Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Send Pushover notification from Fail2Ban
# Fail2Ban configuration file
#
[Definition]
# Notify on Startup
actionstart = /usr/bin/curl -s -F "token=<token>" -F "user=<user>" -F "title=[Fail2Ban] <name>" -F "message=Jail <name> has been started successfully." https://api.pushover.net/1/messages
# Notify on Shutdown
actionstop = /usr/bin/curl -s -F "token=<token>" -F "user=<user>" -F "title=[Fail2Ban] <name>" -F "message=Jail <name> has been stopped." https://api.pushover.net/1/messages
#
actioncheck =
# Notify on Banned
actionban = /usr/bin/curl -s -F "token=<token>" -F "user=<user>" -F "title=[Fail2Ban] <name>" -F "message=Banned IP: <ip> Lines containing IP: `grep '<ip>' <logpath>`" https://api.pushover.net/1/messages
# Notify on Unbanned
actionunban =
[Init]
# Defaut name of the chain
name = default
# Application token key
token =
# User API key
user =
@sander1
Copy link
Author

sander1 commented Dec 24, 2016

Add pushover-notify action to action = (in jail.local) like so:

action = %(action_)s
         pushover-notify[name=%(__name__)s, logpath=%(logpath)s]

@f3bruary
Copy link

f3bruary commented Nov 20, 2018

when adding this as action, won't it replace the actual banning with a notification ? Cause I noticed that when I use action, the banning doesn't work anymore. Fail2Ban is reporting the IP has been banned, but it's not so. I think fail2ban considers a 'ban' a notification.

@mouzzampk2014-zz
Copy link

mouzzampk2014-zz commented Feb 27, 2019

Hi, where do I need to put pushover-notify in filters.d or actions.d and where do I need to add this

action = %(action_)s
pushover-notify[name=%(name)s, logpath=%(logpath)s]

1

@mouzzampk2014-zz
Copy link

mouzzampk2014-zz commented Feb 27, 2019

I managed to run it :) Thank you so much. Could you please help me out how can I get notification when something unban

actionunban =

Thank you :)

@Chathu07
Copy link

Chathu07 commented Mar 25, 2019

This script sends IP's re-banned notification every time when I restart fail2ban (stop and start or just use restart commands). Any way to disable pushover notifications when fail2ban, re-banned IP's on restarting its service?

I already checked fail2ban/config/action.d/complain.conf file,

# bypass ban/unban for restored tickets
norestored = 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment