| ... | |
| action_with_slack_notification = %(banaction)s[name=%(__name__)s, port="%(port)$ | |
| slack[name=%(__name__)s] | |
| action = %(action_with_slack_notification)s | |
| ... |
| [Definition] | |
| actioncheck= | |
| actionstart = | |
| actionstop = | |
| actionban = /bin/bash /etc/fail2ban/slack_notify.sh "Banned _country_ <ip> in the jail <name> after <failures> attempts" "<ip>" > /dev/null 2>&1 | |
| actionunban = /bin/bash /etc/fail2ban/slack_notify.sh "Unbanned _country_ <ip> in the jail <name>" "<ip>" > /dev/null 2>&1 |
| #!/bin/bash | |
| # message first command argument | |
| MESSAGE=$1 | |
| HOOK_URL=https://hooks.slack.com/services/<your hook url> | |
| HOST=$(hostname) | |
| CHANNEL="#alerts" | |
| USERNAME="fail2ban" | |
| ICON=":cop:" | |
| # ip second command argument | |
| IP=$2 | |
| # lets find out from what country we have our hacker | |
| COUNTRY=$(curl ipinfo.io/${IP}/country) | |
| # converting country to lover case. I love you bash script =\ | |
| COUNTRY=$(echo "$COUNTRY" | tr -s '[:upper:]' '[:lower:]') | |
| # slack emoji | |
| COUNTRY=":flag-$COUNTRY:" | |
| # replace _country_ template to the country emoji | |
| MESSAGE="${MESSAGE/_country_/$COUNTRY}" | |
| curl -X POST --data-urlencode "payload={\"channel\": \"${CHANNEL}\", \"username\": \"${USERNAME}\", \"text\": \"[${HOST}] ${MESSAGE}\", \"icon_emoji\": \"${ICON}\"}" ${HOOK_URL} | |
| exit 0 |
@jake-harris you're welcome :)
Hi guys.. how do you think that I can solve that?
[root@go fail2ban]# service fail2ban restart
Stopping fail2ban: [ OK ]
Starting fail2ban: Traceback (most recent call last):
File "/usr/bin/fail2ban-client", line 401, in ?
if client.start(sys.argv):
File "/usr/bin/fail2ban-client", line 370, in start
return self.__processCommand(args)
File "/usr/bin/fail2ban-client", line 180, in __processCommand
ret = self.__readConfig()
File "/usr/bin/fail2ban-client", line 374, in __readConfig
self.__configurator.readAll()
File "/usr/share/fail2ban/client/configurator.py", line 58, in readAll
self.__jails.read()
File "/usr/share/fail2ban/client/jailsreader.py", line 41, in read
ConfigReader.read(self, "jail")
File "/usr/share/fail2ban/client/configreader.py", line 59, in read
SafeConfigParserWithIncludes.read(self, [bConf, bLocal])
File "/usr/share/fail2ban/client/configparserinc.py", line 105, in read
fileNamesFull += SafeConfigParserWithIncludes.getIncludes(filename)
File "/usr/share/fail2ban/client/configparserinc.py", line 76, in getIncludes
parser.read(resource)
File "/usr/lib64/python2.4/ConfigParser.py", line 267, in read
self._read(fp, filename)
File "/usr/lib64/python2.4/ConfigParser.py", line 462, in _read
raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/fail2ban/jail.local, line: 1
'action_with_slack_notification = %(banaction)s[name=%(name)s, port="%(port)$\n'
[FALLITO]
[root@go fail2ban]#
destefanix I have changed the configurations in jail.local and slack.conf so the action will work correctly. See my Gist: https://gist.github.com/Dman46/92178d519a7b3ea1e49cbcb7b8fda954
This is fantastic, thanks for sharing!