Maciej

Photo by Joshua Hoehne on Unsplash

Introduction

Quick configuration that will allow us to send a notification for slack from fail2ban

Setup Slack Incoming Webhook.

Configuration

  • Add file /etc/fail2ban/action.d/slack.conf with content below:
[Definition]actionban = curl -X POST --data-urlencode 'payload={"channel": "#channel_name", "username": "user_name", "text": "Fail2Ban Reports IP <ip> has been banned by  filter", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/11111111/222222222/33333333333[Init]
  • Edit file /etc/fail2ban/jail.local
action = iptables-multiport[name=404, port="http,https", protocol=tcp]
slack[name=404]

--

--

Maciej

Maciej

DevOps Consultant. I’m strongly focused on automation, security, and reliability.