2014-10-04 21:04:24 +02:00
|
|
|
#!/bin/bash
|
2007-05-11 16:04:51 +02:00
|
|
|
#
|
|
|
|
# A Munin Plugin to show auth stuff
|
|
|
|
# Created by Dominik Schulz <lkml@ds.gauner.org>
|
|
|
|
# http://developer.gauner.org/munin/
|
|
|
|
# Based on a work of "jintxo"
|
|
|
|
#
|
|
|
|
# Parameters understood:
|
|
|
|
#
|
|
|
|
# config (required)
|
|
|
|
# autoconf (optional - used by munin-config)
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# Magic markers (optional - used by munin-config and installation
|
|
|
|
# scripts):
|
|
|
|
#
|
|
|
|
#%# family=auto
|
|
|
|
#%# capabilities=autoconf
|
|
|
|
|
|
|
|
|
|
|
|
#############################
|
|
|
|
# Configuration
|
|
|
|
#############################
|
|
|
|
MAXLABEL=20
|
|
|
|
STAT_FILE=/var/lib/munin/plugin-state/plugin-auth.state
|
|
|
|
EXPR_BIN=/usr/bin/expr
|
|
|
|
#############################
|
|
|
|
|
|
|
|
if [ "$1" = "autoconf" ]; then
|
|
|
|
echo yes
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$1" = "config" ]; then
|
|
|
|
|
|
|
|
echo 'graph_title Auth Log Parser'
|
|
|
|
echo 'graph_args --base 1000 -l 0'
|
|
|
|
echo 'graph_vlabel Daily Auth Counters'
|
|
|
|
echo 'graph_category system'
|
|
|
|
echo 'illegal_user.label Illegal User'
|
|
|
|
echo 'possible_breakin.label Breakin Attempt'
|
|
|
|
echo 'authentication_failure.label Authentication Fail'
|
|
|
|
echo 'valid_login.label Valid Login'
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
#############################
|
|
|
|
# Initialization
|
|
|
|
#############################
|
|
|
|
if [ ! -r $STAT_FILE ]; then
|
|
|
|
echo "ILL=0" > $STAT_FILE
|
|
|
|
echo "POS=0" >> $STAT_FILE
|
|
|
|
echo "AUT=0" >> $STAT_FILE
|
|
|
|
echo "VAL=0" >> $STAT_FILE
|
|
|
|
fi
|
2013-06-09 13:49:08 +02:00
|
|
|
|
|
|
|
TODAY="`date '+%b'` `date '+%d' | sed 's/0\([0-9]\)/ \1/'`"
|
2007-05-11 16:04:51 +02:00
|
|
|
#############################
|
|
|
|
|
|
|
|
#############################
|
|
|
|
# Illegal User
|
|
|
|
#############################
|
|
|
|
echo -en "illegal_user.value "
|
2013-06-09 13:49:08 +02:00
|
|
|
NEW_ILL=$(grep "Illegal user\|no such user" /var/log/auth.log | grep "^$TODAY" | wc -l)
|
2007-05-11 16:04:51 +02:00
|
|
|
OLD_ILL=$(grep ILL $STAT_FILE | cut -f2 -d '=')
|
|
|
|
ILL=$($EXPR_BIN $NEW_ILL - $OLD_ILL)
|
|
|
|
if [ $ILL -gt 0 ]; then
|
|
|
|
echo "$ILL"
|
|
|
|
else
|
|
|
|
echo "0"
|
|
|
|
fi
|
|
|
|
echo -n
|
|
|
|
#############################
|
|
|
|
# Possible Breakins
|
|
|
|
#############################
|
|
|
|
echo -en "possible_breakin.value "
|
2013-06-09 13:49:08 +02:00
|
|
|
NEW_POS=$(grep -i "breakin attempt" /var/log/auth.log | grep "^$TODAY" | wc -l)
|
2007-05-11 16:04:51 +02:00
|
|
|
OLD_POS=$(grep POS $STAT_FILE | cut -f2 -d '=')
|
|
|
|
POS=$($EXPR_BIN $NEW_POS - $OLD_POS)
|
|
|
|
if [ $POS -gt 0 ]; then
|
|
|
|
echo "$POS"
|
|
|
|
else
|
|
|
|
echo "0"
|
|
|
|
fi
|
|
|
|
echo -n
|
|
|
|
#############################
|
|
|
|
# Authentication Failures
|
|
|
|
#############################
|
|
|
|
echo -en "authentication_failure.value "
|
2013-06-09 13:49:08 +02:00
|
|
|
NEW_AUT=$(grep "authentication failure" /var/log/auth.log | grep "^$TODAY" | wc -l)
|
2007-05-11 16:04:51 +02:00
|
|
|
OLD_AUT=$(grep AUT $STAT_FILE | cut -f2 -d '=')
|
|
|
|
AUT=$($EXPR_BIN $NEW_AUT - $OLD_AUT)
|
|
|
|
if [ $AUT -gt 0 ]; then
|
|
|
|
echo "$AUT"
|
|
|
|
else
|
|
|
|
echo "0"
|
|
|
|
fi
|
|
|
|
echo -n
|
|
|
|
#############################
|
|
|
|
# Valid Logins
|
|
|
|
#############################
|
|
|
|
echo -en "valid_login.value "
|
2013-06-09 13:49:08 +02:00
|
|
|
NEW_VAL=$(grep "sshd.*Accepted" /var/log/auth.log | grep "^$TODAY" | wc -l)
|
2007-05-11 16:04:51 +02:00
|
|
|
OLD_VAL=$(grep VAL $STAT_FILE | cut -f2 -d '=')
|
|
|
|
VAL=$($EXPR_BIN $NEW_VAL - $OLD_VAL)
|
|
|
|
if [ $VAL -gt 0 ]; then
|
|
|
|
echo "$VAL"
|
|
|
|
else
|
|
|
|
echo "0"
|
|
|
|
fi
|
|
|
|
echo -n
|
|
|
|
###
|
|
|
|
# Save the current values
|
|
|
|
###
|
|
|
|
echo "ILL=$NEW_ILL" > $STAT_FILE
|
|
|
|
echo "POS=$NEW_POS" >> $STAT_FILE
|
|
|
|
echo "AUT=$NEW_AUT" >> $STAT_FILE
|
|
|
|
echo "VAL=$NEW_VAL" >> $STAT_FILE
|
|
|
|
|