Intruder Alert is an event dashboard for Fail2ban.
A demo is available and is built from the latest commit on the main
brach.
Show/hide details
version: '3'
services:
app:
image: ghcr.io/verifiedjoseph/intruder-alert:1.20.0
container_name: intruder-alert
environment:
- IA_TIMEZONE=Europe/London
- IA_SYSTEM_LOG_TIMEZONE=UTC
- IA_MAXMIND_LICENSE_KEY=
- IA_LOG_FOLDER=/app/backend/data/logs
volumes:
- path/to/fail2ban.log:/app/backend/data/logs/fail2ban.log:ro
- path/to/fail2ban.log.1:/app/backend/data/logs/fail2ban.log.1:ro
- path/to/fail2ban.log.2.gz:/app/backend/data/logs/fail2ban.log.2.gz:ro
- path/to/fail2ban.log.3.gz:/app/backend/data/logs/fail2ban.log.3.gz:ro
- path/to/fail2ban.log.4.gz:/app/backend/data/logs/fail2ban.log.4.gz:ro
ports:
- '127.0.0.1:8080:8080'
security_opt:
- no-new-privileges:true
Show/hide install details
-
Download the latest release to your web server and extract the zip archive.
-
Configure the application using
backend/config.php
copied frombackend/config.example.php
.cp backend/config.example.php backend/config.php
-
Create a scheduled task with cron (below) or similar that runs
backend\cron.php
at least once an hour.1 * * * * php path/to/intruder-alert/backend/cron.php
Notes
The backend folder does not need to be reachable in the browser and access should blocked.
The scheduled task needs to run as root or a user with permission to read the fail2ban logs.
Environment variables are used to adjust the configuration.
Name | Type | Description |
---|---|---|
IA_LOG_PATHS |
string |
Comma separated list of Fail2ban log files. |
IA_LOG_FOLDER |
string |
Path of the Fail2ban logs folder. Ignored when IA_LOG_PATHS is set. |
IA_MAXMIND_LICENSE_KEY |
string |
MaxMind license key for GeoLite2 database downloads. |
IA_ASN_DATABASE |
string |
Path of the GeoLite2 ASN database file. Ignored when IA_MAXMIND_LICENSE_KEY is set. |
IA_COUNTRY_DATABASE |
string |
Path of the GeoLite2 Country database file. Ignored when IA_MAXMIND_LICENSE_KEY is set. |
IA_TIMEZONE |
string |
Timezone to use in the dashboard. (php docs) |
IA_SYSTEM_LOG_TIMEZONE |
string |
Timezone of fail2ban logs. Required when using the docker image. Use the timezone of the host system. |
IA_VERBOSE |
boolean |
Enable additional logging for debugging. |
IA_DASH_CHARTS |
boolean |
Enable/disable dashboard charts. (optional, charts are enabled by default) |
IA_DASH_UPDATES |
boolean |
Enable/disable automatically updating the dashboard with new events. (optional, updates are enabled by default) |
IA_DASH_DAEMON_LOG |
boolean |
Enable/disable displaying daemon log in the dashboard. (optional, log viewer is enabled by default) |
IA_DASH_DEFAULT_CHART |
string |
Override default chart displayed in the dashboard. Optional. Supported values: 24hours , 48hours , 14days , 30days |
IA_DASH_PAGE_SIZE |
int |
Override default table page size in the dashboard. Optional. Supported values: 25 , 50 , 100 , 200 , 500 |
GeoLite2 databases will be automatically downloaded and updated if a MaxMind license key is set with IA_MAXMIND_LICENSE_KEY
.
Alternatively, the databases can be manually downloaded and set using the environment variables IA_ASN_DATABASE
and IA_COUNTRY_DATABASE
.
Clone the repository.
git clone https://github.com/VerifiedJoseph/intruder-alert
Install PHP dependencies with composer.
composer install
Install JavaScript dependencies with npm.
npm install
Start esbuild watcher
npm run watch
Show/hide commands
Lint code:
composer lint
npm run lint
Fix code:
composer fix
npm run fix
Build code:
npm run build
Live code build:
npm run watch
Test code:
composer test
- PHP
- JavaScript
- PHP >= 8.2
- Composer
- Node.js >= 18.0 (development only)
All notable changes to this project are documented in the CHANGELOG.
MIT License. Please see LICENSE for more information.