Nextcloud VM Check if an IP is blocked by Fail2Ban, CrowdSec, Nextcloud bruteforce, UFW

checkip.sh

#!/bin/bash
# Check if an IP is blocked by Fail2Ban, CrowdSec, Nextcloud bruteforce, UFW
# Usage: sudo ./checkip.sh <IP>

IP=$1
if [ -z "$IP" ]; then
  echo "Usage: $0 <IP>"
  exit 1
fi

echo "🔎 Checking blockers for IP: $IP"
echo "======================================"

# --- Fail2Ban ---
if command -v fail2ban-client >/dev/null 2>&1; then
  echo ""
  echo "➡ Fail2Ban:"
  jails=$(sudo fail2ban-client status 2>/dev/null | grep "Jail list:" | cut -d: -f2 | sed 's/,//g')
  if [ -z "$jails" ]; then
    echo "  No jails configured."
  else
    found=0
    for jail in $jails; do
      if sudo fail2ban-client status "$jail" | grep -q "$IP"; then
        echo "  ❌ BANNED in jail: $jail"
        found=1
      fi
    done
    [ $found -eq 0 ] && echo "  ✅ Not banned in Fail2Ban"
  fi
else
  echo "  (Fail2Ban not installed)"
fi

# --- CrowdSec ---
if command -v cscli >/dev/null 2>&1; then
  echo ""
  echo "➡ CrowdSec:"
  if sudo cscli decisions list --ip "$IP" | grep -q "$IP"; then
    echo "  ❌ BANNED by CrowdSec"
    sudo cscli decisions list --ip "$IP"
  else
    echo "  ✅ Not banned by CrowdSec"
  fi
else
  echo "  (CrowdSec not installed)"
fi

# --- Nextcloud Bruteforce ---
if [ -d "/var/www/nextcloud" ]; then
  echo ""
  echo "➡ Nextcloud Bruteforce Protection:"
  if sudo -u www-data php /var/www/nextcloud/occ security:bruteforce:attempts "$IP" | grep -q "$IP"; then
    echo "  ❌ Entry found for $IP"
    sudo -u www-data php /var/www/nextcloud/occ security:bruteforce:attempts "$IP"
  else
    echo "  ✅ No entry for $IP"
  fi
else
  echo "  (Nextcloud not installed or path differs)"
fi

# --- UFW ---
if command -v ufw >/dev/null 2>&1; then
  echo ""
  echo "➡ UFW Rules:"
  sudo ufw status verbose | grep "$IP" && echo "  ❌ Rule mentions $IP" || echo "  ✅ No specific UFW rule for $IP"
else
  echo "  (UFW not installed)"
fi

echo "======================================"
echo "✔ Check completed for $IP"