#!/bin/bash # # Plugin to monitor SSH # # Parameters understood: # # config (required) # autoconf (optional) # # Made by Sven Breunig ( sven AT breunig DOT be ) # mktempfile () { mktemp -t } AUTH_LOG=${logfile:-/var/log/auth.log} STATEFILE=/var/lib/munin/plugin-state/sshd.offset LOGTAIL=${logtail:-`which logtail`} if [ "$1" = "autoconf" ]; then if [ -f "${AUTH_LOG}" -a -n "${LOGTAIL}" -a -x "${LOGTAIL}" ] ; then echo yes exit 0 else echo no exit 1 fi fi if [ "$1" = "config" ]; then echo 'graph_title SSH Statistics' echo 'graph_order refused invalid accepted' echo 'graph_category security' echo 'graph_vlabel Count' echo 'graph_scale no' ## echo 'graph_args --base 1000 -l 0' echo 'refused.label refused' # echo 'delayed.type DERIVE' echo 'invalid.label invalid' # echo 'passed.type DERIVE' echo 'accepted.label accepted' # echo 'whitelisted.type DERIVE' echo 'failedpass.label Failed password' exit 0 fi refused=0 invalid=0 accepted=0 failed=0 TEMP_FILE=`mktempfile munin-sshd.XXXXXX` if [ -n "$TEMP_FILE" -a -f "$TEMP_FILE" ] then $LOGTAIL ${AUTH_LOG} $STATEFILE | grep 'sshd' > ${TEMP_FILE} refused=`grep -ic 'refused' ${TEMP_FILE}` accepted=`grep -ic 'accepted' ${TEMP_FILE}` invalid=`grep -ic 'invalid user' ${TEMP_FILE}` failed=`grep -ic 'failed password' ${TEMP_FILE}` /bin/rm -f $TEMP_FILE fi echo "refused.value ${refused}" echo "accepted.value ${accepted}" echo "invalid.value ${invalid}" echo "failedpass.value ${failed}"