Skip to content
GitLab
Explorer
Connexion
Navigation principale
Rechercher ou aller à…
Projet
nagios-plugin
Gestion
Activité
Membres
Labels
Programmation
Tickets
Tableaux des tickets
Jalons
Code
Requêtes de fusion
Dépôt
Branches
Validations
Étiquettes
Graphe du dépôt
Comparer les révisions
Analyse
Données d'analyse des chaînes de valeur
Analyse des contributeurs
Données d'analyse du dépôt
Aide
Aide
Support
Documentation de GitLab
Comparer les forfaits GitLab
Forum de la communauté GitLab
Contribuer à GitLab
Donner votre avis
Raccourcis clavier
?
Extraits de code
Groupes
Projets
Afficher davantage de fils d'Ariane
Le Filament
nagios-plugin
Validations
09018dbd
Valider
09018dbd
rédigé
Il y a 2 ans
par
Théo - Le Filament
Parcourir les fichiers
Options
Téléchargements
Correctifs
Plain Diff
feat: fail2ban check script
parent
c5ee243d
Branches
Branches contenant la validation
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
Modifications
1
Afficher les modifications d'espaces
En ligne
Côte à côte
Affichage de
1 fichier modifié
check_fail2ban.sh
+95
-0
95 ajouts, 0 suppression
check_fail2ban.sh
avec
95 ajouts
et
0 suppression
check_fail2ban.sh
0 → 100755
+
95
−
0
Voir le fichier @
09018dbd
#!/bin/bash
# Default threshold values.
ips_threshold_warning
=
20
ips_threshold_critical
=
40
print_help
()
{
echo
"usage:
${
0
}
[OPTIONS] <jails>"
echo
"options:"
echo
-e
" -c, --critical <ips count>
\t\t
critical threshold values for IP count"
echo
-e
" -h, --help
\t\t\t\t
print this help"
echo
-e
" -w, --warning <ips count>
\t\t
warning threshold values for IP count"
}
[[
$#
-lt
1
]]
&&
(
echo
"err: <jails> argument missing"
;
exit
2
)
while
[[
$#
-gt
1
]]
;
do
case
"
$1
"
in
-c
|
--critical
)
ips_threshold_critical
=
$(
/usr/bin/awk
'{print +$1}'
<
(
echo
$2
)
)
shift
1
;;
-w
|
--warning
)
ips_threshold_warning
=
$(
/usr/bin/awk
'{print +$1}'
<
(
echo
$2
)
)
shift
1
;;
-h
|
--help
)
print_help
exit
0
;;
*
)
echo
"err: failed to parse argument '
$1
'."
exit
1
;;
esac
shift
1
done
jails
=
$1
# Format data.
output
=
''
perf
=
''
ips_scale
=
";
${
ips_threshold_warning
}
;
${
ips_threshold_critical
}
;0;100"
# Is fail2ban service active.
if
/bin/systemctl is-active fail2ban.service 1>/dev/null 2>&1
;
then
output+
=
"OK: fail2ban service is active
\n
"
else
output+
=
"NOK: fail2ban is inactive
\n
"
fi
# Is fail2ban running.
if
sudo
/usr/bin/fail2ban-client ping 1>/dev/null 2>&1
;
then
output+
=
"OK: fail2ban is running
\n
"
fail2ban_is_running
=
true
else
output+
=
"NOK: fail2ban is not running
\n
"
fail2ban_is_running
=
false
fi
all_jail_stats
=
$(
sudo
/usr/bin/fail2ban-client banned |
tr
"'"
'"'
| python3
-c
"import collections, json, sys; banned=json.load(sys.stdin); print('
\n
'.join([f'{name},{len(ips)}' for jails in banned for name, ips in jails.items()]))"
)
# IP address banned count for expected jails.
for
jail
in
${
jails
//,/
}
;
do
if
jail_stats
=
$(
grep
"
$jail
"
<
(
echo
"
$all_jail_stats
"
)
)
;
then
jail_name
=
$(
/usr/bin/awk
-F
','
'{print $1}'
<
(
echo
$jail_stats
)
)
if
[[
"
$jail_name
"
==
"
$jail
"
]]
;
then
jail_ips
=
$(
/usr/bin/awk
-F
','
'{print +$2}'
<
(
echo
$jail_stats
)
)
status
=
'OK'
[[
${
jail_ips
}
-ge
$ips_threshold_warning
]]
&&
status
=
'WARNING'
[[
${
jail_ips
}
-ge
$ips_threshold_critical
]]
&&
status
=
'CRITICAL'
output+
=
"
${
status
}
:
${
jail
}
jail hold
${
jail_ips
}
IP address
\n
"
perf+
=
"
${
jail_name
}
=
${
jail_ips
}${
ips_scale
}
"
continue
fi
fi
output+
=
"NOK:
${
jail
}
jail is missing
\n
"
done
# Nagios OK status.
exit_code
=
0
# Nagios WARNING status.
grep
--quiet
'WARNING:'
<
(
echo
$output
)
&&
exit_code
=
1
# Nagios CRITICAL status.
grep
--quiet
'NOK:\|CRITICAL:'
<
(
echo
$output
)
&&
exit_code
=
2
# Plugin output.
echo
"
${
output
%
'\n'
}
|
${
perf
%
' '
}
"
exit
$exit_code
Ce diff est replié.
Cliquez pour l'agrandir.
Aperçu
0%
Chargement en cours
Veuillez réessayer
ou
joindre un nouveau fichier
.
Annuler
You are about to add
0
people
to the discussion. Proceed with caution.
Terminez d'abord l'édition de ce message.
Enregistrer le commentaire
Annuler
Veuillez vous
inscrire
ou vous
se connecter
pour commenter