Download the latest version of configuration file fail2ban.conf
from the repo.
Put the file here /etc/zabbix/zabbix_agentd.d/fail2ban.conf
or here for zabbix agent 2 /etc/zabbix/zabbix_agentd2.d/fail2ban.conf
Zabbix Agent
wget https://raw.githubusercontent.com/hermanekt/zabbix-fail2ban-discovery-/master/fail2ban.conf -O /etc/zabbix/zabbix_agentd.d/fail2ban.conf
Zabbix Agent 2
wget https://raw.githubusercontent.com/hermanekt/zabbix-fail2ban-discovery-/master/fail2ban.conf -O /etc/zabbix/zabbix_agent2.d/fail2ban.conf
Fail2ban works only with root
by default. We need to grant permission to Zabbix to access the Fail2ban by adding this 2 lines to /etc/sudoers
:
zabbix ALL=NOPASSWD: /usr/bin/fail2ban-client status
zabbix ALL=NOPASSWD: /usr/bin/fail2ban-client status *
Then apply new sudoers and zabbix agent setting
/etc/init.d/sudo restart
/etc/init.d/zabbix-agent restart
OR
/etc/init.d/sudo restart
/etc/init.d/zabbix-agend restart
If you have systemd, please use this correct command.
systemctl restart zabbix-agent
OR
systemctl restart zabbix-agent2
Zabbix Agent
root@server:~$ sudo -u zabbix zabbix_agent -c /etc/zabbix/zabbix_agent.conf -t fail2ban.discovery
fail2ban.discovery [s|{"data":[{"{#JAIL}":"imapd"}, {"{#JAIL}":"sendmail-reject"}, {"{#JAIL}":"sshd"}, {"{#JAIL}":"wordpress"}]}]
root@server:~$ sudo -u zabbix zabbix_agent -c /etc/zabbix/zabbix_agent.conf -t fail2ban.status['sshd']
fail2ban.status[sshd] [s|191]
Zabbix Agent 2
root@server:~$ sudo -u zabbix zabbix_agent2 -c /etc/zabbix/zabbix_agent2.conf -t fail2ban.discovery
fail2ban.discovery [s|{"data":[{"{#JAIL}":"imapd"}, {"{#JAIL}":"sendmail-reject"}, {"{#JAIL}":"sshd"}, {"{#JAIL}":"wordpress"}]}]
root@server:~$ sudo -u zabbix zabbix_agent2 -c /etc/zabbix/zabbix_agent2.conf -t fail2ban.status['sshd']
fail2ban.status[sshd] [s|191]
The response above with list of jails means that everything works fine.