Intruder Alert
Intruder Alert is an event dashboard for Fail2ban.
Demo
A demo is available and is built from the latest commit on the main brach.
Installation
docker-compose
Show/hide details
```yaml version: '3' services: app: image: ghcr.io/verifiedjoseph/intruder-alert:1.19.8 container_name: intruder-alert environment: - IA_TIMEZONE=Europe/London - IA_SYSTEM_LOG_TIMEZONE=UTC - IA_MAXMIND_LICENSE_KEY= - IA_LOG_FOLDER=/app/backend/data/logs volumes: - path/to/fail2ban.log:/app/backend/data/logs/fail2ban.log:ro - path/to/fail2ban.log.1:/app/backend/data/logs/fail2ban.log.1:ro - path/to/fail2ban.log.2.gz:/app/backend/data/logs/fail2ban.log.2.gz:ro - path/to/fail2ban.log.3.gz:/app/backend/data/logs/fail2ban.log.3.gz:ro - path/to/fail2ban.log.4.gz:/app/backend/data/logs/fail2ban.log.4.gz:ro ports: - '127.0.0.1:8080:8080' security_opt: - no-new-privileges:true ```Manually
Show/hide install details
1) Download the [latest release](https://github.com/VerifiedJoseph/intruder-alert/releases/latest) to your web server and extract the zip archive. 2) Configure the application using `backend/config.php` copied from [`backend/config.example.php`](backend/config.example.php). ``` cp backend/config.example.php backend/config.php ``` 3) Create a scheduled task with cron (below) or similar that runs `backend\cron.php` at least once an hour. ``` 1 * * * * php path/to/intruder-alert/backend/cron.php ``` **Notes** The backend folder does not need to be reachable in the browser and access should blocked. The scheduled task needs to run as root or a user with permission to read the fail2ban logs.Configuration
Environment variables are used to adjust the configuration.
| Name | Type | Description |
|---|---|---|
IA_LOG_PATHS |
string |
Comma separated list of Fail2ban log files. |
IA_LOG_FOLDER |
string |
Path of the Fail2ban logs folder. Ignored when IA_LOG_PATHS is set. |
IA_MAXMIND_LICENSE_KEY |
string |
MaxMind license key for GeoLite2 database downloads. |
IA_ASN_DATABASE |
string |
Path of the GeoLite2 ASN database file. Ignored when IA_MAXMIND_LICENSE_KEY is set. |
IA_COUNTRY_DATABASE |
string |
Path of the GeoLite2 Country database file. Ignored when IA_MAXMIND_LICENSE_KEY is set. |
IA_TIMEZONE |
string |
Timezone to use in the dashboard. (php docs) |
IA_SYSTEM_LOG_TIMEZONE |
string |
Timezone of fail2ban logs. Required when using the docker image. Use the timezone of the host system. |
IA_VERBOSE |
boolean |
Enable additional logging for debugging. |
IA_DASH_CHARTS |
boolean |
Enable/disable dashboard charts. (optional, charts are enabled by default) |
IA_DASH_UPDATES |
boolean |
Enable/disable automatically updating the dashboard with new events. (optional, updates are enabled by default) |
IA_DASH_DAEMON_LOG |
boolean |
Enable/disable displaying daemon log in the dashboard. (optional, log viewer is enabled by default) |
IA_DASH_DEFAULT_CHART |
string |
Override default chart displayed in the dashboard. Optional. Supported values: 24hours, 48hours, 14days, 30days |
IA_DASH_PAGE_SIZE |
int |
Override default table page size in the dashboard. Optional. Supported values: 25, 50, 100, 200, 500 |
GeoLite2 databases
GeoLite2 databases will be automatically downloaded and updated if a MaxMind license key is set with IA_MAXMIND_LICENSE_KEY.
Alternatively, the databases can be manually downloaded and set using the environment variables IA_ASN_DATABASE and IA_COUNTRY_DATABASE.
Development
Clone the repository.
git clone https://github.com/VerifiedJoseph/intruder-alertInstall PHP dependencies with composer.
composer installInstall JavaScript dependencies with npm.
npm installStart esbuild watcher
npm run watchCommands
Show/hide commands
Lint code: ``` composer lint npm run lint ``` Fix code: ``` composer fix npm run fix ``` Build code: ``` npm run build ``` Live code build: ``` npm run watch ``` Test code: ``` composer test ```Dependencies
- PHP
- JavaScript
Requirements
- PHP >= 8.2
- Composer
- Node.js >= 18.0 (development only)
Changelog
All notable changes to this project are documented in the CHANGELOG.
License
MIT License. Please see LICENSE for more information.