From 756cfcda5f7eee63419d943d3cf93275294836bf Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 27 Jan 2009 22:58:29 +0000
Subject: [PATCH] - Added nagios script. Thanks to Sebastian Mueller.

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@721 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 ChangeLog                   |   1 +
 MANIFEST                    |   2 +
 files/nagios/check_fail2ban | 106 ++++++++++++++++++++++++++++++++++++
 files/nagios/f2ban.txt      |  18 ++++++
 4 files changed, 127 insertions(+)
 create mode 100644 files/nagios/check_fail2ban
 create mode 100644 files/nagios/f2ban.txt

diff --git a/ChangeLog b/ChangeLog
index 2cd36723..46fd5f1f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,7 @@ ver. 0.8.4 (2008/??/??) - stable
   crashed. Thanks to Detlef Reichelt.
 - Removed begin-line anchor for "standard" timestamp. Fixed
   Debian bug #500824.
+- Added nagios script. Thanks to Sebastian Mueller.
 
 ver. 0.8.3 (2008/07/17) - stable
 ----------
diff --git a/MANIFEST b/MANIFEST
index 1ea7a621..39ca0df8 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -116,3 +116,5 @@ files/suse-initd
 files/cacti/fail2ban_stats.sh
 files/cacti/cacti_host_template_fail2ban.xml
 files/cacti/README
+files/nagios/check_fail2ban
+files/nagios/f2ban.txt
diff --git a/files/nagios/check_fail2ban b/files/nagios/check_fail2ban
new file mode 100644
index 00000000..0b40db53
--- /dev/null
+++ b/files/nagios/check_fail2ban
@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Usage: ./check_fail2ban
+###############################################################################################
+# Description: 
+#		This plugin will check the status of Fail2ban.  
+#
+# Created:      2008-10-25 (Sebastian Mueller)
+#
+# Changes:      2008-10-26 fixed some issues (Sebastian Mueller)
+# Changes:      2009-01-25 add the second check, when server is not replying and the
+#		process is hang-up (Sebastian Mueller)
+#
+# please visit my website http://www.elchtest.eu or my personal WIKI http://wiki.elchtest.eu
+#
+################################################################################################
+# if you have any questions, send a mail to linux@krabbe-offline.de 
+#
+# this script is for my personal use. read the script before running/using it!!!
+#
+#
+# YOU HAVE BEEN WARNED. THIS MAY DESTROY YOUR MACHINE. I ACCEPT NO RESPONSIBILITY.
+###############################################################################################
+
+
+SECOND_CHECK=0 
+STATE_OK=0
+STATE_CRITICAL=2
+
+######################################################################
+# Read the Status from fail2ban-client 
+######################################################################
+check_processes_fail2ban()
+{
+        
+  F2B=`sudo -u root fail2ban-client ping | awk -F " " '{print $3}'`
+  exit_fail2ban=0
+
+  if  [[ $F2B = "pong" ]]; then
+   exit_fail2ban=$STATE_OK
+ else
+ exit_fail2ban=$STATE_CRITICAL
+ fi
+
+}
+######################################################################
+# first check in the Background, PID will be killed when no response
+# after 10 seconds, might be possible, otherwise the scipt will be
+# pressent in your memory all the time
+#
+######################################################################
+
+check_processes_fail2ban &
+pid=$!
+
+typeset -i i=0
+while ps $pid >/dev/null
+do
+ sleep 1
+ i=$i+1
+if [ $i -ge 10 ]
+ then
+ kill $pid 
+   SECOND_CHECK=1
+   exit_fail2ban=$STATE_CRITICAL
+   break
+fi
+done
+
+######################################################################
+# when the Server response (doesent mean the FAIL2BAN is working)
+# in the first step, then it will run again and test the Service 
+# and provide the real status
+######################################################################
+
+
+if [ $SECOND_CHECK -eq 0  ]; then
+  check_processes_fail2ban
+ elif [ $SECOND_CHECK -eq 1 ]; then
+  exit_fail2ban=$STATE_CRITICAL
+fi
+
+
+
+######################################################################
+# Mainmenu
+######################################################################
+
+
+final_exit=$exit_fail2ban
+if [ $final_exit -eq 0  ]; then
+  echo "SYSTEM OK - Fail2ban is working normaly"
+  exitstatus=$STATE_OK
+elif [ $final_exit -ne "0" ]; then
+  echo "SYSTEM WARNING - Fail2Ban is not working"
+######################################################################
+# If don't have a Nagios Server for monitoring, remove the comment and
+# add your Mail Addres. You can check it with a Cron Job once a hour.
+# put a txt file on your server and describe how to fix the issue, this 
+# could be attached to the mail.
+######################################################################
+#  mutt -s "FAIL2BAN NOT WORKING" your@email.com < /home/f2ban.txt
+
+  exitstatus=$STATE_CRITICAL
+fi
+exit $exitstatus
diff --git a/files/nagios/f2ban.txt b/files/nagios/f2ban.txt
new file mode 100644
index 00000000..a811cd5d
--- /dev/null
+++ b/files/nagios/f2ban.txt
@@ -0,0 +1,18 @@
+It seems that Fail2ban is currently not working, please login and check
+
+HELP:
+
+1.) stop the Service
+/etc/init.d/fail2ban stop
+
+2.) delete the socket if avalible
+rm /tmp/fail2ban.sock
+
+3.) start the Service 
+/etc/init.d/fail2ban start
+
+4.) check if fail2ban is working
+fail2ban-client ping
+Answer should be "pong"
+
+5.) if the answer is not "pong" run away or  CRY FOR HELP ;-)