Fail2Ban开启邮件告警

1.先让Linux能使用如下命令发送邮件  [CentOS7 使用SMTP发送邮件](/project-3/doc-45/ "CentOS7 使用SMTP发送邮件")
`echo 邮件正文 | mailx -s "标题" test@localnetwork.cn`
2.Fail2Ban功能正常开启 [CentOS7上安装 Fail2Ban防SSH爆破](/project-3/doc-44/ "CentOS7上安装 Fail2Ban防SSH爆破")

3.添加邮件告警
修改/etc/fail2ban/jail.local文件内容如下

```bash
[root@local_www fail2ban]# vim jail.local

[DEFAULT]
ignoreip = 192.168.56.2/24
bantime  = 21600
findtime  = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd
destemail = ****@qq.com
sender = test@localnetwork.cn
mta = mail
protocol=tcp
action = %(action_mw)s

[sshd]
enabled = true
logpath = %(sshd_log)s
backend = %(sshd_backend)s

```
destemail = 接收报警的邮件地址
sender = 发送者邮件地址

### 配置fail2ban发邮件提醒
新增邮件格式配置
`vim /etc/fail2ban/action.d/mail-whois.conf`
```bash
[INCLUDES]
before = mail-whois-common.conf
[Definition]
actioncheck =
actionban = printf %%b "警告!!!\n
            攻击者IP：<ip>\n
            被攻击机器名：`uname -n` \n
            被攻击机器IP：`/bin/curl ifconfig.co` \n
            攻击服务：<name> \n
            攻击次数：<failures> 次 \n
            攻击方法：暴力破解，尝试弱口令.\n
            该IP：<ip>已经被Fail2Ban加入防火墙黑名单,屏蔽时间5分钟.\n\n
            以下是攻击者 <ip>信息 :\n
            `/bin/curl http://www.cip.cc/<ip>`\n\n
            Fail2Ban邮件提醒\n\n "|/bin/mailx -s "服务器:<name>服务疑似遭到<ip>暴力攻击." <dest>
actionunban =
[Init]
name = default
dest = root
```
重载配置即可生效
`fail2ban-client reload`

参考：
[Centos7安装Fail2Ban并利用163邮箱发送邮件提醒功能](https://www.58jb.com/html/centos7_fail2ban.html "Centos7安装Fail2Ban并利用163邮箱发送邮件提醒功能")