Révision f8801b87
[hostdenied] Reverse order of series so new entries are on top
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
| plugins/ssh/hostdenied | ||
|---|---|---|
| 44 | 44 |
|
| 45 | 45 |
# ------------------------------------------------------------------------------------------------------ |
| 46 | 46 |
DENY="/etc/hosts.deny" |
| 47 |
NAME="$(basename $0)" # component of naming temporary files
|
|
| 47 |
NAME="$(basename "$0")" # component of naming temporary files
|
|
| 48 | 48 |
STATEFILE="$MUNIN_PLUGSTATE/$NAME.state" |
| 49 | 49 |
COLOUR=(FF0000 DA0024 B60048 91006D 6D0091 4800B6 2400DA 0000FF) # hot to cold colours |
| 50 | 50 |
# ------------------------------------------------------------------------------------------------------ |
| 51 | 51 |
|
| 52 | 52 |
run_autoconf() {
|
| 53 |
RUN="no" |
|
| 54 |
which grep denyhosts basename > /dev/null && RUN="yes" # only run when grep and denyhost are present
|
|
| 53 |
RUN="no (denyhosts not found)"
|
|
| 54 |
command -v denyhosts > /dev/null && RUN="yes" # only run when denyhosts is present
|
|
| 55 | 55 |
echo "$RUN" |
| 56 | 56 |
} |
| 57 | 57 |
|
| 58 | 58 |
|
| 59 | 59 |
run_config() {
|
| 60 |
cat << EOF |
|
| 60 |
cat << EOF
|
|
| 61 | 61 |
graph_title Hosts denied sshd access |
| 62 | 62 |
graph_info Hosts denied sshd access in $DENY |
| 63 | 63 |
graph_args --base 1000 -l 0 |
| 64 | 64 |
graph_vlabel Hosts denied |
| 65 | 65 |
graph_category security |
| 66 |
age0.label added last 24h |
|
| 67 |
age0.draw AREA |
|
| 68 |
age0.colour ${COLOUR[0]}
|
|
| 69 | 66 |
EOF |
| 70 |
for AGE in {1..7}; do
|
|
| 71 |
cat << EOF |
|
| 72 |
age${AGE}.label older than $((AGE*24))h
|
|
| 73 |
age${AGE}.draw STACK
|
|
| 67 |
for AGE in {7..0}; do
|
|
| 68 |
if [ "${AGE}" = 0 ]; then
|
|
| 69 |
echo "age${AGE}.label added last 24h"
|
|
| 70 |
else |
|
| 71 |
echo "age${AGE}.label older than $((AGE*24))h"
|
|
| 72 |
fi |
|
| 73 |
cat << EOF |
|
| 74 |
age${AGE}.draw AREASTACK
|
|
| 74 | 75 |
age${AGE}.colour ${COLOUR[$AGE]}
|
| 75 | 76 |
EOF |
| 76 | 77 |
done |
| ... | ... | |
| 81 | 82 |
TOTAL=0 |
| 82 | 83 |
NOW=$(date +%s) |
| 83 | 84 |
sed -n 's/^\# DenyHosts: //;s/ | .*//gp' $DENY | # strip all but date |
| 84 |
while read DATE; do |
|
| 85 |
while read -r DATE; do
|
|
| 85 | 86 |
echo $(((NOW - $(date -d "$DATE" +%s))/86400)) # calculate rule age |
| 86 |
done > $STATEFILE # rather than going through temp file, the age could be
|
|
| 87 |
for AGE in {0..6} ; do # used to increment an array element with that index.
|
|
| 88 |
COUNT="$(grep -c "^$AGE$" $STATEFILE)" # That'd save grepping for counting from temp file.
|
|
| 87 |
done > "$STATEFILE" # rather than going through temp file, the age could be
|
|
| 88 |
for AGE in {6..0} ; do # used to increment an array element with that index.
|
|
| 89 |
COUNT="$(grep -c "^$AGE$" "$STATEFILE")" # That'd save grepping for counting from temp file.
|
|
| 89 | 90 |
echo "age${AGE}.value $COUNT" # produce values for all but oldest
|
| 90 | 91 |
((TOTAL+=COUNT)) |
| 91 | 92 |
done |
| 92 |
echo "age7.value $(($(grep -c . $STATEFILE)-TOTAL))" # all non-printed are older
|
|
| 93 |
rm $STATEFILE
|
|
| 93 |
echo "age7.value $(($(grep -c . "$STATEFILE")-TOTAL))" # all non-printed are older
|
|
| 94 |
rm "$STATEFILE"
|
|
| 94 | 95 |
} |
| 95 | 96 |
|
| 96 |
run_${1:-"fetch"}
|
|
| 97 |
run_"${1:-fetch}"
|
|
| 97 | 98 |
exit 0 |
Formats disponibles : Unified diff