#!/bin/bash
#
# Plugin to monitor SSH
#
# Parameters understood:
#
# 	config   (required)
# 	autoconf (optional)
#
# Made by Sven Breunig ( sven AT breunig DOT be )
#

mktempfile () {
mktemp -t 
}       

AUTH_LOG=${logfile:-/var/log/auth.log}
STATEFILE=$MUNIN_PLUGSTATE/sshd.offset
LOGTAIL=${logtail:-`which logtail`}

if [ "$1" = "autoconf" ]; then
        if [ -f "${AUTH_LOG}"  -a -n "${LOGTAIL}" -a -x "${LOGTAIL}" ] ; then
		echo yes
		exit 0
	else
		echo no
		exit 1
	fi
fi

if [ "$1" = "config" ]; then
	echo 'graph_title SSH Statistics'
	echo 'graph_order refused invalid accepted'
	echo 'graph_category security'
	echo 'graph_vlabel Count'
	echo 'graph_scale no'

##	echo 'graph_args --base 1000 -l 0'
	echo 'refused.label refused'
#	echo 'delayed.type DERIVE'
	echo 'invalid.label invalid'
#	echo 'passed.type DERIVE'
	echo 'accepted.label accepted'
#	echo 'whitelisted.type DERIVE'
	echo 'failedpass.label Failed password'
        exit 0
fi


refused=0
invalid=0
accepted=0
failed=0

TEMP_FILE=`mktempfile munin-sshd.XXXXXX`

if [ -n "$TEMP_FILE" -a -f "$TEMP_FILE" ]
then
	$LOGTAIL ${AUTH_LOG} $STATEFILE | grep 'sshd' > ${TEMP_FILE}

	refused=`grep -ic 'refused' ${TEMP_FILE}`
	accepted=`grep -ic 'accepted' ${TEMP_FILE}` 
	invalid=`grep -ic 'invalid user' ${TEMP_FILE}`
	failed=`grep -ic 'failed password' ${TEMP_FILE}`

	/bin/rm -f $TEMP_FILE
fi

echo "refused.value ${refused}"
echo "accepted.value ${accepted}"
echo "invalid.value ${invalid}"
echo "failedpass.value ${failed}"