Fail2ban — Notification to Slack

Introduction

Quick configuration that will allow us to send a notification for slack from fail2ban

Setup Slack Incoming Webhook.

Configuration

  • Add file /etc/fail2ban/action.d/slack.conf with content below:
[Definition]actionban = curl -X POST --data-urlencode 'payload={"channel": "#channel_name", "username": "user_name", "text": "Fail2Ban Reports IP <ip> has been banned by  filter", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/11111111/222222222/33333333333[Init]
  • Edit file /etc/fail2ban/jail.local
action = iptables-multiport[name=404, port="http,https", protocol=tcp]
slack[name=404]

 by the author.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store