https://github.com/shafiqsaaidin/fail2ban-telegram-notification
Содержание[Скрыть]
Требования
openssh, fail2ban, curl, telegram bot api
Установка
1 |
$ sudo dnf install fail2ban ssh-server |
Конфигурация
Создать копию файла jail.conf cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local. Изменить правила блокировки
1 2 3 4 |
ignoreip = 127.0.0.1/8 192.168.1.101 bantime = 3600 findtime = 120 maxretry = |
Включить защиту SSH с fail2ban
1 2 3 4 5 6 |
[sshd] enabled = true filter = sshd maxretry = 3 logpath = /var/log/auth.log action = iptables[name=SSH, port=22, protocol=tcp] telegram |
Создать директорию script и поместить скрипт sudo mkdir /etc/fail2ban/scripts/ fail2ban-telegram.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
#!/bin/bash # Sends text messages using Telegram # to alert webmaster of banning. # Require one argument, one of the following # start # stop # ban # unban # Optional second argument: Ip for ban/unband # Display usage information function show_usage { echo "Usage: $0 action " echo "Where action start, stop, ban, unban" echo "and IP is optional passed to ban, unban" exit } # Send notification function send_msg { apiToken= chatId= url="https://api.telegram.org/bot$apiToken/sendMessage" curl -s -X POST $url -d chat_id=$chatId -d text="$1" exit } # Check for script arguments if [ $# -lt 1 ] then show_usage fi # Take action depending on argument if [ "$1" = 'start' ] then msg='Fail2ban+just+started.' send_msg $msg elif [ "$1" = 'stop' ] then msg='Fail2ban+just+stoped.' send_msg $msg elif [ "$1" = 'ban' ] then msg=$([ "$2" != '' ] && echo "Fail2ban+just+banned+$2" || echo 'Fail2ban+just+banned+an+ip.' ) send_msg $msg elif [ "$1" = 'unban' ] then msg=$([ "$2" != '' ] && echo "Fail2ban+just+unbanned+$2" || echo "Fail2ban+just+unbanned+an+ip." ) send_msg $msg else show_usage fi |
Поместить файл конфигурации telegram.conf в директорию /etc/fail2ban/action.d/ cp telegram.conf /etc/fail2ban/action.d/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# Fail2Ban configuration file # # Author: MushaGH # # [Definition] # Option: actionstart # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # actionstart = /etc/fail2ban/scripts/fail2ban-telegram.sh start # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = /etc/fail2ban/scripts/fail2ban-telegram.sh stop # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionban = /etc/fail2ban/scripts/fail2ban-telegram.sh ban # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: See jail.conf(5) man page # Values: CMD # actionunban = /etc/fail2ban/scripts/fail2ban-telegram.sh unban [Init] init = |
Изменить fail2ban-telegram.sh добавить apiToken and chatId. Первоначально создав телеграмм бот.
Запуск сервиса
1 |
systemctl start fail2ban |
Ваш комментарий будет первым