How to get pushbullet notifications on fail2ban's ban actions and successful ssh logins
Goals of this post:
- Receive Pushbullet notifications
- whenever a fail2ban’s ban action is triggered
- whenever a user successfully logs into the server
- These notifications will also show geo location of the given ip addresses
0. Prerequisite
fail2ban and golang must be installed on your machine.
1. Get your access token and key
Visit pushbullet and ipstack to get your access token/key.
2. Intsall
A. Install pb-send
pb-send is a small application that sends messages through pushbullet.
B. Install ip2loc
ip2loc fetches geo locations of given ip addresses.
3. Setup
Create config files for pb-send:
and ip2loc:
Now you can test them with:
NOTE: fail2ban and PAM is run by root privilege,
so pb-send.json
and ip2loc.json
should also be placed in /root/.config/
.
4. Configure fail2ban
Firstly, create notify-fail2ban.sh
file that will be run by fail2ban:
Edit LOCATOR and SENDER paths to yours, and make it executable:
Now duplicate a fail2ban ban action:
then append a line at the end of actionban, which will execute notify-fail2ban.sh
:
(You should edit /path/to/your/ to yours.)
Now, create your custom jail.local
file:
with following content:
Finally, restart the fail2ban service:
5. Configure PAM
Create notify-ssh-login.sh
file that will be run by PAM:
Again, edit LOCATOR and SENDER paths to yours, and make the file executable:
After that, open /etc/pam.d/sshd
file:
and append following lines at the end of it:
(Of course, you should edit /path/to/this/ to yours.)
6. See it running
As long as all the things are setup correctly, you will receive notifications on each ssh login and fail2ban’s ban action:
Now you can see when and where each login and ban action occurred in one place!