mirror of
https://github.com/munin-monitoring/contrib.git
synced 2018-11-08 00:59:34 +01:00
92 lines
2.4 KiB
Plaintext
92 lines
2.4 KiB
Plaintext
|
#!/usr/bin/python
|
||
|
#
|
||
|
# Plugin to monitor fail2ban blacklists.
|
||
|
# Parses iptables output. Must be run as a user that may do such. Probably root.
|
||
|
#
|
||
|
# Requires: python, probably 2.3 or so :)
|
||
|
#
|
||
|
# Written by Lasse Karstensen <lasse.karstensen@gmail.com> September 2007.
|
||
|
# Parameters understood:
|
||
|
# config (required)
|
||
|
# autoconf (optional)
|
||
|
#
|
||
|
#%# family=auto
|
||
|
#%# capabilities=autoconf
|
||
|
|
||
|
libdir="/usr/share/fail2ban"
|
||
|
iptablesbin="/sbin/iptables"
|
||
|
|
||
|
import sys, os, ConfigParser
|
||
|
|
||
|
|
||
|
def get_fail2ban_checks(configfile="/etc/fail2ban.conf"):
|
||
|
confReader = ConfigParser.ConfigParser()
|
||
|
confReader.read(configfile)
|
||
|
res = []
|
||
|
for section in confReader.sections():
|
||
|
# basic configuration, not essential for us so we skip it.
|
||
|
if section in ["MAIL"]:
|
||
|
continue
|
||
|
if confReader.has_option(section, "enabled"):
|
||
|
val = confReader.get(section, "enabled")
|
||
|
if val.lower() == "true":
|
||
|
res.append(section)
|
||
|
return res
|
||
|
|
||
|
def list_iptables(chain):
|
||
|
global iptablesbin
|
||
|
cmd = "%s -n -L fail2ban-%s" % (iptablesbin, chain)
|
||
|
num = 0
|
||
|
for line in os.popen(cmd):
|
||
|
line = line.strip()
|
||
|
if line.split()[0] == "DROP":
|
||
|
num = num + 1
|
||
|
return num
|
||
|
|
||
|
def print_config():
|
||
|
# noisy
|
||
|
print 'graph_title Fail2ban blacklist'
|
||
|
print 'graph_info This graph shows the number of host blocked by fail2ban.'
|
||
|
print 'graph_category network'
|
||
|
print 'graph_vlabel Count'
|
||
|
|
||
|
print 'graph_args --base 1000 -l 0'
|
||
|
print 'graph_total total'
|
||
|
|
||
|
for checkname in get_fail2ban_checks():
|
||
|
checkname_sane = checkname_sanitize(checkname)
|
||
|
print '%s.label Rules in chain %s' % (checkname_sane, checkname_sane)
|
||
|
print '%s.min 0' % checkname_sane
|
||
|
|
||
|
def checkname_sanitize(name):
|
||
|
new = ""
|
||
|
from string import digits, letters
|
||
|
for char in name:
|
||
|
if char not in letters+digits:
|
||
|
new += "_"
|
||
|
else:
|
||
|
new += char
|
||
|
return new
|
||
|
|
||
|
def main():
|
||
|
if len(sys.argv) > 1 and sys.argv[1] == "autoconf":
|
||
|
if os.path.isdir(libdir):
|
||
|
print "yes"
|
||
|
sys.exit(0)
|
||
|
else:
|
||
|
print "no"
|
||
|
sys.exit(1)
|
||
|
|
||
|
sys.path.append(libdir)
|
||
|
if len(sys.argv) > 1 and sys.argv[1] == "config":
|
||
|
print_config()
|
||
|
sys.exit(0)
|
||
|
|
||
|
for checkname in get_fail2ban_checks():
|
||
|
num = list_iptables(checkname)
|
||
|
print "%s.value %s" % (checkname_sanitize(checkname), num)
|
||
|
|
||
|
|
||
|
if __name__ == "__main__":
|
||
|
main()
|