/plugins/other/sshd_log - Annoter - Munin contributed plugins - Koumbit's Redmine

4ab213e1

Artem Sheremet

#!/bin/sh

2

3

# Plugin to monitor auth.log for sshd server events.

4

5

# Require read permitions for $LOG

6

#  (set in /etc/munin/plugin-conf.d/munin-node on debian)

7

# On busy servers you can change value type to COUNTER and set min to 0 to avoid minus peaks at logrotate

8

9

# $Log$

10

# Revision 1.2  2010/03/19 15:03:00  pmoranga

11

# Revision 1.1  2009/04/26 23:28:00  ckujau

12

# Revision 1.0  2009/04/22 22:00:00  zlati

13

# Initial revision

14

15

# Parameters:

16

17

#       config   (required)

18

#       autoconf (optional - used by munin-config)

19

20

# Magick markers (optional):

21

#%# family=auto

22

#%# capabilities=autoconf

23

24

# config example for /etc/munin/plugin-conf.d/munin-node

25

#[sshd_log]

26

#user root

27

#group root

28

#env.logfile /var/log/messages

29

#env.category users

30

31

32

LOG=${logfile:-/var/log/secure}

33

CATEGORY=${category:-system}

34

35

36

if [ "$1" = "autoconf" ]; then

37

        if [ -r "$LOG" ]; then

38

                echo yes

39

                exit 0

40

        else

41

                echo no

42

                exit 1

43

fi

44

fi

45

46

if [ "$1" = "config" ]; then

47

48

        echo 'graph_title SSHD login stats from' $LOG

49

        echo 'graph_args --base 1000 -l 0'

50

        echo 'graph_vlabel logins'

51

        echo 'graph_category' $CATEGORY

52

53

        echo 'LogPass.label Successful password logins'

54

        echo 'LogPassPAM.label Successful login via PAM'

55

        echo 'LogKey.label Successful PublicKey logins'

56

        echo 'NoID.label No identification from user'

57

        echo 'rootAttempt.label Root login attempts'

58

        echo 'InvUsr.label Invalid user login attepmts'

59

        echo 'NoRDNS.label No reverse DNS for peer'

60

        echo 'Breakin.label Potential Breakin Attempts'

61

        exit 0

62

fi

63

64

awk 'BEGIN{c["LogPass"]=0;c["LogKey"]=0;c["NoID"]=0;c["rootAttempt"]=0;c["InvUsr"]=0;c["LogPassPAM"]=0;c["Breakin"]=0;c["NoRDNS"]=0; }

65

     /sshd\[.*Accepted password for/{c["LogPass"]++}

66

     /sshd\[.*Accepted publickey for/{c["LogKey"]++}

67

     /sshd\[.*Did not receive identification string/{c["NoID"]++}

68

     /sshd\[.*Failed password for root/{c["rootAttempt"]++}

69

     /sshd\[.*Invalid user/{c["InvUsr"]++}

70

     /sshd\[.*POSSIBLE BREAK-IN ATTEMPT!/{c["Breakin"]++}

71

     /sshd\[.*keyboard-interactive\/pam/{c["LogPassPAM"]++}

72

     /sshd\[.*reverse mapping checking getaddrinfo/{c["NoRDNS"]++}a

73

     END{for(i in c){print i".value " c[i]} }' < $LOG

Projet

Général

Profil

Munin contributed plugins

root / plugins / other / sshd_log @ d112f623