64 lines
1.4 KiB
Plaintext
64 lines
1.4 KiB
Plaintext
#
|
|
# Author: Milos Buncic
|
|
#
|
|
# IMPORTANT
|
|
#
|
|
# Please set jail.local's permission to 640 because it contains your Alerta API key.
|
|
#
|
|
# This action depends on curl.
|
|
#
|
|
# To create Alerta API Key: https://docs.alerta.io/en/latest/api/reference.html#api-keys
|
|
#
|
|
|
|
[Definition]
|
|
|
|
# Option: actionstart
|
|
# Notes.: command executed once at the start of Fail2Ban.
|
|
# Values: CMD
|
|
#
|
|
actionstart =
|
|
|
|
# Option: actionstop
|
|
# Notes.: command executed once at the end of Fail2Ban
|
|
# Values: CMD
|
|
#
|
|
actionstop =
|
|
|
|
# Option: actioncheck
|
|
# Notes.: command executed once before each actionban command
|
|
# Values: CMD
|
|
#
|
|
actioncheck =
|
|
|
|
# Option: actionban
|
|
# Notes.: command executed when banning an IP. Take care that the
|
|
# command is executed with Fail2Ban user rights.
|
|
# Tags: <ip> IP address
|
|
# <failures> number of failures
|
|
# <time> unix timestamp of the ban time
|
|
# Full list of Action Tags can be found in the man page:
|
|
# man jail.conf
|
|
# Values: CMD
|
|
#
|
|
actionban = echo <matches> | grep -q "Failed password for [a-z][-a-z0-9_]* from <ip>" && /usr/local/bin/fail2ban-alerta.sh <alertaurl> <alertaapikey> <ip> <failures> <logpath> || true
|
|
|
|
[Init]
|
|
|
|
# Option: alertaurl
|
|
# Notes.: Alerta API URL
|
|
# Values: STRING
|
|
#
|
|
alertaurl =
|
|
|
|
# Option: alertaapikey
|
|
# Notes.: Alerta API key
|
|
# Values: STRING
|
|
#
|
|
alertaapikey =
|
|
|
|
# Option: logpath
|
|
# Notes.: Absolute path to the log file
|
|
# Values: STRING
|
|
#
|
|
logpath = /var/log/auth.log
|