Adding Fail2Ban monitoring / matrix message

3 files changed, 82 insertions, 1 deletions

diff --git a/Fail2Ban/jail.local b/Fail2Ban/jail.local
new file mode 100644
index 0000000..774fa35
--- /dev/null
+++ b/Fail2Ban/jail.local
@@ -0,0 +1,39 @@
+# Sample jail.local config
+[DEFAULT]
+
+ignoreip = 127.0.0.1/24
+bantime = 86400
+findtime = 300
+maxretry = 3
+banaction = iptables-multiport
+backend = systemd
+# Action to ban using IP tables and send matrix notification
+
+
+# SSH jail
+[sshd]
+
+enabled = true
+port    = 22
+logpath = /var/log/auth.log
+backend = %(sshd_backend)s
+filter = sshd
+
+
+# Apache2 auth jail
+[apache-auth]
+
+enabled = true
+port     = http,https
+logpath  = /var/log/apache2/error.log
+filter = apache-auth
+maxretry = 3
+
+# Apache2 pass jail
+[apache-pass]
+
+enabled = true
+port    = http,https
+logpath  = /var/log/apache2/access.log
+filter = apache-pass
+maxretry = 3
diff --git a/Fail2Ban/matrix.conf b/Fail2Ban/matrix.conf
new file mode 100644
index 0000000..a4686de
--- /dev/null
+++ b/Fail2Ban/matrix.conf
@@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+#
+# Author: Oxbian
+#
+#
+# Must be placed in the /etc/fail2ban/action.d folder
+
+[INCLUDES]
+
+before = mail-whois-common.conf
+
+[Definition]
+
+# Option: actionban
+# Notes: command executed when banning an IP. Take care that the
+#        command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = YOUR_MATRIX_SH_PATH -s "The IP <ip> has just been banned by 
+            Fail2Ban after <failures> attempts against <name>. \n\n Here is more infromations about <ip>:\n
+            `%(_whois_command)s`" 
+
+[Init]
+init = YOUR_MATRIX_SH_PATH -s "Fail2Ban Matrix Notification enabled."
diff --git a/README.md b/README.md
index 01efaa9..ae382eb 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ Thanks to those commands you will be able to get the last update without losing
 
 ## Logwatch
 
-First you need to configure matrix-sender, I recommand you to check the repo [matrix-sender](https://github.com/Oxbian/matrix-sender).  
+First you need to configure matrix-sender, I recommend you to check the repo [matrix-sender](https://github.com/Oxbian/matrix-sender).  
 
 After that you need to edit `logwatch.sh` to add the `matrix.sh` absolute path.  
 
@@ -61,6 +61,23 @@ After that you will need to add those lines in your pam configuration `/etc/pam.
 session optional pam_exec.so seteuid /etc/ssh/login-notify.sh
 ```
 
+## Fail2Ban
+
+First you need to configure matrix-sender, I recommend you to check the repo [matrix-sender](https://github.com/Oxbian/matrix-sender).  
+
+After that you need to edit `Fail2Ban/matrix.conf` and change the absolute path to your `matrix.sh` script.
+
+Once all this is done, you can copy the `jail.local` in your `jail.d` folder and `matrix.conf` in the `action.d` folder.
+
+```bash
+sudo ln -sf "$(pwd)/Fail2Ban/jail.local" /etc/fail2ban/jail.d/jail.local
+sudo ln -sf "$(pwd)/Fail2Ban/matrix.conf" /etc/fail2ban/action.d/matrix.conf
+```
+
+After that just restart the fail2ban service and check for errors, and if you have some, fix them.
+
+You will probably need to edit the jail.local script to your liking.
+
 ## Contributing
 
 If you want to contribute, make a pull request with your contribution.