mirror of https://github.com/fail2ban/fail2ban
				
				
				
			
		
			
				
	
	
		
			350 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Perl
		
	
	
		
			Executable File
		
	
			
		
		
	
	
			350 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Perl
		
	
	
		
			Executable File
		
	
| #!/usr/bin/perl
 | |
| 
 | |
| #  -------------------------------------------------------
 | |
| #             -=- <check_fail2ban> -=-
 | |
| #  -------------------------------------------------------
 | |
| #
 | |
| #  Description : This plugin checks if the fail2ban server is running 
 | |
| #  and how many IPs are currently banned.
 | |
| #  
 | |
| #
 | |
| # inspired by the work of Sebastian Mueller - http://www.elchtest.eu
 | |
| # 
 | |
| #
 | |
| #  Version : 0.1
 | |
| #  -------------------------------------------------------
 | |
| #  In :
 | |
| #     - see the How to use section
 | |
| #
 | |
| #  Out :
 | |
| #     - only print on the standard output 
 | |
| #
 | |
| #  Features :
 | |
| #     - perfdata output
 | |
| #     - works with only a specific jail
 | |
| #
 | |
| #  Fix Me/Todo :
 | |
| #     - too many things ;) but let me know what do you think about it
 | |
| #
 | |
| # ####################################################################
 | |
| 
 | |
| # ####################################################################
 | |
| # GPL v2
 | |
| # This program is free software; you can redistribute it and/or
 | |
| # modify it under the terms of the GNU General Public License
 | |
| # as published by the Free Software Foundation; either version 2
 | |
| # of the License, or (at your option) any later version.
 | |
| #
 | |
| # This program is distributed in the hope that it will be useful,
 | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
| # GNU General Public License for more details.
 | |
| 
 | |
| # You should have received a copy of the GNU General Public License
 | |
| # along with this program; if not, write to the Free Software
 | |
| # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 | |
| # ####################################################################
 | |
| 
 | |
| # ####################################################################
 | |
| # How to use :
 | |
| # ------------
 | |
| #
 | |
| # Just have to run the following command:
 | |
| #       $ ./check_fail2ban --help
 | |
| # 
 | |
| # If you need to use this script with NRPE you just have to do the 
 | |
| # following steps:
 | |
| #
 | |
| # 1 allow your user to run the script with the sudo rights. Just add
 | |
| #   something like that in your /etc/sudoers (use visudo) :
 | |
| #     nagios ALL=(ALL) NOPASSWD: /<path-to>/check_fail2ban
 | |
| #
 | |
| # 2 then just add this kind of line in your NRPE config file :
 | |
| #   command[check_fail2ban]=/usr/bin/sudo /<path-to>/check_fail2ban
 | |
| #
 | |
| # 3 don't forget to restart your NRPE daemon
 | |
| #
 | |
| #	
 | |
| # /!\ be careful to let no one able to update the check_fail2ban ;)
 | |
| # ------------------------------------------------------------------------------
 | |
| #
 | |
| # ####################################################################
 | |
| 
 | |
| # ####################################################################
 | |
| # Changelog :
 | |
| # -----------
 | |
| #
 | |
| # --------------------------------------------------------------------
 | |
| #   Date:12/03/2013   Version:0.1     Author:Erwan Ben Souiden
 | |
| #   >> creation
 | |
