Merge b3c038e119 into 333f105675

2026-06-27 19:21:04 +00:00 · 2026-06-10 02:57:19 +01:00 · 2026-06-10 02:57:19 +01:00 · d49ca5aa34
commit d49ca5aa34
parent 333f105675 b3c038e119
2 changed files with 69 additions and 0 deletions
--- a/1
+++ b/1
@ -124,6 +124,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
 * `filter.d/vaultwarden.conf` - new filter and jail for Vaultwarden (gh-3979)
 * `filter.d/xrdp.conf` - new filter for XRDP, an open source RDP server (gh-3254)
 * `fail2ban-regex` extended with new option `-i` or `--invert` to output not-matched lines by `-o` or `--out` (gh-4001)
+* `action.d/arxignis.conf` - Integrate with Arxignis Signal API.


 ver. 1.1.0 (2024/04/25) - object-found--norad-59479-cospar-2024-069a--altitude-36267km
--- a/config/action.d/arxignis.conf
+++ b/config/action.d/arxignis.conf
@ -0,0 +1,68 @@
+#
+# Arxignis API action file for Fail2Ban
+#
+# IMPORTANT
+#
+# Please set jail.local's permission to 640 because it contains your Arxignis API token.
+#
+# This action depends on curl (and optionally jq).
+#
+# To get your Arxignis API token, visit your Arxignis dashboard.
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = curl -s -o /dev/null -X POST https://api.arxignis.com/v1/signal \
+            -H 'Content-Type: application/json' \
+            -H 'Authorization: Bearer <axtoken>' \
+            -d '[{"type":"access_rules","action":"block","ip":"<ip>","expiration":<expiration>,"description":"Fail2Ban <name>","name":"Fail2Ban"}]'
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# Note: Arxignis unban implementation depends on the API endpoint for removing rules.
+# If the API supports DELETE or a similar method, update this accordingly.
+actionunban = curl -s -o /dev/null -X POST https://api.arxignis.com/v1/signal \
+              -H 'Content-Type: application/json' \
+              -H 'Authorization: Bearer <axtoken>' \
+              -d '[{"type":"access_rules","action":"unblock","ip":"<ip>","expiration":0,"description":"Fail2Ban unban <name>","name":"Fail2Ban"}]'
+
+[Init]
+
+# Your Arxignis API Bearer token
+axtoken =
+
+# Expiration time
+expiration = <bantime>
+