-
-
Save Dman46/92178d519a7b3ea1e49cbcb7b8fda954 to your computer and use it in GitHub Desktop.
| ... | |
| action_with_slack_notification = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] | |
| slack[name=%(__name__)s] | |
| action = %(action_with_slack_notification)s | |
| ... |
| [Definition] | |
| actioncheck = | |
| actionstart = /bin/bash /etc/fail2ban/slack_notify.sh "The jail <name> has been started successfully." > /dev/null 2>&1 | |
| actionstop = /bin/bash /etc/fail2ban/slack_notify.sh "The jail <name> has been stopped." > /dev/null 2>&1 | |
| actionban = /bin/bash /etc/fail2ban/slack_notify.sh "Banned _country_ <ip> in the jail <name> after <failures> attempts" "<ip>" > /dev/null 2>&1 | |
| actionunban = /bin/bash /etc/fail2ban/slack_notify.sh "Unbanned _country_ <ip> in the jail <name>" "<ip>" > /dev/null 2>&1 | |
| # Default name of the chain | |
| # | |
| name = default |
| #!/bin/bash | |
| # message first command argument | |
| MESSAGE=$1 | |
| HOOK_URL=https://hooks.slack.com/services/<your hook url> | |
| HOST=$(hostname) | |
| CHANNEL="#alerts" | |
| USERNAME="fail2ban" | |
| ICON=":cop:" | |
| # ip second command argument | |
| IP=$2 | |
| # lets find out from what country we have our hacker | |
| COUNTRY=$(curl ipinfo.io/${IP}/country) | |
| # converting country to lover case. I love you bash script =\ | |
| COUNTRY=$(echo "$COUNTRY" | tr -s '[:upper:]' '[:lower:]') | |
| # slack emoji | |
| COUNTRY=":flag-$COUNTRY:" | |
| # replace _country_ template to the country emoji | |
| MESSAGE="${MESSAGE/_country_/$COUNTRY}" | |
| curl -X POST --data-urlencode "payload={\"channel\": \"${CHANNEL}\", \"username\": \"${USERNAME}\", \"text\": \"[${HOST}] ${MESSAGE}\", \"icon_emoji\": \"${ICON}\"}" ${HOOK_URL} | |
| exit 0 |
I ran into errors with this configuration also. I did find a working solution though:
Follow the steps (mostly) from this post instead: https://github.com/coleturner/fail2ban-slack-action
However, they seemed to be using a old/outdated method of webhooks.
- Create an app, and use the Incoming Webhooks feature within that app.
- Then convert all the curl calls in the slack-notify.conf to match the newer syntax (e.g.
curl -X POST -H 'Content-type: application/json' --data '{"text":"Fail2Ban (<name>) jail has started"}' <slack_webhook_url>) - You can remove the variables (
slack_api_tokenandslack_channel) at the bottom of the slack-notify.conf file and add/initialize the <slack_webhook_url> variable that I used in the above curl statement (e.g.slack_webhook_url = https://hooks.slack.com/services/<yourwebhookpathgoeshere>
Thanks @mikey32230, I looked at this one as well. I may have to use that for now, but I was really hoping to get the Country Flag added to the messages just for the cool factor.
Thanks @mikey32230, I looked at this one as well. I may have to use that for now, but I was really hoping to get the Country Flag added to the messages just for the cool factor.
I originally got so frustrated with just trying to get any slack notifications to work at all I implemented the solution above and called it a day.
However, I then also noticed that it didn't get any location info, so I was thinking about adding that as well. Unless i'm missing something it should be pretty simple/straightforward to add that to what I posted above. Basically just add some of the code that is handling the Country/location lookup from the slack_notify.sh into the slack-notify.conf and add the info to the cURL request.
I may try to work on that in the next few days if I remember/have time.
Thanks @mikey32230, I looked at this one as well. I may have to use that for now, but I was really hoping to get the Country Flag added to the messages just for the cool factor.
I originally got so frustrated with just trying to get any slack notifications to work at all I implemented the solution above and called it a day.
However, I then also noticed that it didn't get any location info, so I was thinking about adding that as well. Unless i'm missing something it should be pretty simple/straightforward to add that to what I posted above. Basically just add some of the code that is handling the Country/location lookup from the slack_notify.sh into the slack-notify.conf and add the info to the cURL request.
I may try to work on that in the next few days if I remember/have time.
If I happen to figure it out I'll be sure to post it. Again, thanks for the reply.
All done, forked it and made the changes:
https://github.com/mikey32230/fail2ban-slack-action
@mickey32230 Thank you for this! I'm still having some issues when I start fail2ban with systemd, but progress is being made. Thanks for your insights and your fork with updates!
Hi @l12crash
Have you found the solution?
Unfortunately, I have not gotten this to work :(
Fail2ban starts, but it's not sending anything to my Slack channel. Running the script manually works as expected.
Here's my jail.local
Here's my slack.conf located in the action.d folder: