[network/hostsdeny] Refactor to support any blocked service

The HostDenied field is renamed to ssh. To preserve existing data, # cd /var/lib/munin/example.net # mv hostname-hostsdeny-HostsDenied-g.rrd hostname-hostsdeny-sshd-g.rrd This refactor incidentally also fixes a bug where empty or commented-out lines where also counted. Signed-off-by: Olivier Mehani <shtrom@ssji.net>
2019-10-09 23:15:37 +11:00 · 2019-10-09 23:15:37 +11:00 · cfe070ea38
parent e926acaf5f
commit cfe070ea38
2 changed files with 32 additions and 12 deletions
--- a/plugins/network/hostsdeny
+++ b/plugins/network/hostsdeny
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh -eu
 #
 # Plugin to monitor the number of hosts in /etc/hosts.deny
 # that are deined access to sshd
@ -6,6 +6,9 @@
 # Based on denyhosts plugin by tjansson (2009)
 #
 # Copyright (C) 2009 Kåre Hartvig Jensen (kaare.hartvig.jensen@gmail.com)
+# Copyright (C) 2019 Olivier Mehani <shtrom+munin@ssji.net>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -20,25 +23,43 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
+LOG=${LOG:-/etc/hosts.deny}

-if [ "$1" = "autoconf" ]; then
-        if [ -r "$LOG" ]; then
+if [ "${MUNIN_DEBUG:-0}" = 1 ]; then
+    set -x
+fi
+
+if [ "${1:-}" = "autoconf" ]; then
+        if [ -r "${LOG}" ]; then
                echo yes
        else
-                echo no
+		echo "no (${LOG} not readable or non-existent)"
        fi
        exit 0
 fi

-if [ "$1" = "config" ]; then
+COUNTS=$(sed -n 's/^\([^#]\+\):.*/\1/p' "${LOG}" \
+	| sort \
+	| uniq -c \
+	| sed "s/^.*\s\([0-9]\+\)\s\(.*\)/\2.value \1/"
+	)

-        echo 'graph_title Hosts denied sshd access'
-        echo 'graph_info Hosts denied sshd access in /etc/hosts.deny'
+if [ "${1:-}" = "config" ]; then
+
+        echo 'graph_title Hosts denied access'
+        echo "graph_info Hosts denied access in ${LOG}"
        echo 'graph_args --base 1000 -l 0'
        echo 'graph_vlabel Hosts denied '
-        echo 'graph_category system'
-        echo 'HostsDenied.label Hosts denied'
-        exit 0
+        echo 'graph_category security'
+	# Assume we always have SSH
+        echo 'sshd.label sshd'
+        echo 'sshd.draw AREA'
+	echo "${COUNTS}" \
+		| sed '/ssh/d; # skip ssh
+		       s/^\([^\.]\+\)\..*/\1.label \1\n\1.draw STACK/'
+	if [ "${MUNIN_DIRTYCONFIG:-0}" != 1 ]; then
+		exit 0
+	fi
 fi

-echo HostsDenied.value  `cat /etc/hosts.deny | grep sshd | wc -l`
+echo "${COUNTS}"
--- a/t/test-exception-wrapper.expected-failures
+++ b/t/test-exception-wrapper.expected-failures
@ -223,7 +223,6 @@ plugins/network/ethtool_
 plugins/network/fwbuilder_
 plugins/network/hfsc
 plugins/network/hfsc_sep
-plugins/network/hostsdeny
 plugins/network/host_traffic
 plugins/network/if1sec_
 plugins/network/ifem_