Skip to content

Instantly share code, notes, and snippets.

Last active September 5, 2023 06:20
Show Gist options
  • Save Nihisil/29fd2971c9dd109ae245 to your computer and use it in GitHub Desktop.
Save Nihisil/29fd2971c9dd109ae245 to your computer and use it in GitHub Desktop.
Send notifications to the Slack from fail2ban
action_with_slack_notification = %(banaction)s[name=%(__name__)s, port="%(port)$
action = %(action_with_slack_notification)s
actionstart =
actionstop =
actionban = /bin/bash /etc/fail2ban/ "Banned _country_ <ip> in the jail <name> after <failures> attempts" "<ip>" > /dev/null 2>&1
actionunban = /bin/bash /etc/fail2ban/ "Unbanned _country_ <ip> in the jail <name>" "<ip>" > /dev/null 2>&1
# message first command argument
HOOK_URL=<your hook url>
# ip second command argument
# lets find out from what country we have our hacker
# converting country to lover case. I love you bash script =\
COUNTRY=$(echo "$COUNTRY" | tr -s '[:upper:]' '[:lower:]')
# slack emoji
# replace _country_ template to the country emoji
curl -X POST --data-urlencode "payload={\"channel\": \"${CHANNEL}\", \"username\": \"${USERNAME}\", \"text\": \"[${HOST}] ${MESSAGE}\", \"icon_emoji\": \"${ICON}\"}" ${HOOK_URL}
exit 0
Copy link

jahsome commented Dec 22, 2015

This is fantastic, thanks for sharing!

Copy link

Nihisil commented Dec 22, 2015

@jake-harris you're welcome :)

Copy link

Hi guys.. how do you think that I can solve that?

[root@go fail2ban]# service fail2ban restart
Stopping fail2ban: [ OK ]
Starting fail2ban: Traceback (most recent call last):
File "/usr/bin/fail2ban-client", line 401, in ?
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 370, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 180, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 374, in __readConfig
File "/usr/share/fail2ban/client/", line 58, in readAll
File "/usr/share/fail2ban/client/", line 41, in read, "jail")
File "/usr/share/fail2ban/client/", line 59, in read, [bConf, bLocal])
File "/usr/share/fail2ban/client/", line 105, in read
fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
File "/usr/share/fail2ban/client/", line 76, in getIncludes
File "/usr/lib64/python2.4/", line 267, in read
self._read(fp, filename)
File "/usr/lib64/python2.4/", line 462, in _read
raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/fail2ban/jail.local, line: 1
'action_with_slack_notification = %(banaction)s[name=%(name)s, port="%(port)$\n'
[root@go fail2ban]#

Copy link

Dman46 commented Jul 31, 2017

destefanix I have changed the configurations in jail.local and slack.conf so the action will work correctly. See my Gist:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment