root / plugins / system / auth @ 17f78427
Historique | Voir | Annoter | Télécharger (2,79 ko)
| 1 |
#!/bin/bash |
|---|---|
| 2 |
# |
| 3 |
# A Munin Plugin to show auth stuff |
| 4 |
# Created by Dominik Schulz <lkml@ds.gauner.org> |
| 5 |
# http://developer.gauner.org/munin/ |
| 6 |
# Based on a work of "jintxo" |
| 7 |
# |
| 8 |
# Parameters understood: |
| 9 |
# |
| 10 |
# config (required) |
| 11 |
# autoconf (optional - used by munin-config) |
| 12 |
# |
| 13 |
# |
| 14 |
# Magic markers (optional - used by munin-config and installation |
| 15 |
# scripts): |
| 16 |
# |
| 17 |
#%# family=auto |
| 18 |
#%# capabilities=autoconf |
| 19 |
|
| 20 |
|
| 21 |
############################# |
| 22 |
# Configuration |
| 23 |
############################# |
| 24 |
MAXLABEL=20 |
| 25 |
STAT_FILE=$MUNIN_PLUGSTATE/plugin-auth.state |
| 26 |
EXPR_BIN=/usr/bin/expr |
| 27 |
############################# |
| 28 |
|
| 29 |
if [ "$1" = "autoconf" ]; then |
| 30 |
echo yes |
| 31 |
exit 0 |
| 32 |
fi |
| 33 |
|
| 34 |
if [ "$1" = "config" ]; then |
| 35 |
|
| 36 |
echo 'graph_title Auth Log Parser' |
| 37 |
echo 'graph_args --base 1000 -l 0' |
| 38 |
echo 'graph_vlabel Daily Auth Counters' |
| 39 |
echo 'graph_category auth' |
| 40 |
echo 'illegal_user.label Illegal User' |
| 41 |
echo 'possible_breakin.label Breakin Attempt' |
| 42 |
echo 'authentication_failure.label Authentication Fail' |
| 43 |
echo 'valid_login.label Valid Login' |
| 44 |
exit 0 |
| 45 |
fi |
| 46 |
|
| 47 |
############################# |
| 48 |
# Initialization |
| 49 |
############################# |
| 50 |
if [ ! -r $STAT_FILE ]; then |
| 51 |
echo "ILL=0" > $STAT_FILE |
| 52 |
echo "POS=0" >> $STAT_FILE |
| 53 |
echo "AUT=0" >> $STAT_FILE |
| 54 |
echo "VAL=0" >> $STAT_FILE |
| 55 |
fi |
| 56 |
|
| 57 |
TODAY="`date '+%b'` `date '+%d' | sed 's/0\([0-9]\)/ \1/'`" |
| 58 |
############################# |
| 59 |
|
| 60 |
############################# |
| 61 |
# Illegal User |
| 62 |
############################# |
| 63 |
echo -en "illegal_user.value " |
| 64 |
NEW_ILL=$(grep "Illegal user\|no such user" /var/log/auth.log | grep "^$TODAY" | wc -l) |
| 65 |
OLD_ILL=$(grep ILL $STAT_FILE | cut -f2 -d '=') |
| 66 |
ILL=$($EXPR_BIN $NEW_ILL - $OLD_ILL) |
| 67 |
if [ $ILL -gt 0 ]; then |
| 68 |
echo "$ILL" |
| 69 |
else |
| 70 |
echo "0" |
| 71 |
fi |
| 72 |
echo -n |
| 73 |
############################# |
| 74 |
# Possible Breakins |
| 75 |
############################# |
| 76 |
echo -en "possible_breakin.value " |
| 77 |
NEW_POS=$(grep -i "breakin attempt" /var/log/auth.log | grep "^$TODAY" | wc -l) |
| 78 |
OLD_POS=$(grep POS $STAT_FILE | cut -f2 -d '=') |
| 79 |
POS=$($EXPR_BIN $NEW_POS - $OLD_POS) |
| 80 |
if [ $POS -gt 0 ]; then |
| 81 |
echo "$POS" |
| 82 |
else |
| 83 |
echo "0" |
| 84 |
fi |
| 85 |
echo -n |
| 86 |
############################# |
| 87 |
# Authentication Failures |
| 88 |
############################# |
| 89 |
echo -en "authentication_failure.value " |
| 90 |
NEW_AUT=$(grep "authentication failure" /var/log/auth.log | grep "^$TODAY" | wc -l) |
| 91 |
OLD_AUT=$(grep AUT $STAT_FILE | cut -f2 -d '=') |
| 92 |
AUT=$($EXPR_BIN $NEW_AUT - $OLD_AUT) |
| 93 |
if [ $AUT -gt 0 ]; then |
| 94 |
echo "$AUT" |
| 95 |
else |
| 96 |
echo "0" |
| 97 |
fi |
| 98 |
echo -n |
| 99 |
############################# |
| 100 |
# Valid Logins |
| 101 |
############################# |
| 102 |
echo -en "valid_login.value " |
| 103 |
NEW_VAL=$(grep "sshd.*Accepted" /var/log/auth.log | grep "^$TODAY" | wc -l) |
| 104 |
OLD_VAL=$(grep VAL $STAT_FILE | cut -f2 -d '=') |
| 105 |
VAL=$($EXPR_BIN $NEW_VAL - $OLD_VAL) |
| 106 |
if [ $VAL -gt 0 ]; then |
| 107 |
echo "$VAL" |
| 108 |
else |
| 109 |
echo "0" |
| 110 |
fi |
| 111 |
echo -n |
| 112 |
### |
| 113 |
# Save the current values |
| 114 |
### |
| 115 |
echo "ILL=$NEW_ILL" > $STAT_FILE |
| 116 |
echo "POS=$NEW_POS" >> $STAT_FILE |
| 117 |
echo "AUT=$NEW_AUT" >> $STAT_FILE |
| 118 |
echo "VAL=$NEW_VAL" >> $STAT_FILE |
| 119 |
|