Send Alerta event (alarm) if source IP is banned (valid user is using invalid password via SSHD or SFTP).
Alerta webhook module and documentation can be found here
Clone git repo on the server where fail2ban is installed and execute following commands as root:
Copy action script
cp -a fail2ban-alerta.sh /usr/local/bin/
chown root:root /usr/local/bin/fail2ban-alerta.sh
chmod +x /usr/local/bin/fail2ban-alerta.shCopy fail2ban action configuration file
cp -a alerta.conf /etc/fail2ban/action.d/
chown root:root /etc/fail2ban/action.d/alerta.confModify configuration of sshd jail in the existing /etc/fail2ban/jail.local file by adding additional alerta action,
also be sure to modify action input parameters accordingly (alertaurl and alertaapikey).
Note: Example jail.local file is also provided
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
action = %(action_mwl)s
alerta[alertaurl=https://alerta.example.com/api/webhooks/fail2ban, alertaapikey=EXdp3haf4Xkk7Dpk5MFrqfafn6nYGgtz4JL4XzBY]
maxretry = 4
Restart fail2ban service
systemctl restart fail2ban