| # ####################################################################
 | |
| 
 | |
| # ####################################################################
 | |
| #            Don't touch anything under this line!
 | |
| #        You shall not pass - Gandalf is watching you
 | |
| # ####################################################################
 | |
| 
 | |
| use strict;
 | |
| use warnings;
 | |
| use Getopt::Long qw(:config no_ignore_case);
 | |
| 
 | |
| # Generic variables
 | |
| # -----------------
 | |
| my $version = '0.1';
 | |
| my $author = 'Erwan Labynocle Ben Souiden';
 | |
| my $a_mail = 'erwan@aleikoum.net';
 | |
| my $script_name = 'check_fail2ban';
 | |
| my $verbose_value = 0;
 | |
| my $version_value = 0;
 | |
| my $more_value = 0;
 | |
| my $help_value = 0;
 | |
| my $perfdata_value = 0;
 | |
| my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
 | |
| 
 | |
| # Plugin default variables
 | |
| # ------------------------
 | |
| my $display = 'CHECK FAIL2BAN ACTIVITY';
 | |
| my ($critical,$warning) = (2,1);
 | |
| my $fail2ban_client_path = '/usr/bin/fail2ban-client';
 | |
| my $fail2ban_socket = '';
 | |
| my $jail_specific = '';
 | |
| my $jail_name = '';
 | |
| 
 | |
| GetOptions (
 | |
|     'P=s' => \ $fail2ban_client_path,
 | |
|     'path-fail2ban_client=s' => \ $fail2ban_client_path,
 | |
|     'j=s' => \ $jail_specific,
 | |
|     'jail=s' => \ $jail_specific,
 | |
|     'w=i' => \ $warning,
 | |
|     'warning=i' => \ $warning,
 | |
|     'socket=s' => \ $fail2ban_socket,
 | |
|     'S=s' => \ $fail2ban_socket,
 | |
|     'c=i' => \ $critical,
 | |
|     'critical=i' => \ $critical,
 | |
|     'V' => \ $version_value,
 | |
|     'version' => \ $version_value,
 | |
|     'h' => \ $help_value,
 | |
|     'H' => \ $help_value,
 | |
|     'help' => \ $help_value,
 | |
|     'display=s' => \ $display,
 | |
|     'D=s' => \ $display,
 | |
|     'perfdata' => \ $perfdata_value,
 | |
|     'p' => \ $perfdata_value,
 | |
|     'v' => \ $verbose_value,
 | |
|     'verbose' => \ $verbose_value
 | |
| );
 | |
| 
 | |
| print_usage() if ($help_value);
 | |
| print_version() if ($version_value);
 | |
| 
 | |
| 
 | |
| # Syntax check of your specified options
 | |
| # --------------------------------------
 | |
| 
 | |
| print "DEBUG : fail2ban_client_path: $fail2ban_client_path\n" if ($verbose_value);
 | |
| if (($fail2ban_client_path eq "")) {
 | |
|     print $display.'- one or more following arguments are missing: fail2ban_client_path'."\n";
 | |
|     exit $ERRORS{"UNKNOWN"};
 | |
| }
 | |
| 
 | |
| if(! -x $fail2ban_client_path) {
 | |
|     print $display.' - '.$fail2ban_client_path.' is not executable by you'."\n";
 | |
|     exit $ERRORS{"UNKNOWN"};
 | |
| }
 | |
| print "DEBUG : $fail2ban_client_path exists and is executable\n" if ($verbose_value);
 | |
| 
 | |
| my $fail2ban_cmd = $fail2ban_client_path;
 | |
| $fail2ban_cmd .= " -s $fail2ban_socket" if ($fail2ban_socket);
 | |
| 
 | |
| print "DEBUG : final fail2ban command: $fail2ban_cmd\n" if ($verbose_value);
 | |
| 
 | |
| print "DEBUG : warning threshold : $warning, critical threshold : $critical\n" if ($verbose_value);
 | |
| if (($critical < 0) or ($warning < 0) or ($critical < $warning)) {
 | |
|     print $display.' - the thresholds must be integers and the critical threshold higher or equal than the warning threshold'."\n";
 | |
|     exit $ERRORS{"UNKNOWN"};
 | |
| }
 | |
| 
 | |
| # Core script
 | |
| # -----------
 | |
