diff options
author | Chris Caron <lead2gold@gmail.com> | 2020-08-04 19:04:05 -0400 |
---|---|---|
committer | Chris Caron <lead2gold@gmail.com> | 2020-08-04 19:04:05 -0400 |
commit | 2216fd8da4e95564bc4cd0047ffae08d24d3d17d (patch) | |
tree | b682de5f7c48a7b72dd09c84112970108c71fb98 | |
parent | 3515d06979df3127f4261d24b688b19391778f5a (diff) | |
download | fail2ban-2216fd8da4e95564bc4cd0047ffae08d24d3d17d.tar.gz |
Add Apprise Support (50+ Notifications)
-rw-r--r-- | MANIFEST | 1 | ||||
-rw-r--r-- | config/action.d/apprise.conf | 47 | ||||
-rw-r--r-- | config/jail.conf | 9 |
3 files changed, 57 insertions, 0 deletions
@@ -3,6 +3,7 @@ bin/fail2ban-regex bin/fail2ban-server bin/fail2ban-testcases ChangeLog +config/action.d/apprise.conf config/action.d/abuseipdb.conf config/action.d/apf.conf config/action.d/badips.conf diff --git a/config/action.d/apprise.conf b/config/action.d/apprise.conf new file mode 100644 index 00000000..ac54d8fd --- /dev/null +++ b/config/action.d/apprise.conf @@ -0,0 +1,47 @@ +# Fail2Ban configuration file +# +# Author: Chris Caron <lead2gold@gmail.com> +# +# + +[Definition] + +# Option: actionstart +# Notes.: command executed once at the start of Fail2Ban. +# Values: CMD +# +actionstart = printf %%b "The jail <name> as been started successfully." |apprise -t "[Fail2Ban] <name>: started on `uname -n`" -c /etc/fail2ban/apprise.conf + +# Option: actionstop +# Notes.: command executed once at the end of Fail2Ban +# Values: CMD +# +actionstop = printf %%b "The jail <name> has been stopped." |apprise -t "[Fail2Ban] <name>: stopped on `uname -n`" -c /etc/fail2ban/apprise.conf + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionban = printf %%b "The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>" | apprise -n "warning" -t "[Fail2Ban] <name>: banned <ip>$ + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: See jail.conf(5) man page +# Values: CMD +# +actionunban = + +[Init] + +# Define location of the default apprise configuration file to use +# +config = /etc/fail2ban/apprise.conf diff --git a/config/jail.conf b/config/jail.conf index 6e8a6a2f..dbca2e8f 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -227,6 +227,15 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto action_xarf = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"] +# ban & send a notification to one or more of the 50+ services supported by Apprise. +# See https://github.com/caronc/apprise/wiki for details on what is supported. +# +# You may optionally over-ride the default configuration line (containing the Apprise URLs) +# by using 'apprise[name=%(__name__)s, config="/alternate/path/to/apprise.cfg"]' otherwise +# /etc/fail2ban/apprise.conf is sourced for your supported notification configuration. +action_apprise = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] + apprise[name=%(__name__)s] + # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines # to the destemail. action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"] |