey/gopickle v0.1.0
 	github.com/prometheus/client_golang v1.9.0
+	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 )

src/go.sum

@@ -7,9 +7,11 @@ github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMx
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d h1:UQZhZ2O0vMHr2cI+DC1Mbh0TJxzA3RcLoMsFw+aXw7E=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@@ -40,6 +42,7 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
@@ -137,11 +140,15 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kisielk/og-rek v1.1.0 h1:u10TvQbPtrlY/6H4+BiFsBywwSVTGFsx0YOVtpx3IbI=
+github.com/kisielk/og-rek v1.1.0/go.mod h1:6ihsOSzSAxR/65S3Bn9zNihoEqRquhDQZ2c6I2+MG3c=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
@@ -150,8 +157,6 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
-github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
@@ -175,6 +180,8 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE
 github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
+github.com/nlpodyssey/gopickle v0.1.0 h1:9wjwRqXsOSYWZl4c4ko472b6RW+VB1I441ZcfFg1r5g=
+github.com/nlpodyssey/gopickle v0.1.0/go.mod h1:YIUwjJ2O7+vnBsxUN+MHAAI3N+adqEGiw+nDpwW95bY=
 github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
@@ -200,6 +207,7 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -253,6 +261,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
@@ -377,9 +386,11 @@ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miE
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
@@ -393,6 +404,7 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

src/socket/decoder.go

@@ -0,0 +1,8 @@
+package socket
+
+// Py_builtins_str is used by the pickle decoder to parse the server response into a format Go can understand
+type Py_builtins_str struct{}
+
+func (c Py_builtins_str) Call(args ...interface{}) (interface{}, error) {
+	return args[0], nil
+}

src/socket/fail2banSocket.go

@@ -0,0 +1,179 @@
+package socket
+
+import (
+	"fmt"
+	"github.com/kisielk/og-rek"
+	"github.com/nlpodyssey/gopickle/types"
+	"net"
+	"strings"
+)
+
+type Fail2BanSocket struct {
+	socket  net.Conn
+	encoder *ogórek.Encoder
+}
+
+type JailStats struct {
+	FailedCurrent int
+	FailedTotal   int
+	BannedCurrent int
+	BannedTotal   int
+}
+
+func ConnectToSocket(path string) (*Fail2BanSocket, error) {
+	c, err := net.Dial("unix", path)
+	if err != nil {
+		return nil, err
+	}
+	return &Fail2BanSocket{
+		socket:  c,
+		encoder: ogórek.NewEncoder(c),
+	}, nil
+}
+
+func (s *Fail2BanSocket) Close() error {
+	return s.socket.Close()
+}
+
+func (s *Fail2BanSocket) Ping() (bool, error) {
+	response, err := s.sendCommand([]string{pingCommand, "100"})
+	if err != nil {
+		return false, newConnectionError(pingCommand, err)
+	}
+
+	if t, ok := response.(*types.Tuple); ok {
+		if (*t)[1] == "pong" {
+			return true, nil
+		}
+		return false, fmt.Errorf("unexpected response data (expecting 'pong'): %s", (*t)[1])
+	}
+	return false, newBadFormatError(pingCommand, response)
+}
+
+func (s *Fail2BanSocket) GetJails() ([]string, error) {
+	response, err := s.sendCommand([]string{statusCommand})
+	if err != nil {
+		return nil, err
+	}
+
+	if lvl1, ok := response.(*types.Tuple); ok {
+		if lvl2, ok := lvl1.Get(1).(*types.List); ok {
+			if lvl3, ok := lvl2.Get(1).(*types.Tuple); ok {
+				if lvl4, ok := lvl3.Get(1).(string); ok {
+					splitJails := strings.Split(lvl4, ",")
+					return trimSpaceForAll(splitJails), nil
+				}
+			}
+		}
+	}
+	return nil, newBadFormatError(statusCommand, response)
+}
+
+func (s *Fail2BanSocket) GetJailStats(jail string) (JailStats, error) {
+	response, err := s.sendCommand([]string{statusCommand, jail})
+	if err != nil {
+		return JailStats{}, err
+	}
+
+	stats := JailStats{
+		FailedCurrent: -1,
+		FailedTotal:   -1,
+		BannedCurrent: -1,
+		BannedTotal:   -1,
+	}
+
+	if lvl1, ok := response.(*types.Tuple); ok {
+		if lvl2, ok := lvl1.Get(1).(*types.List); ok {
+			if filter, ok := lvl2.Get(0).(*types.Tuple); ok {
+				if filterLvl1, ok := filter.Get(1).(*types.List); ok {
+					if filterCurrentTuple, ok := filterLvl1.Get(0).(*types.Tuple); ok {
+						if filterCurrent, ok := filterCurrentTuple.Get(1).(int); ok {
+							stats.FailedCurrent = filterCurrent
+						}
+					}
+					if filterTotalTuple, ok := filterLvl1.Get(1).(*types.Tuple); ok {
+						if filterTotal, ok := filterTotalTuple.Get(1).(int); ok {
+							stats.FailedTotal = filterTotal
+						}
+					}
+				}
+			}
+			if actions, ok := lvl2.Get(1).(*types.Tuple); ok {
+				if actionsLvl1, ok := actions.Get(1).(*types.List); ok {
+					if actionsCurrentTuple, ok := actionsLvl1.Get(0).(*types.Tuple); ok {
+						if actionsCurrent, ok := actionsCurrentTuple.Get(1).(int); ok {
+							stats.BannedCurrent = actionsCurrent
+						}
+					}
+					if actionsTotalTuple, ok := actionsLvl1.Get(1).(*types.Tuple); ok {
+						if actionsTotal, ok := actionsTotalTuple.Get(1).(int); ok {
+							stats.BannedTotal = actionsTotal
+						}
+					}
+				}
+			}
+			return stats, nil
+		}
+	}
+	return stats, newBadFormatError(statusCommand, response)
+}
+
+func (s *Fail2BanSocket) GetJailBanTime(jail string) (int, error) {
+	command := fmt.Sprintf(banTimeCommandFmt, jail)
+	return s.sendSimpleIntCommand(command)
+}
+
+func (s *Fail2BanSocket) GetJailFindTime(jail string) (int, error) {
+	command := fmt.Sprintf(findTimeCommandFmt, jail)
+	return s.sendSimpleIntCommand(command)
+}
+
+func (s *Fail2BanSocket) GetJailMaxRetries(jail string) (int, error) {
+	command := fmt.Sprintf(maxRetriesCommandFmt, jail)
+	return s.sendSimpleIntCommand(command)
+}
+
+func (s *Fail2BanSocket) GetServerVersion() (string, error) {
+	response, err := s.sendCommand([]string{versionCommand})
+	if err != nil {
+		return "", err
+	}
+
+	if lvl1, ok := response.(*types.Tuple); ok {
+		if versionStr, ok := lvl1.Get(1).(string); ok {
+			return versionStr, nil
+		}
+	}
+	return "", newBadFormatError(versionCommand, response)
+}
+
+// sendSimpleIntCommand sends a command to the fail2ban socket and parses the response to extract an int.
+// This command assumes that the response data is in the format of `(d, d)` where `d` is a number.
+func (s *Fail2BanSocket) sendSimpleIntCommand(command string) (int, error) {
+	response, err := s.sendCommand(strings.Split(command, " "))
+	if err != nil {
+		return -1, err
+	}
+
+	if lvl1, ok := response.(*types.Tuple); ok {
+		if banTime, ok := lvl1.Get(1).(int); ok {
+			return banTime, nil
+		}
+	}
+	return -1, newBadFormatError(command, response)
+}
+
+func newBadFormatError(command string, data interface{}) error {
+	return fmt.Errorf("(%s) unexpected response format - cannot parse: %v", command, data)
+}
+
+func newConnectionError(command string, err error) error {
+	return fmt.Errorf("(%s) failed to send command through socket: %v", command, err)
+}
+
+func trimSpaceForAll(slice []string) []string {
+	for i := range slice {
+		slice[i] = strings.TrimSpace(slice[i])
+	}
+	return slice
+}

