Stop fail2ban stop/start notifications

Solution 1:

To fix this on Fail2Ban v0.9.1 (from the epel repository) on CentOS 7 (RHEL 7) you can override the sendmail start and stop actions (set them to nothing) in /etc/fail2ban/action.d/sendmail-common.local. I create this file by running these commands as root:

cat << EOF >> /etc/fail2ban/action.d/sendmail-common.local
# Override the Fail2Ban defaults in sendmail-common.conf with these entries

[Definition]
# Disable email notifications of jails stopping or starting
actionstart =
actionstop =
EOF
cat /etc/fail2ban/action.d/sendmail-common.local

Solution 2:

Have a look in the action.d/mail.conf or action.d/sendmail.conf which control the mail for start/stop/ban.

Solution 3:

Its not necessary to fix this in any file. It depends on your configuration in jail.conf.

If you configured mta = sendmail, you can narrow the files action.d/sendmail-*.

Then you have to look at your action = %(action_*)s. If you configured

"action_": comment "actionstart" & "actionstop" in action.d/sendmail.conf

"action_mw": comment ... in action.d/sendmail-whois.conf

"action_mwl": comment ... in action.d/sendmail-whois-lines.conf

If you configured mta to "mail", then just change sendmail to mail and configure the specific file.

Dont forget to restart after commenting the file!

Solution 4:

The only way I found to disable the start/stop notifications was to comment out the actionstart and actionstop sections in all of these files in action.d/:

mail-buffered.conf
mail.conf
mail-whois.conf
mail-whois-lines.conf
sendmail-buffered.conf
sendmail.conf
sendmail-whois.conf
sendmail-whois-lines.conf

Solution 5:

Trying to put together the bits and pieces of the previous answers, with some more details and long commands for the lazy.

Your jail.{conf,local} defines how mails are sent. By default, it is sendmail. Check with:

grep 'mta *=' jail.{conf,local}

To see which start/stop actions are configured for your jails, use fail2ban-client -d.

Putting both together:

mta=$(grep 'mta *=' /etc/fail2ban/jail.{conf,local} | awk '{print $NF}')
fail2ban-client -d | awk "/action(start|stop).*$mta/ {print \$4}" | sort -u

In my config, the output is 'sendmail-whois-lines', so that is the file to edit. Assuming your config is under /etc/fail2ban, the full file name is /etc/fail2ban/action.d/sendmail-whois-lines.conf.

However, as Rabin mentions, do not edit that file directly, because it will be overwritten during updates. Instead, create /etc/fail2ban/action.d/sendmail-whois-lines.local (or whatever action.d/file-name.local is right in your config) and add these lines:

[Definition]
actionstart =
actionstop  =

Or, for the really lazy who cannot be bothered with looking up and creating the right file:

mta=$(grep 'mta *=' /etc/fail2ban/jail.{conf,local} | awk '{print $NF}')
fail2ban-client -d \
| awk "/action(start|stop).*$mta/ {print \$4}" \
| sort -u \
| while read f; do \
    f=${f//\'/}
    f="/etc/fail2ban/action.d/${f/%,/}.local"
    cat <<EOF >>"$f"
[Definition]
actionstart =
actionstop  =
EOF
done

Tags:

Fail2Ban

Recent Posts