From 2216fd8da4e95564bc4cd0047ffae08d24d3d17d Mon Sep 17 00:00:00 2001
From: Chris Caron <lead2gold@gmail.com>
Date: Tue, 4 Aug 2020 19:04:05 -0400
Subject: [PATCH 1/3] Add Apprise Support (50+ Notifications)

---
 MANIFEST                     |  1 +
 config/action.d/apprise.conf | 47 ++++++++++++++++++++++++++++++++++++
 config/jail.conf             |  9 +++++++
 3 files changed, 57 insertions(+)
 create mode 100644 config/action.d/apprise.conf

diff --git a/MANIFEST b/MANIFEST
index ed441bac10..d02b8bd039 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -3,6 +3,7 @@ bin/fail2ban-regex
 bin/fail2ban-server
 bin/fail2ban-testcases
 ChangeLog
+config/action.d/apprise.conf
 config/action.d/abuseipdb.conf
 config/action.d/apf.conf
 config/action.d/badips.conf
diff --git a/config/action.d/apprise.conf b/config/action.d/apprise.conf
new file mode 100644
index 0000000000..ac54d8fd82
--- /dev/null
+++ b/config/action.d/apprise.conf
@@ -0,0 +1,47 @@
+# Fail2Ban configuration file
+#
+# Author: Chris Caron <lead2gold@gmail.com>
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = printf %%b "The jail <name> as been started successfully." |apprise -t "[Fail2Ban] <name>: started on `uname -n`" -c /etc/fail2ban/apprise.conf
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = printf %%b "The jail <name> has been stopped." |apprise -t "[Fail2Ban] <name>: stopped on `uname -n`" -c /etc/fail2ban/apprise.conf
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>" | apprise -n "warning" -t "[Fail2Ban] <name>: banned <ip>$
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+
+# Define location of the default apprise configuration file to use
+#
+config = /etc/fail2ban/apprise.conf
diff --git a/config/jail.conf b/config/jail.conf
index 6e8a6a2fa0..dbca2e8f4f 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -227,6 +227,15 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto
 action_xarf = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
 
+# ban & send a notification to one or more of the 50+ services supported by Apprise.
+# See https://github.com/caronc/apprise/wiki for details on what is supported.
+#
+# You may optionally over-ride the default configuration line (containing the Apprise URLs)
+# by using 'apprise[name=%(__name__)s, config="/alternate/path/to/apprise.cfg"]' otherwise
+# /etc/fail2ban/apprise.conf is sourced for your supported notification configuration.
+action_apprise = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+                 apprise[name=%(__name__)s]
+
 # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
 # to the destemail.
 action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]

From 70c601e9e53a44a6a2e950ee8e64705d14f09bc7 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <info@sebres.de>
Date: Wed, 2 Sep 2020 20:47:05 +0200
Subject: [PATCH 2/3] involve config parameter (replaces hard-coded path);
 fixed typo in actionban (looks like copy&paste from trimmed tty)

---
 config/action.d/apprise.conf | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/config/action.d/apprise.conf b/config/action.d/apprise.conf
index ac54d8fd82..37c42ea2d7 100644
--- a/config/action.d/apprise.conf
+++ b/config/action.d/apprise.conf
@@ -10,13 +10,13 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = printf %%b "The jail <name> as been started successfully." |apprise -t "[Fail2Ban] <name>: started on `uname -n`" -c /etc/fail2ban/apprise.conf
+actionstart = printf %%b "The jail <name> as been started successfully." | <apprise> -t "[Fail2Ban] <name>: started on `uname -n`"
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = printf %%b "The jail <name> has been stopped." |apprise -t "[Fail2Ban] <name>: stopped on `uname -n`" -c /etc/fail2ban/apprise.conf
+actionstop = printf %%b "The jail <name> has been stopped." | <apprise> -t "[Fail2Ban] <name>: stopped on `uname -n`"
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
@@ -30,7 +30,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = printf %%b "The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>" | apprise -n "warning" -t "[Fail2Ban] <name>: banned <ip>$
+actionban = printf %%b "The IP <ip> has just been banned by Fail2Ban after <failures> attempts against <name>" | <apprise> -n "warning" -t "[Fail2Ban] <name>: banned <ip> from `uname -n`"
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -45,3 +45,5 @@ actionunban =
 # Define location of the default apprise configuration file to use
 #
 config = /etc/fail2ban/apprise.conf
+#
+apprise = apprise -c "<config>"

From b2f6a3a658f83fa6e2ec80deffa44c837775e80a Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Sun, 4 Apr 2021 00:21:59 +0200
Subject: [PATCH 3/3] remove unneeded substitution

it is enough to add `apprise` to action
---
 config/jail.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/jail.conf b/config/jail.conf
index dbca2e8f4f..e17a1892db 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -231,10 +231,10 @@ action_xarf = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(prot
 # See https://github.com/caronc/apprise/wiki for details on what is supported.
 #
 # You may optionally over-ride the default configuration line (containing the Apprise URLs)
-# by using 'apprise[name=%(__name__)s, config="/alternate/path/to/apprise.cfg"]' otherwise
+# by using 'apprise[config="/alternate/path/to/apprise.cfg"]' otherwise
 # /etc/fail2ban/apprise.conf is sourced for your supported notification configuration.
-action_apprise = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
-                 apprise[name=%(__name__)s]
+# action = %(action_)s
+#          apprise
 
 # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
 # to the destemail.