Monitoring and Managing Firewall/Fail2ban

Implement monitoring and management practices:
# Monitor Fail2ban status
sudo fail2ban-client status
sudo fail2ban-client status sshd
sudo fail2ban-client status apache-auth

# Check banned IPs
sudo fail2ban-client get sshd banned
sudo fail2ban-client get apache-auth banned

# Unban IP address
sudo fail2ban-client set sshd unbanip 203.0.113.50
sudo fail2ban-client set apache-auth unbanip 203.0.113.50

# Monitor firewall logs
sudo tail -f /var/log/ufw.log
sudo journalctl -f -u fail2ban

# Create monitoring script
cat > /usr/local/bin/security-monitor.sh << 'EOF'
#!/bin/bash
echo "=== Firewall Status ==="
sudo ufw status numbered

echo -e "\n=== Fail2ban Status ==="
sudo fail2ban-client status

echo -e "\n=== Currently Banned IPs ==="
for jail in $(sudo fail2ban-client status | grep "Jail list" | sed 's/.*://;s/,//g'); do
    echo "Jail: $jail"
    sudo fail2ban-client status $jail | grep "Banned IP"
done

echo -e "\n=== Recent Security Events ==="
sudo journalctl -u fail2ban --since "1 hour ago" | tail -20

echo -e "\n=== Active Connections ==="
sudo ss -tunap | grep ESTABLISHED
EOF

sudo chmod +x /usr/local/bin/security-monitor.sh