====== fail2ban ======


===== install =====

<code>
apt install fail2ban
</code>

===== filter =====

define new filter
<file ini /etc/fail2ban/filter.d/giano-login.conf>
[Definition]
failregex = ^<HOST> .+ /auth/token/v2 HTTP/1.[0-9]" 401
ignoreregex =

</file>

test filter
<code>
fail2ban-regex /var/log/nginx/access.log /etc/fail2ban/filter.d/giano-login.conf --print-all-matched
</code>

===== action =====

<file ini action.d/telegram.conf>
[Definition]
actionstart = /usr/local/bin/telegram-send -g --format markdown "`uname -n`: [Fail2Ban] jail <name> è stata avviata"
actionstop = /usr/local/bin/telegram-send -g --format markdown "`uname -n`: [Fail2Ban] jail <name> è stata fermata"
actioncheck =
actionban = /usr/local/bin/telegram-send -g --format markdown "`uname -n`: [Fail2Ban] IP <ip> è stato bannato dopo <failures> tentativi falliti dalla jail <name>"
actionunban = 

[Init]
init = 'Fail2Ban Telegram plugins activated"
</file>

===== jail =====

<file ini /etc/fail2ban/jail.d/giano-login.conf>
[giano-login]
enabled = true
filter = giano-login
port = http,https
logpath = /var/log/nginx/*access*.log
findtime = 60
bantime = 6000
maxretry = 3
action = %(action_)s
         telegram[name=GIANO]
</file>


===== test =====

test
<code>
fail2ban-client -d
</code>

restart service to apply filter and jail
<code>
systemctl restart fail2ban
</code>

===== status =====

<code>
fail2ban-client status giano-login
</code>

===== unban =====

<code>
fail2ban-client set giano-login unbanip IPADDRESS
</code>

===== telegram action =====

<code>
pip install telegram-send
</code>

create configuration file with token and chat id
<file ini /etc/telegram-send.conf>
[telegram]
chat_id = 
token = 
</file>

test (-g option to use /etc/telegram-send.con)
<code>
telegram-send -g "hello, world"
</code>