LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Use bash script in Fail2Ban Configuration (https://www.linuxquestions.org/questions/linux-software-2/use-bash-script-in-fail2ban-configuration-4175625554/)

dannyvdberg 03-14-2018 08:43 AM
Use bash script in Fail2Ban Configuration
 
I would like to call a bash script in the mailing of Fail2Ban. The bash script calls a rest api to get the username of the blocked ip-address by fail2ban.

Code:
        # Fail2Ban configuration file
        #
        # Author: *
        #
        #

        [INCLUDES]

        before = sendmail-common.conf

        [Definition]

        # Option:  actionban
        # Notes.:  command executed when banning an IP. Take care that the
        #          command is executed with Fail2Ban user rights.
        # Tags:    See jail.conf(5) man page
        # Values:  CMD
        #
        actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
                    Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
                    From: <sendername> <<sender>>
                    To: <dest>\n
                    The following IP <ip> has just been banned by Fail2Ban after <failures> attempts against the acceptance environment of <name> on server.\n
                    One or the following users could be the victim: \n
                                `/etc/fail2ban/restapi/getHttpSessions.sh | grep <ip>` \n | /usr/sbin/sendmail -f <sender> <dest>

        [Init]
But however I got errors in the fail2ban log that no e-mail is sended

Code:
        `/bin/sh /etc/fail2ban/scripts/getHttpSessions.sh | grep` 10.100.00.00 \n |/usr/sbin/sendmail -f fail2ban test@test.com -- returned 1

Is there some way to use a bash script in a fail2ban configuration file that lookups the IP-address in the bash created overview?

Thanks!

BW-userx 03-14-2018 09:37 AM
in there sight
http://www.the-art-of-web.com/system/fail2ban-sendmail/
something about send mail

https://www.fail2ban.org/wiki/index.php/Main_Page

under HOWTO's

dannyvdberg 03-14-2018 09:48 AM
Thank you for your answer but it says nothing about using a shell scripts with grep in a configuration file.

Quote:
Originally Posted by BW-userx (Post 5830887)

scasey 03-14-2018 11:40 AM
Have you read
Code:
man 5 jail.conf
??

ondoho 03-15-2018 02:54 AM
Quote:
Originally Posted by dannyvdberg (Post 5830871)
Code:
        `/bin/sh /etc/fail2ban/scripts/getHttpSessions.sh | grep` 10.100.00.00 \n |/usr/sbin/sendmail -f fail2ban test@test.com -- returned 1
have you dissected this and made sure it works manually?

dannyvdberg 03-15-2018 03:18 AM
Yes, tested the script manually couple of times. This is the script that is called:

Code:
#!/bin/bash

USERNAME==
PASSWORD==
CONFL_URL=
CONFL_URL_MONITORING=
COOKIES=cookies.txt
HEADER="X-Atlassian-Token: no-check"

echo Logging in...
curl -s -c "$COOKIES" -H "$HEADER" -d "os_username=$USERNAME" -d "os_password=$PASSWORD" -d "os_cookie=true" -k $CONFL_URL/login.jsp --output login.html

echo Authenticating as administrator...
curl -si -c "$COOKIES" -b "$COOKIES" -H "$HEADER" -d "webSudoPassword=$PASSWORD" -d "os_cookie=true" -d "webSudoIsPost=false" -d "authenticate=Confirm" -k $CONFL_URL/authenticate.action --output auth.html

echo Lookup HTTP Sessions...
curl -s -b "$COOKIES" -H "$HEADER" -d "os_cookie=true" -d "webSudoIsPost=true" -k $CONFL_URL_MONITORING | awk -F "</*td>|</*tr>" '/<\/*t[rd]>.*[A-Z][A-Z]/ {print $10, $15 }' | cut -f 4,5,6 -d ' '

echo Cleaning up...
rm $COOKIES
Quote:
Originally Posted by ondoho (Post 5831149)
have you dissected this and made sure it works manually?

dannyvdberg 03-15-2018 03:30 AM
I got it working! Probably some issues with syntax, but the following code works:

Thanks guys!

Quote:
# Fail2Ban configuration file
#
# Author: Danny van den Berg
#
#

[INCLUDES]

before = sendmail-common.conf

[Definition]

# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: See jail.conf(5) man page
# Values: CMD
#
actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
From: <sendername> <<sender>>
To: <dest>\n
The following IP <ip> has just been banned by Fail2Ban after <failures> attempts against the production environment of <name> on server lrv154ec.\n
Blocked users = `/usr/bin/gethttpsessions | grep <ip> `\n\n" | /usr/sbin/sendmail -f <sender> <dest>

[Init]

# Default name of the chain
#
name = default

Habitual 03-15-2018 12:18 PM
Quote:
Originally Posted by dannyvdberg (Post 5831164)
the following code works:
but where, oh where did you edit?
/etc/fail2ban/action.d/<mycustom.conf>
or some core file from the fail2ban package??

If the latter, on fail2ban upgrade, you lose.

AwesomeMachine 03-15-2018 12:52 PM
Regarding Habitual's comment, just make as back-up of the new file in case fail2ban wipes it out on an upgrade. I know Debian checks for custom config files, but maybe not every distro does.

dannyvdberg 03-15-2018 01:39 PM
It's just only the configuration file for sending emails in a jail that has changed. I recovered the original file and started all over again.

Habitual 03-15-2018 05:49 PM
Quote:
Originally Posted by dannyvdberg (Post 5831385)
It's just only the configuration file for sending emails in a jail that has changed. I recovered the original file and started all over again.
Easier to manage a copy that will not be overwritten... ;)

Code:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
and do your edits in /etc/fail2ban/jail.local which will NOT be overwritten if fail2ban is upgraded.

I only put enabled jails in jail.local ;)

good luck.
#Unanswered


All times are GMT -5. The time now is 10:19 AM.