Email Alerts With Fail2ban and Gmail

Table of Contents

Preface

Here's how to setup Fail2ban to send email alerts through GMAIL when failed SSH authentications are made. I'm not going to be too detailed on this but I'll provide the link to setting up Exim4 along with my jail.local config for SSH. Exim4 doesn't have OAUTH2.0 support so you'll have to use app passwords. You can probably write your own python program that can handle OATH2.0

There are two parts to this:

  1. Setup something to send emails (exim4)
  2. Tell Fail2ban to run a command to send the email

Setup SMTP Client

Follow this guide to setup EXIM4 with Gmail and App Passwords

Original Link

Archived.org Link

Fail2Ban Jail Config

/etc/fail2ban/jail.local

[DEFAULT]
ignoreip = 127.0.0.0
findtime = 2m
maxretry = 8
bantime = 10m
destemail = [email protected]
sender =  [email protected]
action = %(action_mwl)s

[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
actionban = printf %%b "Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n
            Regards,\n
            Fail2Ban" | mail -s "Subject: [Fail2Ban] <name>: banned <ip> from <fq-hostname> "

Done

For troubleshooting make sure the "mail" command works on its own. You should be good to go.