Stop fail2ban stop/start notifications
Solution 1:
To fix this on Fail2Ban v0.9.1 (from the epel repository) on CentOS 7 (RHEL 7) you can override the sendmail start and stop actions (set them to nothing) in /etc/fail2ban/action.d/sendmail-common.local. I create this file by running these commands as root:
cat << EOF >> /etc/fail2ban/action.d/sendmail-common.local
# Override the Fail2Ban defaults in sendmail-common.conf with these entries
[Definition]
# Disable email notifications of jails stopping or starting
actionstart =
actionstop =
EOF
cat /etc/fail2ban/action.d/sendmail-common.local
Solution 2:
Have a look in the action.d/mail.conf
or action.d/sendmail.conf
which control the mail for start/stop/ban.
Solution 3:
Its not necessary to fix this in any file.
It depends on your configuration in jail.conf
.
If you configured mta = sendmail
, you can narrow the files action.d/sendmail-*
.
Then you have to look at your action = %(action_*)s
.
If you configured
"action_": comment "actionstart" & "actionstop" in action.d/sendmail.conf
"action_mw": comment ... in action.d/sendmail-whois.conf
"action_mwl": comment ... in action.d/sendmail-whois-lines.conf
If you configured mta to "mail", then just change sendmail to mail and configure the specific file.
Dont forget to restart after commenting the file!
Solution 4:
The only way I found to disable the start/stop notifications was to comment out the actionstart
and actionstop
sections in all of these files in action.d/
:
mail-buffered.conf
mail.conf
mail-whois.conf
mail-whois-lines.conf
sendmail-buffered.conf
sendmail.conf
sendmail-whois.conf
sendmail-whois-lines.conf
Solution 5:
Trying to put together the bits and pieces of the previous answers, with some more details and long commands for the lazy.
Your jail.{conf,local}
defines how mails are sent. By default, it is sendmail
. Check with:
grep 'mta *=' jail.{conf,local}
To see which start/stop actions are configured for your jails, use fail2ban-client -d
.
Putting both together:
mta=$(grep 'mta *=' /etc/fail2ban/jail.{conf,local} | awk '{print $NF}')
fail2ban-client -d | awk "/action(start|stop).*$mta/ {print \$4}" | sort -u
In my config, the output is 'sendmail-whois-lines',
so that is the file to edit. Assuming your config is under /etc/fail2ban, the full file name is /etc/fail2ban/action.d/sendmail-whois-lines.conf
.
However, as Rabin mentions, do not edit that file directly, because it will be overwritten during updates. Instead, create /etc/fail2ban/action.d/sendmail-whois-lines.local
(or whatever action.d/file-name.local
is right in your config) and add these lines:
[Definition]
actionstart =
actionstop =
Or, for the really lazy who cannot be bothered with looking up and creating the right file:
mta=$(grep 'mta *=' /etc/fail2ban/jail.{conf,local} | awk '{print $NF}')
fail2ban-client -d \
| awk "/action(start|stop).*$mta/ {print \$4}" \
| sort -u \
| while read f; do \
f=${f//\'/}
f="/etc/fail2ban/action.d/${f/%,/}.local"
cat <<EOF >>"$f"
[Definition]
actionstart =
actionstop =
EOF
done