2
0
mirror of https://github.com/munin-monitoring/contrib.git synced 2018-11-08 00:59:34 +01:00
contrib-munin/plugins/system/auth

120 lines
2.8 KiB
Plaintext
Raw Normal View History

#!/bin/bash
2007-05-11 16:04:51 +02:00
#
# A Munin Plugin to show auth stuff
# Created by Dominik Schulz <lkml@ds.gauner.org>
# http://developer.gauner.org/munin/
# Based on a work of "jintxo"
#
# Parameters understood:
#
# config (required)
# autoconf (optional - used by munin-config)
#
#
# Magic markers (optional - used by munin-config and installation
# scripts):
#
#%# family=auto
#%# capabilities=autoconf
#############################
# Configuration
#############################
MAXLABEL=20
STAT_FILE=/var/lib/munin/plugin-state/plugin-auth.state
EXPR_BIN=/usr/bin/expr
#############################
if [ "$1" = "autoconf" ]; then
echo yes
exit 0
fi
if [ "$1" = "config" ]; then
echo 'graph_title Auth Log Parser'
echo 'graph_args --base 1000 -l 0'
echo 'graph_vlabel Daily Auth Counters'
echo 'graph_category system'
echo 'illegal_user.label Illegal User'
echo 'possible_breakin.label Breakin Attempt'
echo 'authentication_failure.label Authentication Fail'
echo 'valid_login.label Valid Login'
exit 0
fi
#############################
# Initialization
#############################
if [ ! -r $STAT_FILE ]; then
echo "ILL=0" > $STAT_FILE
echo "POS=0" >> $STAT_FILE
echo "AUT=0" >> $STAT_FILE
echo "VAL=0" >> $STAT_FILE
fi
TODAY="`date '+%b'` `date '+%d' | sed 's/0\([0-9]\)/ \1/'`"
2007-05-11 16:04:51 +02:00
#############################
#############################
# Illegal User
#############################
echo -en "illegal_user.value "
NEW_ILL=$(grep "Illegal user\|no such user" /var/log/auth.log | grep "^$TODAY" | wc -l)
2007-05-11 16:04:51 +02:00
OLD_ILL=$(grep ILL $STAT_FILE | cut -f2 -d '=')
ILL=$($EXPR_BIN $NEW_ILL - $OLD_ILL)
if [ $ILL -gt 0 ]; then
echo "$ILL"
else
echo "0"
fi
echo -n
#############################
# Possible Breakins
#############################
echo -en "possible_breakin.value "
NEW_POS=$(grep -i "breakin attempt" /var/log/auth.log | grep "^$TODAY" | wc -l)
2007-05-11 16:04:51 +02:00
OLD_POS=$(grep POS $STAT_FILE | cut -f2 -d '=')
POS=$($EXPR_BIN $NEW_POS - $OLD_POS)
if [ $POS -gt 0 ]; then
echo "$POS"
else
echo "0"
fi
echo -n
#############################
# Authentication Failures
#############################
echo -en "authentication_failure.value "
NEW_AUT=$(grep "authentication failure" /var/log/auth.log | grep "^$TODAY" | wc -l)
2007-05-11 16:04:51 +02:00
OLD_AUT=$(grep AUT $STAT_FILE | cut -f2 -d '=')
AUT=$($EXPR_BIN $NEW_AUT - $OLD_AUT)
if [ $AUT -gt 0 ]; then
echo "$AUT"
else
echo "0"
fi
echo -n
#############################
# Valid Logins
#############################
echo -en "valid_login.value "
NEW_VAL=$(grep "sshd.*Accepted" /var/log/auth.log | grep "^$TODAY" | wc -l)
2007-05-11 16:04:51 +02:00
OLD_VAL=$(grep VAL $STAT_FILE | cut -f2 -d '=')
VAL=$($EXPR_BIN $NEW_VAL - $OLD_VAL)
if [ $VAL -gt 0 ]; then
echo "$VAL"
else
echo "0"
fi
echo -n
###
# Save the current values
###
echo "ILL=$NEW_ILL" > $STAT_FILE
echo "POS=$NEW_POS" >> $STAT_FILE
echo "AUT=$NEW_AUT" >> $STAT_FILE
echo "VAL=$NEW_VAL" >> $STAT_FILE