From d0a1fa6029c8bf77fe9768f381e254493631f36e Mon Sep 17 00:00:00 2001
From: Daniel Stein <danielmarianstein@yahoo.com>
Date: Wed, 10 Jan 2018 13:34:44 +0100
Subject: [PATCH] Fail2ban example added

---
 examples/README.md                |  1 +
 examples/fail2ban-notification.md | 17 +++++++++++
 examples/pusher.conf              | 51 +++++++++++++++++++++++++++++++
 3 files changed, 69 insertions(+)
 create mode 100644 examples/fail2ban-notification.md
 create mode 100644 examples/pusher.conf

diff --git a/examples/README.md b/examples/README.md
index 9ae1197..525582a 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -6,3 +6,4 @@ This is a collection of examples how you can user pusher. Feel free to contact m
 ## Server
 
 - [Notification on SSH login](https://github.com/HackHerz/pusher/blob/master/examples/ssh-notification.md)
+- [Notification for fail2ban](https://github.com/HackHerz/pusher/blob/master/examples/fail2ban-notification.md)
diff --git a/examples/fail2ban-notification.md b/examples/fail2ban-notification.md
new file mode 100644
index 0000000..372bc81
--- /dev/null
+++ b/examples/fail2ban-notification.md
@@ -0,0 +1,17 @@
+# Notification for fail2ban
+
+Copy [pusher.conf](https://github.com/HackHerz/pusher/blob/master/examples/pusher.conf) to **/etc/fail2ban/action.d/** and insert this snippet in your *jail.local*.
+
+```
+[ssh]
+
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /var/log/auth.log
+maxretry = 6
+action = pusher[name=ssh, dest=ONQ]
+```
+
+
+Example is for SSH and change ONQ to your own Device-ID.
diff --git a/examples/pusher.conf b/examples/pusher.conf
new file mode 100644
index 0000000..9ff8e68
--- /dev/null
+++ b/examples/pusher.conf
@@ -0,0 +1,51 @@
+# Fail2Ban configuration file
+#
+# author: hackherz
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = /usr/local/bin/pusher -i <dest> "[Fail2Ban] <name>: started  on `uname -n`"
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = /usr/local/bin/pusher -i <dest> "[Fail2Ban] <name>: stopped on `uname -n`"
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = /usr/local/bin/pusher -i <dest> "[Fail2Ban] <name>: banned <ip> from `uname -n`"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = default # change this to your default device id
+