1.2 KiB
1.2 KiB
Fail2Ban
Send Alerta event (alarm) if source IP is banned (valid user is using invalid password via SSHD or SFTP).
Configuration
Alerta webhook module and documentation can be found here
Clone git repo on the server where fail2ban
is installed and execute following commands as root:
Copy action script
cp -a fail2ban-alerta.sh /usr/local/bin/
chown root:root /usr/local/bin/fail2ban-alerta.sh
chmod +x /usr/local/bin/fail2ban-alerta.sh
Copy fail2ban
action configuration file
cp -a alerta.conf /etc/fail2ban/action.d/
chown root:root /etc/fail2ban/action.d/alerta.conf
Modify configuration of sshd
jail in the existing /etc/fail2ban/jail.local
file by adding additional alerta
action,
also be sure to modify action input parameters accordingly (alertaurl
and alertaapikey
).
Note: Example jail.local file is also provided
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
action = %(action_mwl)s
alerta[alertaurl=https://alerta.example.com/api/webhooks/fail2ban, alertaapikey=EXdp3haf4Xkk7Dpk5MFrqfafn6nYGgtz4JL4XzBY]
maxretry = 4
Restart fail2ban
service
systemctl restart fail2ban