mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
3.2 KiB
106 lines
3.2 KiB
#!/bin/bash
|
|
#
|
|
# Usage: ./check_fail2ban
|
|
###############################################################################################
|
|
# Description:
|
|
# This plugin will check the status of Fail2ban.
|
|
#
|
|
# Created: 2008-10-25 (Sebastian Mueller)
|
|
#
|
|
# Changes: 2008-10-26 fixed some issues (Sebastian Mueller)
|
|
# Changes: 2009-01-25 add the second check, when server is not replying and the
|
|
# process is hang-up (Sebastian Mueller)
|
|
#
|
|
# please visit my website http://www.elchtest.eu or my personal WIKI http://wiki.elchtest.eu
|
|
#
|
|
################################################################################################
|
|
# if you have any questions, send a mail to linux@krabbe-offline.de
|
|
#
|
|
# this script is for my personal use. read the script before running/using it!!!
|
|
#
|
|
#
|
|
# YOU HAVE BEEN WARNED. THIS MAY DESTROY YOUR MACHINE. I ACCEPT NO RESPONSIBILITY.
|
|
###############################################################################################
|
|
|
|
|
|
SECOND_CHECK=0
|
|
STATE_OK=0
|
|
STATE_CRITICAL=2
|
|
|
|
######################################################################
|
|
# Read the Status from fail2ban-client
|
|
######################################################################
|
|
check_processes_fail2ban()
|
|
{
|
|
|
|
F2B=`sudo -u root fail2ban-client ping | awk -F " " '{print $3}'`
|
|
exit_fail2ban=0
|
|
|
|
if [[ $F2B = "pong" ]]; then
|
|
exit_fail2ban=$STATE_OK
|
|
else
|
|
exit_fail2ban=$STATE_CRITICAL
|
|
fi
|
|
|
|
}
|
|
######################################################################
|
|
# first check in the Background, PID will be killed when no response
|
|
# after 10 seconds, might be possible, otherwise the script will be
|
|
# present in your memory all the time
|
|
######################################################################
|
|
|
|
check_processes_fail2ban &
|
|
pid=$!
|
|
|
|
typeset -i i=0
|
|
while ps $pid >/dev/null
|
|
do
|
|
sleep 1
|
|
i=$i+1
|
|
if [ $i -ge 10 ]
|
|
then
|
|
kill $pid
|
|
SECOND_CHECK=1
|
|
exit_fail2ban=$STATE_CRITICAL
|
|
break
|
|
fi
|
|
done
|
|
|
|
######################################################################
|
|
# when the Server response (does not mean the FAIL2BAN is working)
|
|
# in the first step, then it will run again and test the Service
|
|
# and provide the real status
|
|
######################################################################
|
|
|
|
|
|
if [ $SECOND_CHECK -eq 0 ]; then
|
|
check_processes_fail2ban
|
|
elif [ $SECOND_CHECK -eq 1 ]; then
|
|
exit_fail2ban=$STATE_CRITICAL
|
|
fi
|
|
|
|
|
|
|
|
######################################################################
|
|
# Main Menu
|
|
######################################################################
|
|
|
|
|
|
final_exit=$exit_fail2ban
|
|
if [ $final_exit -eq 0 ]; then
|
|
echo "SYSTEM OK - Fail2ban is working normally"
|
|
exitstatus=$STATE_OK
|
|
elif [ $final_exit -ne "0" ]; then
|
|
echo "SYSTEM WARNING - Fail2Ban is not working"
|
|
######################################################################
|
|
# If don't have a Nagios Server for monitoring, remove the comment and
|
|
# add your Mail Address. You can check it with a Cron Job once an hour.
|
|
# put a txt file on your server and describe how to fix the issue, this
|
|
# could be attached to the mail.
|
|
######################################################################
|
|
# mutt -s "FAIL2BAN NOT WORKING" your@example.com < /home/f2ban.txt
|
|
|
|
exitstatus=$STATE_CRITICAL
|
|
fi
|
|
exit $exitstatus
|