| my ($how_many_jail,$how_many_banned,$return_print,$perf_print,$plugstate) = (0,0,"","","OK");
 | |
| 
 | |
| 
 | |
| ### Test the connection to the fail2ban server
 | |
| my @command_output = `$fail2ban_cmd ping`;
 | |
| my $return_code = $?;
 | |
| if ($return_code) {
 | |
|     print $display.'CRITICAL - non-zero exit code during testing fail2ban-client ping, check if the server is running and if you have the good permissions';
 | |
|     exit $ERRORS{"CRITICAL"};
 | |
| }
 | |
| else {
 | |
|     print "DEBUG : it seems the connection with the fail2ban server is ok\n" if ($verbose_value);
 | |
| }
 | |
| 
 | |
| 
 | |
| ### Only if you specify one jail
 | |
| if ($jail_specific) {
 | |
|     my $current_ban_number = currently_ban("$fail2ban_cmd","$jail_specific");
 | |
|     if ($current_ban_number == -1) {
 | |
|         print $display.' - CRITICAL - impossible to retrieve info about the jail '.$jail_specific;
 | |
|         exit $ERRORS{"CRITICAL"};
 | |
|     }
 | |
|     else {
 | |
|         $how_many_banned = int($current_ban_number);
 | |
|         $return_print = $how_many_banned.' current banned IP(s) for the specific jail '.$jail_specific;
 | |
|         $perf_print .= "$current_ban_number " if ($perfdata_value);
 | |
|     }
 | |
| }
 | |
| ### To analyze all the jail
 | |
| else {
 | |
|     # Retrieve the jails list
 | |
|     my @jail_list = obtain_jail_list("$fail2ban_cmd");
 | |
|     if ($jail_list[0] eq "-1") {
 | |
|         print $display.' - CRITICAL - impossible to retrieve the jail list'."\n";
 | |
|         exit $ERRORS{"CRITICAL"};
 | |
|     }
 | |
| 
 | |
|     foreach (@jail_list) {
 | |
|         $how_many_jail ++;
 | |
| 
 | |
|         my $jail_name = $_;
 | |
|         $jail_name =~ tr/ //ds;
 | |
| 
 | |
|         my $current_ban_number = currently_ban("$fail2ban_cmd","$jail_name");
 | |
|         if ($current_ban_number == -1) {
 | |
|             print "DEBUG : problem to parse the current banned IPs for jail $jail_name\n" if ($verbose_value);
 | |
|         }
 | |
|         else {
 | |
|             print "DEBUG : the jail $jail_name has currently $current_ban_number banned IPs\n" if ($verbose_value);
 | |
|             $how_many_banned += int($current_ban_number);
 | |
|             $perf_print .= "$jail_name.currentBannedIP=$current_ban_number " if ($perfdata_value);
 | |
|         }
 | |
|     }
 | |
|     $return_print = $how_many_jail.' detected jails with '.$how_many_banned.' current banned IP(s)';
 | |
| }
 | |
| 
 | |
| ### Final
 | |
| $plugstate = "CRITICAL" if ($how_many_banned >= $critical);
 | |
| $plugstate = "WARNING" if (($how_many_banned >= $warning) && ($how_many_banned < $critical));
 | |
| 
 | |
| $return_print = $display." - ".$plugstate." - ".$return_print;
 | |
| $return_print .= " | $perf_print" if ($perfdata_value);
 | |
| 
 | |
| print $return_print;
 | |
| exit $ERRORS{"$plugstate"};
 | |
| 
 | |
| 
 | |
| # ####################################################################
 | |
| # function 1 : display the help
 | |
| # -----------------------------
 | |
| sub print_usage {
 | |
|     print <<EOT;
 | |
| $script_name version $version by $author
 | |
| 
 | |
| This plugin checks if the fail2ban server is running and how many IPs are currently banned.
 | |
| You can use this plugin to monitor all the jails or just a specific jail.
 | |
| 
 | |
| Usage: /<path-to>/$script_name [-p] [-D "$display"] [-v] [-c 2] [-w 1] [-s /<path-to>/socket] [-P /usr/bin/fail2ban-client]
 | |
| 
 | |
| Options:
 | |
|  -h, --help
 | |
