From 1f80b89301fbc9ce6cf0c3cd68a64ee01f28a319 Mon Sep 17 00:00:00 2001
From: tex <unknown@munin-monitoring.org>
Date: Fri, 11 May 2007 16:04:51 +0200
Subject: [PATCH] Initial version

---
 plugins/other/auth | 117 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 117 insertions(+)
 create mode 100755 plugins/other/auth

diff --git a/plugins/other/auth b/plugins/other/auth
new file mode 100755
index 00000000..9cfec818
--- /dev/null
+++ b/plugins/other/auth
@@ -0,0 +1,117 @@
+#!/bin/sh
+# 
+# A Munin Plugin to show auth stuff
+# Created by Dominik Schulz <lkml@ds.gauner.org>
+# http://developer.gauner.org/munin/
+# Based on a work of "jintxo"
+#
+# Parameters understood:
+#
+# 	config   (required)
+# 	autoconf (optional - used by munin-config)
+#
+#
+# Magic markers (optional - used by munin-config and installation
+# scripts):
+#
+#%# family=auto
+#%# capabilities=autoconf
+
+
+#############################
+# Configuration
+#############################
+MAXLABEL=20
+STAT_FILE=/var/lib/munin/plugin-state/plugin-auth.state
+EXPR_BIN=/usr/bin/expr
+#############################
+
+if [ "$1" = "autoconf" ]; then
+	echo yes
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+
+	echo 'graph_title Auth Log Parser'
+	echo 'graph_args --base 1000 -l 0'
+	echo 'graph_vlabel Daily Auth Counters'
+	echo 'graph_category system'
+	echo 'illegal_user.label Illegal User'
+	echo 'possible_breakin.label Breakin Attempt'
+	echo 'authentication_failure.label Authentication Fail'
+	echo 'valid_login.label Valid Login'
+	exit 0
+fi
+
+#############################
+# Initialization
+#############################
+if [ ! -r $STAT_FILE ]; then
+	echo "ILL=0" > $STAT_FILE
+	echo "POS=0" >> $STAT_FILE
+	echo "AUT=0" >> $STAT_FILE
+	echo "VAL=0" >> $STAT_FILE
+fi
+#############################
+
+#############################
+# Illegal User
+#############################
+echo -en "illegal_user.value "
+NEW_ILL=$(grep "Illegal user\|no such user" /var/log/auth.log | grep "`date '+%b %d'`" | wc -l)
+OLD_ILL=$(grep ILL $STAT_FILE | cut -f2 -d '=')
+ILL=$($EXPR_BIN $NEW_ILL - $OLD_ILL)
+if [ $ILL -gt 0 ]; then
+	echo "$ILL"
+else
+	echo "0"
+fi
+echo -n
+#############################
+# Possible Breakins
+#############################
+echo -en "possible_breakin.value "
+NEW_POS=$(grep -i "breakin attempt" /var/log/auth.log | grep "`date '+%b %d'`" | wc -l)
+OLD_POS=$(grep POS $STAT_FILE | cut -f2 -d '=')
+POS=$($EXPR_BIN $NEW_POS - $OLD_POS)
+if [ $POS -gt 0 ]; then
+	echo "$POS"
+else
+	echo "0"
+fi
+echo -n
+#############################
+# Authentication Failures
+#############################
+echo -en "authentication_failure.value "
+NEW_AUT=$(grep "authentication failure" /var/log/auth.log | grep "`date '+%b %d'`" | wc -l)
+OLD_AUT=$(grep AUT $STAT_FILE | cut -f2 -d '=')
+AUT=$($EXPR_BIN $NEW_AUT - $OLD_AUT)
+if [ $AUT -gt 0 ]; then
+	echo "$AUT"
+else
+	echo "0"
+fi
+echo -n
+#############################
+# Valid Logins
+#############################
+echo -en "valid_login.value "
+NEW_VAL=$(grep "sshd.*Accepted" /var/log/auth.log | grep "`date '+%b %d'`" | wc -l)
+OLD_VAL=$(grep VAL $STAT_FILE | cut -f2 -d '=')
+VAL=$($EXPR_BIN $NEW_VAL - $OLD_VAL)
+if [ $VAL -gt 0 ]; then
+	echo "$VAL"
+else
+	echo "0"
+fi
+echo -n
+###
+# Save the current values
+###
+echo "ILL=$NEW_ILL" > $STAT_FILE
+echo "POS=$NEW_POS" >> $STAT_FILE
+echo "AUT=$NEW_AUT" >> $STAT_FILE
+echo "VAL=$NEW_VAL" >> $STAT_FILE
+