munin-plugins/extern/fail2ban_
2021-10-17 16:50:59 +02:00

145 lines
2.9 KiB
Bash

#!/bin/bash
: <<=cut
=head1 NAME
fail2ban - Plugin to monitor fail2ban blacklists
=head1 APPLICABLE SYSTEMS
All systems with "bash" and "fail2ban"
=head1 CONFIGURATION
The following is the default configuration
[fail2ban]
env.client /usr/bin/fail2ban-client
env.config_dir /etc/fail2ban
The user running this plugin needs read and write access to the
fail2ban communications socket. You will need to add this:
[fail2ban]
user root
=head1 INTERPRETATION
This plugin shows a graph with one line per active fail2ban jail, each
showing the number of blacklisted addresses for that jail.
In addition, a line with the total number of blacklisted addresses is
displayed.
=head1 MAGIC MARKERS
#%# family=auto
#%# capabilities=autoconf
=head1 VERSION
1.0.20090423
=head1 BUGS
Needs bash, due zo using bashisms to avoid running external programs.
=head1 AUTHOR
Stig Sandbeck Mathisen <ssm@fnord.no>
=head1 LICENSE
GPLv2
=cut
##############################
# Configurable variables
client=${client:-/usr/bin/fail2ban-client}
config_dir=${config_dir:-/etc/fail2ban}
##############################
# Functions
# Run fail2ban
run_fail2ban() {
"$client" -c "$config_dir" "$@"
}
# List jails, one on each line
list_jails() {
run_fail2ban status | while read -r line; do
case $line in
*'Jail list:'*)
line="${line##*Jail list*:}"
line="${line//[ $'\t']/}"
if [ -n "$line" ]; then echo "${line//,/$'\n'}"; fi
;;
esac
done
}
# Print the munin values
values() {
list_jails | while read -r jail; do
run_fail2ban status "$jail" | while read -r line; do
case $line in
*'Currently banned'*)
line="${line##*Currently banned:}"
num="${line//[ $'\t']/}"
echo "${jail//[^0-9A-Za-z]/_}.value $num"
;;
esac
done
done
}
# Print the munin config
config() {
echo 'graph_title Hosts blacklisted by fail2ban'
echo 'graph_info This graph shows the number of host blacklisted by fail2ban'
echo 'graph_category network'
echo 'graph_vlabel Number of hosts'
echo 'graph_args --base 1000 -l 0'
echo 'graph_total total'
list_jails | while read -r jail; do
echo "${jail//[^0-9A-Za-z]/_}.label $jail"
done
}
# Print autoconfiguration hint
autoconf() {
if [ -e "$client" ]; then
if [ -x "$client" ]; then
if run_fail2ban ping >/dev/null; then
echo "yes"
else
echo "no (fail2ban-server does not respond to ping)"
fi
else
echo "no (${client} is not executable)"
fi
else
echo "no (${client} not found)"
fi
exit
}
##############################
# Main
case $1 in
config)
config
;;
autoconf)
autoconf
;;
*)
values
;;
esac