From 4ab213e16620157165a90fab91c76e99d296a8d3 Mon Sep 17 00:00:00 2001 From: Artem Sheremet Date: Sat, 15 Sep 2012 17:32:20 +0300 Subject: [PATCH] sshd_log: CRLF to LF (bad interp. error) --- plugins/other/sshd_log | 146 ++++++++++++++++++++--------------------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/plugins/other/sshd_log b/plugins/other/sshd_log index 0021291d..ea84ae2c 100755 --- a/plugins/other/sshd_log +++ b/plugins/other/sshd_log @@ -1,73 +1,73 @@ -#!/bin/sh -# -# Plugin to monitor auth.log for sshd server events. -# -# Require read permitions for $LOG -# (set in /etc/munin/plugin-conf.d/munin-node on debian) -# On busy servers you can change value type to COUNTER and set min to 0 to avoid minus peaks at logrotate -# -# $Log$ -# Revision 1.2 2010/03/19 15:03:00 pmoranga -# Revision 1.1 2009/04/26 23:28:00 ckujau -# Revision 1.0 2009/04/22 22:00:00 zlati -# Initial revision -# -# Parameters: -# -# config (required) -# autoconf (optional - used by munin-config) -# -# Magick markers (optional): -#%# family=auto -#%# capabilities=autoconf - -# config example for /etc/munin/plugin-conf.d/munin-node -#[sshd_log] -#user root -#group root -#env.logfile /var/log/messages -#env.category users -# - -LOG=${logfile:-/var/log/secure} -CATEGORY=${category:-system} - - -if [ "$1" = "autoconf" ]; then - if [ -r "$LOG" ]; then - echo yes - exit 0 - else - echo no - exit 1 - fi -fi - -if [ "$1" = "config" ]; then - - echo 'graph_title SSHD login stats from' $LOG - echo 'graph_args --base 1000 -l 0' - echo 'graph_vlabel logins' - echo 'graph_category' $CATEGORY - - echo 'LogPass.label Successful password logins' - echo 'LogPassPAM.label Successful login via PAM' - echo 'LogKey.label Successful PublicKey logins' - echo 'NoID.label No identification from user' - echo 'rootAttempt.label Root login attempts' - echo 'InvUsr.label Invalid user login attepmts' - echo 'NoRDNS.label No reverse DNS for peer' - echo 'Breakin.label Potential Breakin Attempts' - exit 0 -fi - -awk 'BEGIN{c["LogPass"]=0;c["LogKey"]=0;c["NoID"]=0;c["rootAttempt"]=0;c["InvUsr"]=0;c["LogPassPAM"]=0;c["Breakin"]=0;c["NoRDNS"]=0; } - /sshd\[.*Accepted password for/{c["LogPass"]++} - /sshd\[.*Accepted publickey for/{c["LogKey"]++} - /sshd\[.*Did not receive identification string/{c["NoID"]++} - /sshd\[.*Failed password for root/{c["rootAttempt"]++} - /sshd\[.*Invalid user/{c["InvUsr"]++} - /sshd\[.*POSSIBLE BREAK-IN ATTEMPT!/{c["Breakin"]++} - /sshd\[.*keyboard-interactive\/pam/{c["LogPassPAM"]++} - /sshd\[.*reverse mapping checking getaddrinfo/{c["NoRDNS"]++}a - END{for(i in c){print i".value " c[i]} }' < $LOG \ No newline at end of file +#!/bin/sh +# +# Plugin to monitor auth.log for sshd server events. +# +# Require read permitions for $LOG +# (set in /etc/munin/plugin-conf.d/munin-node on debian) +# On busy servers you can change value type to COUNTER and set min to 0 to avoid minus peaks at logrotate +# +# $Log$ +# Revision 1.2 2010/03/19 15:03:00 pmoranga +# Revision 1.1 2009/04/26 23:28:00 ckujau +# Revision 1.0 2009/04/22 22:00:00 zlati +# Initial revision +# +# Parameters: +# +# config (required) +# autoconf (optional - used by munin-config) +# +# Magick markers (optional): +#%# family=auto +#%# capabilities=autoconf + +# config example for /etc/munin/plugin-conf.d/munin-node +#[sshd_log] +#user root +#group root +#env.logfile /var/log/messages +#env.category users +# + +LOG=${logfile:-/var/log/secure} +CATEGORY=${category:-system} + + +if [ "$1" = "autoconf" ]; then + if [ -r "$LOG" ]; then + echo yes + exit 0 + else + echo no + exit 1 + fi +fi + +if [ "$1" = "config" ]; then + + echo 'graph_title SSHD login stats from' $LOG + echo 'graph_args --base 1000 -l 0' + echo 'graph_vlabel logins' + echo 'graph_category' $CATEGORY + + echo 'LogPass.label Successful password logins' + echo 'LogPassPAM.label Successful login via PAM' + echo 'LogKey.label Successful PublicKey logins' + echo 'NoID.label No identification from user' + echo 'rootAttempt.label Root login attempts' + echo 'InvUsr.label Invalid user login attepmts' + echo 'NoRDNS.label No reverse DNS for peer' + echo 'Breakin.label Potential Breakin Attempts' + exit 0 +fi + +awk 'BEGIN{c["LogPass"]=0;c["LogKey"]=0;c["NoID"]=0;c["rootAttempt"]=0;c["InvUsr"]=0;c["LogPassPAM"]=0;c["Breakin"]=0;c["NoRDNS"]=0; } + /sshd\[.*Accepted password for/{c["LogPass"]++} + /sshd\[.*Accepted publickey for/{c["LogKey"]++} + /sshd\[.*Did not receive identification string/{c["NoID"]++} + /sshd\[.*Failed password for root/{c["rootAttempt"]++} + /sshd\[.*Invalid user/{c["InvUsr"]++} + /sshd\[.*POSSIBLE BREAK-IN ATTEMPT!/{c["Breakin"]++} + /sshd\[.*keyboard-interactive\/pam/{c["LogPassPAM"]++} + /sshd\[.*reverse mapping checking getaddrinfo/{c["NoRDNS"]++}a + END{for(i in c){print i".value " c[i]} }' < $LOG