22/01/2022
fail2ban webhook for banned ips

créer le fichier /etc/fail2ban/jail.local

[DEFAULT]

[sshd]
ignoreip = 127.0.0.1/8 ::1 86.xx.xx.xx
findtime = 3600
bantime = 86400
maxretry = 5
enabled = true
action = webhook

créer ce fichier /etc/fail2ban/action.d/webhook.conf


[Definition]

# Notify on Startup
actionstart = curl -X POST "<webhook>" \
            -H "Content-Type: application/json" \
            -d '{"jail": "<name>", "type":"jail start"}'

# Notify on Shutdown
actionstop = curl -X POST "<webhook>" \
            -H "Content-Type: application/json" \
            -d '{"jail": "<name>", "type":"jail end"}'

#
actioncheck =

# Notify on Banned 
actionban = curl -X POST "<webhook>" \
            -H "Content-Type: application/json" \
            -d '{"jail": "<name>", "type":"ban", "ip": "<ip>", "bantime": "<bantime> hours", "failures": "<failures>"}' 

# Notify on Unbanned
actionunban = curl -X POST "<webhook>" \
            -H "Content-Type: application/json" \
            -d '{"jail": "<name>", "type":"unban", "ip": "<ip>"}' 
[Init]

# Name of the jail in your jail.local file. default = [your-jail-name]
name = default

# Webhook URL
webhook = https://xxxxxxxxxxxxxx

restart the service

systemctl restart fail2ban