We apologize that the translated content is not provided to this page.
前言
为了获得ssh爆破IP被封禁的提示,给Fail2Ban添加了server酱微信提醒。
电子邮件不可用,因为主机为了防止发送spam,将相关邮件协议全部禁用了。
摸索
转到/etc/fail2ban/action.d
目录下,找到一个最精简的conf文件。
我选择了apf.conf
,其中涉及到命令的相关行:
actionstart = #服务开始时运行
actionstop = #服务停止时运行
actioncheck = #执行actionban前运行一次
actionban = #被封禁运行
actionunban = #被解封运行
具体信息,可以参考英文版:
# Option: actionstart
# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values: CMD
#
actionstart =
# Option: actionstop
# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
# Values: CMD
#
actionstop =
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck =
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban =
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionunban =
开始编写
使用curl通过post到server酱服务器
完整配置如下,保存为server-chan.conf
# Fail2Ban configuration file
#
# https://github.com/LittleJake/fail2ban-server-chan
#
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = curl -sSf "https://sc.ftqq.com/<server_chan_sckey>.send" -d "text=Fail2Ban ban <ip>." -d "desp=The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>."
actionunban =
[Init]
# Name used in Server-chan configuration
#
name = default
# Option: server_chan_sckey
# Notes Your sckey from sc.ftqq.com
# Values: STRING Default: None
# Register for abuseipdb [https://sc.ftqq.com/], get sckey and set below.
server_chan_sckey = 你的SCKEY
# DEV NOTES:
#
# Author: Jake Liu
具体使用方法,请移步Github
运行效果
相关链接
开源协议
Apache2.0