How to setup Telegram notifications for Fail2ban on NextcloudPi

If you have wondered what would be handy way to keep eye on your fail2ban, so here is one for you.

1. Setup your Telegram Bot

Go to the Telegram app on your device complete next 3 steps:

1.1 Find telegram bot named “@botfarther”, it helps you with creating and managing your bot.

1.2. To see all possible commands that BotFather can operate type:

/help

1.3. To create a new bot type:

/newbot

Source and an alternative guide:

https://www.siteguarding.com/en/how-to-get-telegram-bot-api-token

2. Get the chat ID by using your bot token

2.1 Copy the bot token from the Botfather’s message and replace {TELEGRAMBOTTOKEN} part of the address bar with it:

https://api.telegram.org/bot{TELEGRAMBOTTOKEN}/getUpdates

2.2 Copy the just edited URL to your web browser’s address field and press enter and you will see your bots chat ID on the web page.

3. Install and configure the notification gateway

3.1 Add the following line to the files /etc/fail2ban/jail.conf and /etc/fail2ban/jail.local in the end of actions:

	telegram

Remember to use Tab to indent the word telegram. The actions should look like this afterwords:

#
# ACTIONS
#
banaction  = iptables-multiport
protocol   = tcp
chain      = INPUT
action_    = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
           sendmail-whois-lines[name=%(__name__)s, dest=my.name@myemail.com, sender=ncp-fail2ban@ownyourbits.com]
action = %(action_)s
	telegram

3.2 Go to the site:

3.3 Download the file telegram.conf and move it to:

/etc/fail2ban/action.d/

3.4 Download the file send_telegram_notif.sh move it to:

/etc/fail2ban/scripts/

3.5 Modify the file /etc/fail2ban/scripts/send_telegram_notif.sh to add your Token and your Chat ID:

telegramBotToken=**YOUR_BOT_TOKEN**

telegramChatID=**YOUR_CHAT_ID**

3.6 To modify your python script’s permissions and make it executable:

sudo chmod o+x /etc/fail2ban/scripts/send_telegram_notif.sh

3.7 Restart the service to make the changes take effect:

sudo systemctl restart fail2ban

Source and an alternative guide


5 Likes

great howto! thanks @JukkaT .

i just leave a link to apprise here.
( Apprise allows you to send a notification to almost all of the most popular notification services available to us today such as: Telegram, Discord, Slack, Amazon SNS, Gotify, etc.)

would it be possible to use apprise instead of telegram directly? so to make use of “almost all of the most popular notification services”?

2 Likes

Thanks for your comment! That is very interesting. I guess it is possible with apprise but would need some special configurations maybe even scripts. Personally I can’t see any use for sending notifications from my NCP instance to those services at the moment. I’m more interested to add Telegram also as a second factor allternative to NC login. I will look up when I have time.

Also as far as I know Telegram is at the moment the only open source and only android messenger app all together that has properly working notifications on Android 10 without google play services and google push notifications.

But I like your suggestion on that point of view that if there is a lot of use for people to send notifications to those services then it would be very good to implement it even as a part of the NCP apps especially if it would also work to another direction as well, so that you could talk to your cloud. I hope people with more expertise could look in to that.

I’ve been using Telegram for 2fa on my NC for a while.

Thanks you very much! It is very useful :hugs: