13 июля 2021
Отправка уведомлений в Telegram, когда fail2ban блокирует IP-адрес и отменяет блокировку IP-адреса
https://github.com/shafiqsaaidin/fail2ban-telegram-notification
Содержимое
Требования
openssh, fail2ban, curl, telegram bot api
Установка
|
1
|
$ sudo dnf install fail2ban ssh-server
|
Конфигурация
Создать копию файла jail.conf cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local.
Изменить правила блокировки
|
1
2
3
4
|
ignoreip = 127.0.0.1/8 192.168.1.101
bantime = 3600
findtime = 120
maxretry = 3
|
Включить защиту SSH с fail2ban
|
1
2
3
4
5
6
|
[sshd]
enabled = true
filter = sshd
maxretry = 3
logpath = /var/log/auth.log
action = iptables[name=SSH, port=22, protocol=tcp] telegram
|
Создать директорию script и поместить скрипт
sudo mkdir /etc/fail2ban/scripts/
fail2ban-telegram.sh
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
#!/bin/bash
# Sends text messages using Telegram
# to alert webmaster of banning.
# Require one argument, one of the following
# start
# stop
# ban
# unban
# Optional second argument: Ip for ban/unband
# Display usage information
function show_usage {
echo "Usage: $0 action <ip>"
echo "Where action start, stop, ban, unban"
echo "and IP is optional passed to ban, unban"
exit
}
# Send notification
function send_msg {
apiToken=<put your api key here>
chatId=<put your chat id here>
url="https://api.telegram.org/bot$apiToken/sendMessage"
curl -s -X POST $url -d chat_id=$chatId -d text="$1"
exit
}
# Check for script arguments
if [ $# -lt 1 ]
then
show_usage
fi
# Take action depending on argument
if [ "$1" = 'start' ]
then
msg='Fail2ban+just+started.'
send_msg $msg
elif [ "$1" = 'stop' ]
then
msg='Fail2ban+just+stoped.'
send_msg $msg
elif [ "$1" = 'ban' ]
then
msg=$([ "$2" != '' ] && echo "Fail2ban+just+banned+$2" || echo 'Fail2ban+just+banned+an+ip.' )
send_msg $msg
elif [ "$1" = 'unban' ]
then
msg=$([ "$2" != '' ] && echo "Fail2ban+just+unbanned+$2" || echo "Fail2ban+just+unbanned+an+ip." )
send_msg $msg
else
show_usage
fi
|
Поместить файл конфигурации telegram.conf в директорию /etc/fail2ban/action.d/
cp telegram.conf /etc/fail2ban/action.d/
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# Fail2Ban configuration file
#
# Author: MushaGH
#
#
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = /etc/fail2ban/scripts/fail2ban-telegram.sh start
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = /etc/fail2ban/scripts/fail2ban-telegram.sh stop
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = /etc/fail2ban/scripts/fail2ban-telegram.sh ban <ip>
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban = /etc/fail2ban/scripts/fail2ban-telegram.sh unban <ip>
[Init]
init = 123
|
Изменить fail2ban-telegram.sh добавить apiToken and chatId. Первоначально создав телеграмм бот.
Запуск сервиса
systemctl start fail2ban