Skip to content

VerifiedJoseph/intruder-alert

Repository files navigation

Intruder Alert

Latest Version Software License Codecov

Intruder Alert is an event dashboard for Fail2ban.

screenshot

More screenshots

Demo

A demo is available and is built from the latest commit on the main brach.

Installation

docker-compose

Show/hide details
version: '3'

services:
  app:
    image: ghcr.io/verifiedjoseph/intruder-alert:1.20.0
    container_name: intruder-alert
    environment:
      - IA_TIMEZONE=Europe/London
      - IA_SYSTEM_LOG_TIMEZONE=UTC
      - IA_MAXMIND_LICENSE_KEY=
      - IA_LOG_FOLDER=/app/backend/data/logs
    volumes:
      - path/to/fail2ban.log:/app/backend/data/logs/fail2ban.log:ro
      - path/to/fail2ban.log.1:/app/backend/data/logs/fail2ban.log.1:ro
      - path/to/fail2ban.log.2.gz:/app/backend/data/logs/fail2ban.log.2.gz:ro
      - path/to/fail2ban.log.3.gz:/app/backend/data/logs/fail2ban.log.3.gz:ro
      - path/to/fail2ban.log.4.gz:/app/backend/data/logs/fail2ban.log.4.gz:ro
    ports:
      - '127.0.0.1:8080:8080'
    security_opt:
      - no-new-privileges:true

Manually

Show/hide install details
  1. Download the latest release to your web server and extract the zip archive.

  2. Configure the application using backend/config.php copied from backend/config.example.php.

    cp backend/config.example.php backend/config.php
    
  3. Create a scheduled task with cron (below) or similar that runs backend\cron.php at least once an hour.

    1 * * * * php path/to/intruder-alert/backend/cron.php
    

Notes

The backend folder does not need to be reachable in the browser and access should blocked.

The scheduled task needs to run as root or a user with permission to read the fail2ban logs.

Configuration

Environment variables are used to adjust the configuration.

Name Type Description
IA_LOG_PATHS string Comma separated list of Fail2ban log files.
IA_LOG_FOLDER string Path of the Fail2ban logs folder.
Ignored when IA_LOG_PATHS is set.
IA_MAXMIND_LICENSE_KEY string MaxMind license key for GeoLite2 database downloads.
IA_ASN_DATABASE string Path of the GeoLite2 ASN database file.
Ignored when IA_MAXMIND_LICENSE_KEY is set.
IA_COUNTRY_DATABASE string Path of the GeoLite2 Country database file.
Ignored when IA_MAXMIND_LICENSE_KEY is set.
IA_TIMEZONE string Timezone to use in the dashboard. (php docs)
IA_SYSTEM_LOG_TIMEZONE string Timezone of fail2ban logs. Required when using the docker image.
Use the timezone of the host system.
IA_VERBOSE boolean Enable additional logging for debugging.
IA_DASH_CHARTS boolean Enable/disable dashboard charts.
(optional, charts are enabled by default)
IA_DASH_UPDATES boolean Enable/disable automatically updating the dashboard with new events. (optional, updates are enabled by default)
IA_DASH_DAEMON_LOG boolean Enable/disable displaying daemon log in the dashboard.
(optional, log viewer is enabled by default)
IA_DASH_DEFAULT_CHART string Override default chart displayed in the dashboard. Optional.
Supported values: 24hours, 48hours, 14days, 30days
IA_DASH_PAGE_SIZE int Override default table page size in the dashboard. Optional.
Supported values: 25, 50, 100, 200, 500

GeoLite2 databases

GeoLite2 databases will be automatically downloaded and updated if a MaxMind license key is set with IA_MAXMIND_LICENSE_KEY.

Alternatively, the databases can be manually downloaded and set using the environment variables IA_ASN_DATABASE and IA_COUNTRY_DATABASE.

Development

Clone the repository.

git clone https://github.com/VerifiedJoseph/intruder-alert

Install PHP dependencies with composer.

composer install

Install JavaScript dependencies with npm.

npm install

Start esbuild watcher

npm run watch

Commands

Show/hide commands

Lint code:

composer lint
npm run lint

Fix code:

composer fix
npm run fix

Build code:

npm run build

Live code build:

npm run watch

Test code:

composer test

Dependencies

Requirements

  • PHP >= 8.2
  • Composer
  • Node.js >= 18.0 (development only)

Changelog

All notable changes to this project are documented in the CHANGELOG.

License

MIT License. Please see LICENSE for more information.