2
0
mirror of https://github.com/munin-monitoring/contrib.git synced 2018-11-08 00:59:34 +01:00
contrib-munin/plugins/ssh/sshd_invalid_countries

87 lines
2.8 KiB
Plaintext
Raw Normal View History

2010-12-24 13:27:15 +01:00
#!/usr/bin/php
<?php
# Plugin to monitor the number of invalid access to sshd per country
#
# Require read permitions for SYSLOG
# ref) ls -l /var/log/secure
# Require PEAR library Net_GeoIP
# ref) http://pear.php.net/package/Net_GeoIP/redirected
# Require GeoIP-database to find out the geolocation from ip or host
# ref) http://www.maxmind.com/app/geoip_country
#
# Parameters:
# config (required)
# autoconf (optional - used by munin-config)
#
# $Log$
# Revision 1.0 2010/12/23 23:55:01 hirata yoshiyuki
# released.
#
# Magick markers (optional):
#%# family=auto
#%# capabilities=autoconf
#
# config example for /etc/munin/plugin-conf.d/munin-node
#[sshd_invalid_countries]
#user root
#group root
#env.logfile /var/log/secure
#env.geoip /home/you/GeoIP.dat
#env.peardir /usr/share/pear/
require (isset($_SERVER['peardir']) && $_SERVER['peardir'] != '' ? $_SERVER['peardir'] : '') . 'Net/GeoIP.php';
define('SYSLOG', isset($_SERVER['syslog']) && $_SERVER['syslog'] != '' ? $_SERVER['syslog'] : '/var/log/secure');
define('GEOIP_DB', isset($_SERVER['geoip']) && $_SERVER['geoip'] != '' ? $_SERVER['geoip'] : 'GeoIP.dat');
define('AWK_CMD', 'awk \'/sshd\[.*Did not receive identification string/{print $12} ' .
'/sshd\[.*Failed password for (root|ROOT)/{print $11} ' .
'/sshd\[.*Invalid user/{print $10}a\' < ' . SYSLOG);
if (isset($argv[1]) && $argv[1] == 'autoconf') {
$fh = @fopen(SYSLOG, 'r');
if ($fh) {
echo "yes\n";
fclose($fh);
exit(0);
} else {
echo "no\n";
exit(1);
}
}
if (isset($argv[1]) && $argv[1] == 'config') {
echo 'graph_title SSHD invalid countries from ' . SYSLOG . "\n";
echo 'graph_args --base 1000 -l 0' . "\n";
echo 'graph_vlabel number of invalid access per country' . "\n";
echo 'graph_category security' . "\n";
2010-12-24 13:27:15 +01:00
echo 'graph_info This graph shows the countries of invalid access to sshd.' . "\n";
foreach (get_sshd_invalid_countries() as $country => $cnt) {
echo $country . '.label ' . $country . "\n";
}
exit(0);
}
foreach (get_sshd_invalid_countries() as $country => $cnt) {
echo $country . '.value ' . $cnt . "\n";
}
function get_sshd_invalid_countries() {
$countries = array();
exec(AWK_CMD, $wholeips, $ret);
if ($ret != 0) return $countries;
$uniqueips = array_count_values($wholeips);
$GeoIP = Net_GeoIP::getInstance(GEOIP_DB);
foreach ($uniqueips as $ip => $cnt) {
try {
$country = $GeoIP->lookupCountryName($ip);
$countries[$country] = isset($countries[$country]) ? $countries[$country] + $cnt : $cnt;
} catch (Exception $e) {
$countries['Unknown'] = isset($countries['Unknown']) ? $countries['Unknown'] + $cnt : $cnt;
}
}
ksort($countries);
return $countries;
}