Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Send notifications to the Slack from fail2ban
...
action_with_slack_notification = %(banaction)s[name=%(__name__)s, port="%(port)$
slack[name=%(__name__)s]
action = %(action_with_slack_notification)s
...
[Definition]
actioncheck=
actionstart =
actionstop =
actionban = /bin/bash /etc/fail2ban/slack_notify.sh "Banned _country_ <ip> in the jail <name> after <failures> attempts" "<ip>" > /dev/null 2>&1
actionunban = /bin/bash /etc/fail2ban/slack_notify.sh "Unbanned _country_ <ip> in the jail <name>" "<ip>" > /dev/null 2>&1
#!/bin/bash
# message first command argument
MESSAGE=$1
HOOK_URL=https://hooks.slack.com/services/<your hook url>
HOST=$(hostname)
CHANNEL="#alerts"
USERNAME="fail2ban"
ICON=":cop:"
# ip second command argument
IP=$2
# lets find out from what country we have our hacker
COUNTRY=$(curl ipinfo.io/${IP}/country)
# converting country to lover case. I love you bash script =\
COUNTRY=$(echo "$COUNTRY" | tr -s '[:upper:]' '[:lower:]')
# slack emoji
COUNTRY=":flag-$COUNTRY:"
# replace _country_ template to the country emoji
MESSAGE="${MESSAGE/_country_/$COUNTRY}"
curl -X POST --data-urlencode "payload={\"channel\": \"${CHANNEL}\", \"username\": \"${USERNAME}\", \"text\": \"[${HOST}] ${MESSAGE}\", \"icon_emoji\": \"${ICON}\"}" ${HOOK_URL}
exit 0
@jake-harris

This comment has been minimized.

Copy link

commented Dec 22, 2015

This is fantastic, thanks for sharing!

@Nihisil

This comment has been minimized.

Copy link
Owner Author

commented Dec 22, 2015

@jake-harris you're welcome :)

@destefanix

This comment has been minimized.

Copy link

commented Mar 18, 2017

Hi guys.. how do you think that I can solve that?

[root@go fail2ban]# service fail2ban restart
Stopping fail2ban: [ OK ]
Starting fail2ban: Traceback (most recent call last):
File "/usr/bin/fail2ban-client", line 401, in ?
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 370, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 180, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 374, in __readConfig
self.__configurator.readAll()
File "/usr/share/fail2ban/client/configurator.py", line 58, in readAll
self.__jails.read()
File "/usr/share/fail2ban/client/jailsreader.py", line 41, in read
ConfigReader.read(self, "jail")
File "/usr/share/fail2ban/client/configreader.py", line 59, in read
SafeConfigParserWithIncludes.read(self, [bConf, bLocal])
File "/usr/share/fail2ban/client/configparserinc.py", line 105, in read
fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
File "/usr/share/fail2ban/client/configparserinc.py", line 76, in getIncludes
parser.read(resource)
File "/usr/lib64/python2.4/ConfigParser.py", line 267, in read
self._read(fp, filename)
File "/usr/lib64/python2.4/ConfigParser.py", line 462, in _read
raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/fail2ban/jail.local, line: 1
'action_with_slack_notification = %(banaction)s[name=%(name)s, port="%(port)$\n'
[FALLITO]
[root@go fail2ban]#

@Dman46

This comment has been minimized.

Copy link

commented Jul 31, 2017

destefanix I have changed the configurations in jail.local and slack.conf so the action will work correctly. See my Gist: https://gist.github.com/Dman46/92178d519a7b3ea1e49cbcb7b8fda954

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.