Adding extra fields to Fail2Ban mails

Posted on .

I needed fail2ban to give the full hostname in an email and not just the short system name to reduce ambiguity.

To do this I copied the action “sendmail-whois” to “local_sendmail-whois”

And then adjusted /etc/fail2ban/actions.d/sendmail-whois.conf by editing the actionstart, actionstop and actionban sections. These simply run the sendmail command with the given Subject, Date, From, To and body. I swapped uname -n with <hostname> and adjusted the format for each section.

I then added this new action to jail.conf

By default I use the “action_” action, which doesn’t send an email. And then in the jails that I do want an email I just put

Leave a Reply

You may leave the Name and Email fields blank to post anonymously.