src/socket/protocol.go

@@ -0,0 +1,69 @@
+package socket
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"github.com/nlpodyssey/gopickle/pickle"
+)
+
+const (
+	commandTerminator    = "<F2B_END_COMMAND>"
+	pingCommand          = "ping"
+	statusCommand        = "status"
+	versionCommand       = "version"
+	banTimeCommandFmt    = "get %s bantime"
+	findTimeCommandFmt   = "get %s findtime"
+	maxRetriesCommandFmt = "get %s maxretry"
+	socketReadBufferSize = 1024
+)
+
+func (s *Fail2BanSocket) sendCommand(command []string) (interface{}, error) {
+	err := s.write(command)
+	if err != nil {
+		return nil, err
+	}
+	return s.read()
+}
+
+func (s *Fail2BanSocket) write(command []string) error {
+	err := s.encoder.Encode(command)
+	if err != nil {
+		return err
+	}
+	_, err = s.socket.Write([]byte(commandTerminator))
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *Fail2BanSocket) read() (interface{}, error) {
+	reader := bufio.NewReader(s.socket)
+
+	data := []byte{}
+	for {
+		buf := make([]byte, socketReadBufferSize)
+		_, err := reader.Read(buf)
+		if err != nil {
+			return nil, err
+		}
+		data = append(data, buf...)
+		containsTerminator := bytes.Contains(data, []byte(commandTerminator))
+		if containsTerminator {
+			break
+		}
+	}
+
+	bufReader := bytes.NewReader(data)
+	unpickler := pickle.NewUnpickler(bufReader)
+
+	unpickler.FindClass = func(module, name string) (interface{}, error) {
+		if (module == "builtins" || module == "__builtin__") && name == "str" {
+			return &Py_builtins_str{}, nil
+		}
+		return nil, fmt.Errorf("class not found: " + module + " : " + name)
+	}
+
+	return unpickler.Load()
+}