|     Print detailed help screen
 | |
|  -V, --version
 | |
|     Print version information
 | |
|  -D, --display=STRING
 | |
|     To modify the output display 
 | |
|     default is "CHECK FAIL2BAN ACTIVITY"
 | |
|  -P, --path-fail2ban_client=STRING
 | |
|     Specify the path to the tw_cli binary
 | |
|     default value is /usr/bin/fail2ban-client
 | |
|  -c, --critical=INT
 | |
|     Specify a critical threshold
 | |
|     default is 2
 | |
|  -w, --warning=INT
 | |
|     Specify a warning threshold
 | |
|     default is 1
 | |
|  -s, --socket=STRING
 | |
|     Specify a socket path
 | |
|     default is unset
 | |
|  -p, --perfdata
 | |
|     If you want to activate the perfdata output
 | |
|  -v, --verbose
 | |
|     Show details for command-line debugging (Nagios may truncate the output)
 | |
|     
 | |
| Send email to $a_mail if you have questions
 | |
| regarding use of this software. To submit patches or suggest improvements,
 | |
| send email to $a_mail
 | |
| This plugin has been created by $author
 | |
| 
 | |
| Hope you will enjoy it ;)
 | |
| 
 | |
| Remember :
 | |
|     This program is free software; you can redistribute it and/or
 | |
|     modify it under the terms of the GNU General Public License
 | |
|     as published by the Free Software Foundation; either version 2
 | |
|     of the License, or (at your option) any later version.
 | |
| 
 | |
|     This program is distributed in the hope that it will be useful,
 | |
|     but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|     GNU General Public License for more details.
 | |
| 
 | |
|     You should have received a copy of the GNU General Public License
 | |
|     along with this program; if not, write to the Free Software
 | |
|     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 | |
| 
 | |
| EOT
 | |
|     exit $ERRORS{"UNKNOWN"};
 | |
| }
 | |
| 
 | |
| # function 2 : display version information
 | |
| # ----------------------------------------
 | |
| sub print_version {
 | |
|     print <<EOT;
 | |
| $script_name version $version
 | |
| EOT
 | |
|     exit $ERRORS{"UNKNOWN"};
 | |
| }
 | |
| 
 | |
| # function 3 : return the jail list
 | |
| # ---------------------------------
 | |
| sub obtain_jail_list {
 | |
|     my ($fail2ban_client_path) = @_;
 | |
| 
 | |
|     my @command_output = `$fail2ban_client_path status`;
 | |
|     my $return_code = $?;
 | |
|     if ($return_code) {
 | |
|         return -1;
 | |
|     }
 | |
|     
 | |
|     my @jail_list;
 | |
|     foreach (@command_output) {
 | |
|         if ($_=~/^.*Jail list:\t+(.*)/) {
 | |
|             print "DEBUG : jails list: $1\n" if ($verbose_value);
 | |
|             @jail_list = split(/,/, $1);
 | |
|         }
 | |
|     }
 | |
|     
 | |
|     return @jail_list;
 | |
| }
 | |
| 
 | |
| # function 4 : return how many IP are currently ban for a given jail
 | |
| # ------------------------------------------------------------------
 | |
| sub currently_ban {
 | |
|     my ($fail2ban_client_path,$jail_name) = @_;
 | |
| 
 | |
|     my @command_output = `$fail2ban_client_path status $jail_name`;
 | |
|     my $return_code = $?;
 | |
|     if ($return_code) {
 | |
|         return -1;
 | |
|     }
 | |
| 
 | |
|     foreach (@command_output) {
 | |
|         if ($_=~/^.*Currently banned:\t+(.*)/) {
 | |
|             my $current_count = $1;
 | |
|             $current_count =~ tr/ //ds;
 | |
|             return $current_count;
 | |
|         }
 | |
|     }
 | |
|     return -1;
 | |
| }
 |