-
-
Save jonaswebdev/1d91c511fb8fad3fd0a32463e9b4cc7c to your computer and use it in GitHub Desktop.
Revisions
-
wpottier created this gist
Jun 17, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,8 @@ # ban & send a notification on slack action_with_slack_notification = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] slack[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"] # Choose default action. To change, just override value of 'action' with the # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # globally (section [DEFAULT]) or per specific section action = %(action_with_slack_notification)s This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,30 @@ #!/bin/bash # File : /etc/fail2ban/action.d/slack-notify.sh # message first command argument MESSAGE=$1 HOOK_URL=<slack_hook_url> HOST=$(hostname) CHANNEL="#supervision" USERNAME="fail2ban" ICON=":fail2ban:" # ip second command argument if [ "$#" -ge 2 ]; then IP=$2 # lets find out from what country we have our hacker COUNTRY=$(curl ipinfo.io/${IP}/country) # converting country to lover case. I love you bash script =\ COUNTRY=$(echo "$COUNTRY" | tr -s '[:upper:]' '[:lower:]') # slack emoji COUNTRY=":flag-$COUNTRY:" # replace _country_ template to the country emoji MESSAGE="${MESSAGE/_country_/$COUNTRY}" fi curl -X POST --data-urlencode "payload={\"channel\": \"${CHANNEL}\", \"username\": \"${USERNAME}\", \"text\": \"[*${HOST}*] ${MESSAGE}\", \"icon_emoji\": \"${ICON}\", \"mrkdwn\": true}" ${HOOK_URL} exit 0 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,15 @@ # File : /etc/fail2ban/action.d/slack.conf # Send notification to slack channel [Definition] actioncheck= actionstart = /bin/bash /etc/fail2ban/action.d/slack-notify.sh "The jail <name> has been started successfully." > /dev/null 2>&1 actionstop = /bin/bash /etc/fail2ban/action.d/slack-notify.sh "The jail <name> has been stopped." > /dev/null 2>&1 actionban = /bin/bash /etc/fail2ban/action.d/slack-notify.sh "Banned _country_ <ip> in the jail <name> after <failures> attempts" "<ip>" > /dev/null 2>&1 actionunban = /bin/bash /etc/fail2ban/action.d/slack-notify.sh "Unbanned _country_ <ip> in the jail <name>" "<ip>" > /dev/null 2>&1 # Default name of the chain # name = default