
Introduction
Quick configuration that will allow us to send a notification for slack from fail2ban
Setup Slack Incoming Webhook.
Configuration
- Add file
/etc/fail2ban/action.d/slack.conf
with content below:
[Definition]actionban = curl -X POST --data-urlencode 'payload={"channel": "#channel_name", "username": "user_name", "text": "Fail2Ban Reports IP <ip> has been banned by filter", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/11111111/222222222/33333333333[Init]
- Edit file
/etc/fail2ban/jail.local
action = iptables-multiport[name=404, port="http,https", protocol=tcp]
slack[name=404]