Mirrors/Munin-Contrib
1
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2025-07-22 14:16:00 +00:00
Code Issues Releases Wiki Activity

[network/hostsdeny] Refactor to support any blocked service

Browse source 
The HostDenied field is renamed to ssh. To preserve existing data,

	# cd /var/lib/munin/example.net
	# mv hostname-hostsdeny-HostsDenied-g.rrd hostname-hostsdeny-sshd-g.rrd

This refactor incidentally also fixes a bug where empty or commented-out
lines where also counted.

Signed-off-by: Olivier Mehani <shtrom@ssji.net>
This commit is contained in:
Olivier Mehani 2019-10-09 23:15:37 +11:00 committed by Lars Kruse
parent e926acaf5f
commit cfe070ea38
2 changed files with 32 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

43
plugins/network/hostsdeny
View file

@ -1,4 +1,4 @@
#!/bin/bash #!/bin/sh -eu
# #
# Plugin to monitor the number of hosts in /etc/hosts.deny # Plugin to monitor the number of hosts in /etc/hosts.deny
# that are deined access to sshd # that are deined access to sshd
@ -6,6 +6,9 @@
# Based on denyhosts plugin by tjansson (2009) # Based on denyhosts plugin by tjansson (2009)
# #
# Copyright (C) 2009 Kåre Hartvig Jensen (kaare.hartvig.jensen@gmail.com) # Copyright (C) 2009 Kåre Hartvig Jensen (kaare.hartvig.jensen@gmail.com)
# Copyright (C) 2019 Olivier Mehani <shtrom+munin@ssji.net>
#
# SPDX-License-Identifier: GPL-3.0-or-later
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -20,25 +23,43 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# #
LOG=${LOG:-/etc/hosts.deny}
if [ "$1" = "autoconf" ]; then if [ "${MUNIN_DEBUG:-0}" = 1 ]; then
if [ -r "$LOG" ]; then set -x
fi
if [ "${1:-}" = "autoconf" ]; then
if [ -r "${LOG}" ]; then
echo yes echo yes
else else
echo no echo "no (${LOG} not readable or non-existent)"
fi fi
exit 0 exit 0
fi fi
if [ "$1" = "config" ]; then COUNTS=$(sed -n 's/^\([^#]\+\):.*/\1/p' "${LOG}" \
| sort \
| uniq -c \
| sed "s/^.*\s\([0-9]\+\)\s\(.*\)/\2.value \1/"
)
echo 'graph_title Hosts denied sshd access' if [ "${1:-}" = "config" ]; then
echo 'graph_info Hosts denied sshd access in /etc/hosts.deny'
echo 'graph_title Hosts denied access'
echo "graph_info Hosts denied access in ${LOG}"
echo 'graph_args --base 1000 -l 0' echo 'graph_args --base 1000 -l 0'
echo 'graph_vlabel Hosts denied ' echo 'graph_vlabel Hosts denied '
echo 'graph_category system' echo 'graph_category security'
echo 'HostsDenied.label Hosts denied' # Assume we always have SSH
exit 0 echo 'sshd.label sshd'
echo 'sshd.draw AREA'
echo "${COUNTS}" \
| sed '/ssh/d; # skip ssh
s/^\([^\.]\+\)\..*/\1.label \1\n\1.draw STACK/'
if [ "${MUNIN_DIRTYCONFIG:-0}" != 1 ]; then
exit 0
fi
fi fi
echo HostsDenied.value `cat /etc/hosts.deny | grep sshd | wc -l` echo "${COUNTS}"

1
t/test-exception-wrapper.expected-failures
View file

@ -223,7 +223,6 @@ plugins/network/ethtool_
plugins/network/fwbuilder_ plugins/network/fwbuilder_
plugins/network/hfsc plugins/network/hfsc
plugins/network/hfsc_sep plugins/network/hfsc_sep
plugins/network/hostsdeny
plugins/network/host_traffic plugins/network/host_traffic
plugins/network/if1sec_ plugins/network/if1sec_
plugins/network/ifem_ plugins/network/ifem_