From 8efad6a94c08eff8e23b9d294165add0a385a92b Mon Sep 17 00:00:00 2001
From: alvarosaavedrau <cloud@alvarosaavedra.es>
Date: Sat, 11 Jan 2025 20:33:31 +0100
Subject: [PATCH] add docker commands to check if Fail2ban or CrowdSec
 containers are running

---
 vps-audit.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/vps-audit.sh b/vps-audit.sh
index b86c5c3..eefe21c 100755
--- a/vps-audit.sh
+++ b/vps-audit.sh
@@ -213,11 +213,23 @@ if dpkg -l | grep -q "fail2ban"; then
     systemctl is-active fail2ban >/dev/null 2>&1 && IPS_ACTIVE=1
 fi
 
+# Check docker container running fail2ban
+if docker ps -a | awk '{print $2}' | grep "fail2ban"; then
+    IPS_INSTALLED=1
+    docker ps | grep -q "fail2ban" && IPS_ACTIVE=1
+fi
+
 if dpkg -l | grep -q "crowdsec"; then
     IPS_INSTALLED=1
     systemctl is-active crowdsec >/dev/null 2>&1 && IPS_ACTIVE=1
 fi
 
+# Check docker container running crowdsec
+if docker ps -a | awk '{print $2}' | grep "crowdsec"; then
+    IPS_INSTALLED=1
+    docker ps | grep -q "crowdsec" && IPS_ACTIVE=1
+fi
+
 case "$IPS_INSTALLED$IPS_ACTIVE" in
     "11") check_security "Intrusion Prevention" "PASS" "Fail2ban or CrowdSec is installed and running" ;;
     "10") check_security "Intrusion Prevention" "WARN" "Fail2ban or CrowdSec is installed but not running" ;;