Go to Qiita Advent Calendar 2024 Top
LoginSignup
18
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@osamu1203(Osamu Nishiyama)inエバーセンス

fail2banでslackに通知する

Posted at

fail2banしたIPをSlackでだらだら流しておきます。ざっくりやってますのであしからず。。

###SlackのIncoming Webhookの設定をします。
設定方法はこちら参照してください。
https://api.slack.com/incoming-webhooks

※incoming webhook integration と書かれているリンクから設定ページへ飛べます。

###action.dに追加します。

vim /etc/fail2ban/action.d/slack.conf
slack.conf
[Definition]

actionban = curl -X POST --data-urlencode 'payload={"channel": "#channel_name", "username": "user_name", "text": "Fail2Ban Reports IP <ip> has been banned by  filter", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/XXXXXXXX/YYYYYY/ZZZZZZ

[Init]

###設定する

vim /etc/fail2ban/jail.local

actionに追記する

jail.local
action = iptables-multiport[name=404, port="http,https", protocol=tcp]
         slack[name=404]
18
13
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
18
13

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?