root / plugins / services / hostdenied @ 942bda31
Historique | Voir | Annoter | Télécharger (4,43 ko)
| 1 | 0dca7e09 | L.Schmidt | #!/bin/bash |
|---|---|---|---|
| 2 | # |
||
| 3 | # Plugin to monitor the number of hosts in /etc/hosts.deny |
||
| 4 | # that are denied access to sshd |
||
| 5 | |||
| 6 | # Copyright (C) 2010 Lothar Schmidt, l.munin@scarydevilmonastery.net |
||
| 7 | # Bushmills on #munin, irc.freenode.net |
||
| 8 | # latest versions on http://scarydevilmonastery.net/munin.cgi |
||
| 9 | # |
||
| 10 | # This program is free software: you can redistribute it and/or modify |
||
| 11 | # it under the terms of the GNU General Public License as published by |
||
| 12 | # the Free Software Foundation, either version 3 of the License, or |
||
| 13 | # (at your option) any later version. |
||
| 14 | # |
||
| 15 | # This program is distributed in the hope that it will be useful, |
||
| 16 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
| 17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
| 18 | # GNU General Public License for more details. |
||
| 19 | # |
||
| 20 | # You should have received a copy of the GNU General Public License |
||
| 21 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
| 22 | # |
||
| 23 | # ------------------------------------------------------------------------------------------------------ |
||
| 24 | # 20100310 v1.01 ls |
||
| 25 | # as threatened, shows now "temperatures" of active hosts.deny lines. Recent additions are |
||
| 26 | # displayed in bright red, turning to blue as older the addition rules are. |
||
| 27 | # This requires denyhosts to add line to hosts.deny in a specific format. Also, times are currently |
||
| 28 | # hardcoded, and not a lot of flexibility adjusting them through parameters. |
||
| 29 | # A line in hosts.deny should come with a comment, looking like: |
||
| 30 | # # DenyHosts: Sat Mar 6 01:11:57 2010 | sshd: 87.101.51.198 |
||
| 31 | # 8 graphs are drawn from that depicting number of rules in 24 h increments. Different colours are |
||
| 32 | # assigned to graphs which are <24h, 24-48h, 48-72h ... old. The last (coldest) graph shows rules |
||
| 33 | # which have been added > 168h ago. |
||
| 34 | # I'm considerering to change age granularity to hours, rather than days, and plot many graphs (64 or 128, |
||
| 35 | # which are nice for colour calculations), showing more of a colour cloud than discernible areas. |
||
| 36 | # The plugin must have permission to read /etc/hosts.deny, of course. |
||
| 37 | # 20100308, v1.0, ls |
||
| 38 | # Will probably add multiple stacked graphs, indicative for addition/removal date of denies, |
||
| 39 | # instead of a boring single area graph. |
||
| 40 | # ------------------------------------------------------------------------------------------------------ |
||
| 41 | |||
| 42 | #%# family=manual |
||
| 43 | #%# capabilities=autoconf |
||
| 44 | |||
| 45 | # ------------------------------------------------------------------------------------------------------ |
||
| 46 | DENY="/etc/hosts.deny" |
||
| 47 | STATEDIR="/var/lib/munin/plugin-state" # directory where plugin can keep their working files |
||
| 48 | NAME="$(basename $0)" # component of naming temporary files |
||
| 49 | STATEFILE="$STATEDIR/$NAME.state" |
||
| 50 | COLOUR=(FF0000 DA0024 B60048 91006D 6D0091 4800B6 2400DA 0000FF) # hot to cold colours |
||
| 51 | # ------------------------------------------------------------------------------------------------------ |
||
| 52 | |||
| 53 | run_autoconf() {
|
||
| 54 | RUN="no" |
||
| 55 | which grep denyhosts basename > /dev/null && RUN="yes" # only run when grep and denyhost are present |
||
| 56 | echo "$RUN" |
||
| 57 | } |
||
| 58 | |||
| 59 | |||
| 60 | run_config() {
|
||
| 61 | cat << EOF |
||
| 62 | graph_title denied sshd access in $DENY |
||
| 63 | graph_args --base 1000 -l 0 |
||
| 64 | graph_vlabel Hosts denied |
||
| 65 | graph_category services |
||
| 66 | age0.label added last 24h |
||
| 67 | age0.draw AREA |
||
| 68 | age0.colour ${COLOUR[0]}
|
||
| 69 | EOF |
||
| 70 | for AGE in {1..7}; do
|
||
| 71 | cat << EOF |
||
| 72 | age${AGE}.label older than $((AGE*24))h
|
||
| 73 | age${AGE}.draw STACK
|
||
| 74 | age${AGE}.colour ${COLOUR[$AGE]}
|
||
| 75 | EOF |
||
| 76 | done |
||
| 77 | } |
||
| 78 | |||
| 79 | |||
| 80 | run_fetch() {
|
||
| 81 | TOTAL=0 |
||
| 82 | NOW=$(date +%s) |
||
| 83 | sed -n 's/^\# DenyHosts: //;s/ | .*//gp' $DENY | # strip all but date |
||
| 84 | while read DATE; do |
||
| 85 | echo $(((NOW - $(date -d "$DATE" +%s))/86400)) # calculate rule age |
||
| 86 | done > $STATEFILE # rather than going through temp file, the age could be |
||
| 87 | for AGE in {0..6} ; do # used to increment an array element with that index.
|
||
| 88 | COUNT="$(grep -c "^$AGE$" $STATEFILE)" # That'd save grepping for counting from temp file. |
||
| 89 | echo "age${AGE}.value $COUNT" # produce values for all but oldest
|
||
| 90 | ((TOTAL+=COUNT)) |
||
| 91 | done |
||
| 92 | echo "age7.value $(($(grep -c . $STATEFILE)-TOTAL))" # all non-printed are older |
||
| 93 | rm $STATEFILE |
||
| 94 | } |
||
| 95 | |||
| 96 | run_${1:-"fetch"}
|
||
| 97 | exit 0 |