mirror of
https://github.com/munin-monitoring/contrib.git
synced 2018-11-08 00:59:34 +01:00
91 lines
2.4 KiB
Python
Executable file
91 lines
2.4 KiB
Python
Executable file
#!/usr/bin/python
|
|
#
|
|
# Plugin to monitor fail2ban blacklists.
|
|
# Parses iptables output. Must be run as a user that may do such. Probably root.
|
|
#
|
|
# Requires: python, probably 2.3 or so :)
|
|
#
|
|
# Written by Lasse Karstensen <lasse.karstensen@gmail.com> September 2007.
|
|
# Parameters understood:
|
|
# config (required)
|
|
# autoconf (optional)
|
|
#
|
|
#%# family=auto
|
|
#%# capabilities=autoconf
|
|
|
|
libdir="/usr/share/fail2ban"
|
|
iptablesbin="/sbin/iptables"
|
|
|
|
import sys, os, ConfigParser
|
|
|
|
|
|
def get_fail2ban_checks(configfile="/etc/fail2ban.conf"):
|
|
confReader = ConfigParser.ConfigParser()
|
|
confReader.read(configfile)
|
|
res = []
|
|
for section in confReader.sections():
|
|
# basic configuration, not essential for us so we skip it.
|
|
if section in ["MAIL"]:
|
|
continue
|
|
if confReader.has_option(section, "enabled"):
|
|
val = confReader.get(section, "enabled")
|
|
if val.lower() == "true":
|
|
res.append(section)
|
|
return res
|
|
|
|
def list_iptables(chain):
|
|
global iptablesbin
|
|
cmd = "%s -n -L fail2ban-%s" % (iptablesbin, chain)
|
|
num = 0
|
|
for line in os.popen(cmd):
|
|
line = line.strip()
|
|
if line.split()[0] == "DROP":
|
|
num = num + 1
|
|
return num
|
|
|
|
def print_config():
|
|
# noisy
|
|
print 'graph_title Fail2ban blacklist'
|
|
print 'graph_info This graph shows the number of host blocked by fail2ban.'
|
|
print 'graph_category network'
|
|
print 'graph_vlabel Count'
|
|
|
|
print 'graph_args --base 1000 -l 0'
|
|
print 'graph_total total'
|
|
|
|
for checkname in get_fail2ban_checks():
|
|
checkname_sane = checkname_sanitize(checkname)
|
|
print '%s.label Rules in chain %s' % (checkname_sane, checkname_sane)
|
|
print '%s.min 0' % checkname_sane
|
|
|
|
def checkname_sanitize(name):
|
|
new = ""
|
|
from string import digits, letters
|
|
for char in name:
|
|
if char not in letters+digits:
|
|
new += "_"
|
|
else:
|
|
new += char
|
|
return new
|
|
|
|
def main():
|
|
if len(sys.argv) > 1 and sys.argv[1] == "autoconf":
|
|
if os.path.isdir(libdir):
|
|
print "yes"
|
|
sys.exit(0)
|
|
else:
|
|
print "no"
|
|
sys.exit(1)
|
|
|
|
sys.path.append(libdir)
|
|
if len(sys.argv) > 1 and sys.argv[1] == "config":
|
|
print_config()
|
|
sys.exit(0)
|
|
|
|
for checkname in get_fail2ban_checks():
|
|
num = list_iptables(checkname)
|
|
print "%s.value %s" % (checkname_sanitize(checkname), num)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|