Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Send notifications to the Slack from fail2ban
action_with_slack_notification = %(banaction)s[name=%(__name__)s, port="%(port)$
action = %(action_with_slack_notification)s
actionstart =
actionstop =
actionban = /bin/bash /etc/fail2ban/ "Banned _country_ <ip> in the jail <name> after <failures> attempts" "<ip>" > /dev/null 2>&1
actionunban = /bin/bash /etc/fail2ban/ "Unbanned _country_ <ip> in the jail <name>" "<ip>" > /dev/null 2>&1
# message first command argument
HOOK_URL=<your hook url>
# ip second command argument
# lets find out from what country we have our hacker
# converting country to lover case. I love you bash script =\
COUNTRY=$(echo "$COUNTRY" | tr -s '[:upper:]' '[:lower:]')
# slack emoji
# replace _country_ template to the country emoji
curl -X POST --data-urlencode "payload={\"channel\": \"${CHANNEL}\", \"username\": \"${USERNAME}\", \"text\": \"[${HOST}] ${MESSAGE}\", \"icon_emoji\": \"${ICON}\"}" ${HOOK_URL}
exit 0

This comment has been minimized.

Copy link

jake-harris commented Dec 22, 2015

This is fantastic, thanks for sharing!


This comment has been minimized.

Copy link
Owner Author

Nihisil commented Dec 22, 2015

@jake-harris you're welcome :)


This comment has been minimized.

Copy link

destefanix commented Mar 18, 2017

Hi guys.. how do you think that I can solve that?

[root@go fail2ban]# service fail2ban restart
Stopping fail2ban: [ OK ]
Starting fail2ban: Traceback (most recent call last):
File "/usr/bin/fail2ban-client", line 401, in ?
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 370, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 180, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 374, in __readConfig
File "/usr/share/fail2ban/client/", line 58, in readAll
File "/usr/share/fail2ban/client/", line 41, in read, "jail")
File "/usr/share/fail2ban/client/", line 59, in read, [bConf, bLocal])
File "/usr/share/fail2ban/client/", line 105, in read
fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
File "/usr/share/fail2ban/client/", line 76, in getIncludes
File "/usr/lib64/python2.4/", line 267, in read
self._read(fp, filename)
File "/usr/lib64/python2.4/", line 462, in _read
raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/fail2ban/jail.local, line: 1
'action_with_slack_notification = %(banaction)s[name=%(name)s, port="%(port)$\n'
[root@go fail2ban]#


This comment has been minimized.

Copy link

Dman46 commented Jul 31, 2017

destefanix I have changed the configurations in jail.local and slack.conf so the action will work correctly. See my Gist:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.