FastNetMon could call notify script which calls when DDoS arrives. You could use it for integration with third-part applications or monitoring systems. We do not recommend using this script for new production installations. Please use JSON based scripts instead: Python callback script and Perl callback script.
We use mail tool, please install it before:
sudo apt-get install -y bsd-mailx
Example script provided below will send email to address specified inside script:
#!/usr/bin/env bash
# This script will get following parameters:
# $1 client_ip_as_string
# $2 data_direction
# $3 pps_as_string
# $4 action (ban or unban)
email_notify="root,please_fix_this_email@domain.ru"
if [ "$4" = "unban" ]; then
# No details arrived to stdin here
# Unban actions if used
exit 0
fi
#
# For ban action we will receive attack details to stdin
#
# Please do not remove "cat" command because
# FastNetMon will crash in this case (it expect read of data from script side).
#
if [ "$4" = "ban" ]; then
cat | mail -s "FastNetMon Guard: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
# You can add ban code here
exit 0
fi
Please put it to file /usr/local/bin/notify_script.bash
And set executable bit for it:
sudo chmod +x /usr/local/bin/notify_script.bash
Then open example notify script with favourite editor and specify your email in field: “email_notify”.
Then try to run it manually for ban action:
echo ban_details | /usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 ban
And try to run it manually for unban (we do not have details in this case):
/usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 unban
You should receive example emails in both cases.
From FastNetMon side you need to apply following configuration:
sudo fcli set main notify_script_enabled enable sudo fcli set main notify_script_path /usr/local/bin/notify_script.bash sudo fcli set main notify_script_format text sudo fcli commit