Adding Fail2Ban monitoring / matrix message

2 files changed, 64 insertions, 0 deletions

diff --git a/Fail2Ban/jail.local b/Fail2Ban/jail.local
new file mode 100644
index 0000000..774fa35
--- /dev/null
+++ b/Fail2Ban/jail.local
@@ -0,0 +1,39 @@
+# Sample jail.local config
+[DEFAULT]
+
+ignoreip = 127.0.0.1/24
+bantime = 86400
+findtime = 300
+maxretry = 3
+banaction = iptables-multiport
+backend = systemd
+# Action to ban using IP tables and send matrix notification
+
+
+# SSH jail
+[sshd]
+
+enabled = true
+port    = 22
+logpath = /var/log/auth.log
+backend = %(sshd_backend)s
+filter = sshd
+
+
+# Apache2 auth jail
+[apache-auth]
+
+enabled = true
+port     = http,https
+logpath  = /var/log/apache2/error.log
+filter = apache-auth
+maxretry = 3
+
+# Apache2 pass jail
+[apache-pass]
+
+enabled = true
+port    = http,https
+logpath  = /var/log/apache2/access.log
+filter = apache-pass
+maxretry = 3
diff --git a/Fail2Ban/matrix.conf b/Fail2Ban/matrix.conf
new file mode 100644
index 0000000..a4686de
--- /dev/null
+++ b/Fail2Ban/matrix.conf
@@ -0,0 +1,25 @@
+# Fail2Ban configuration file
+#
+# Author: Oxbian
+#
+#
+# Must be placed in the /etc/fail2ban/action.d folder
+
+[INCLUDES]
+
+before = mail-whois-common.conf
+
+[Definition]
+
+# Option: actionban
+# Notes: command executed when banning an IP. Take care that the
+#        command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = YOUR_MATRIX_SH_PATH -s "The IP <ip> has just been banned by 
+            Fail2Ban after <failures> attempts against <name>. \n\n Here is more infromations about <ip>:\n
+            `%(_whois_command)s`" 
+
+[Init]
+init = YOUR_MATRIX_SH_PATH -s "Fail2Ban Matrix Notification enabled."