How to send notifications from Linux fail2ban, ssh auth and other actions to Slack

For this approach i will use my script to send messages to Slack. More info about it you can find –


How to install and configure fail2ban you can find for example here –

Now edit fail2ban jail.local file

sudo nano /etc/fail2ban/jail.local

add “slack” hook where you want to use it. For example:


enabled = true
port = ssh,sftp,22
filter = sshd
logpath = /var/log/auth.log
bantime = 900
banaction = iptables-allports
findtime = 900
maxretry = 2
action   = iptables[name=SSH, port=12345, protocol=tcp]

Now create new config file for slack action:

sudo nano /etc/fail2ban/action.d/slack.conf

copy/paste it


# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
actionban = /path/to/ fail2ban ban <ip>


put to bin folder & restart fail2ban service

sudo service fail2ban restart


sudo nano /etc/pam.d/sshd

add to file:

session optional seteuid /path/to/ sshauth

and finaly

And results:

slack post message example
slack post message example

Leave a Reply

Your email address will not be published. Required fields are marked *