#!/bin/sh -eu # # Plugin to monitor the number of hosts in /etc/hosts.deny # that are denied access to sshd # # Based on denyhosts plugin by tjansson (2009) # # Copyright (C) 2009 Kåre Hartvig Jensen (kaare.hartvig.jensen@gmail.com) # Copyright (C) 2019 Olivier Mehani # # SPDX-License-Identifier: GPL-3.0-or-later # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # LOG=${LOG:-/etc/hosts.deny} if [ "${MUNIN_DEBUG:-0}" = 1 ]; then set -x fi if [ "${1:-}" = "autoconf" ]; then if [ -r "${LOG}" ]; then echo yes else echo "no (${LOG} not readable or non-existent)" fi exit 0 fi COUNTS=$(sed -n 's/^\([^#]\+\):.*/\1/p' "${LOG}" \ | sort \ | uniq -c \ | sed "s/^.*\s\([0-9]\+\)\s\(.*\)/\2.value \1/" ) if [ "${1:-}" = "config" ]; then echo 'graph_title Hosts denied access' echo "graph_info Hosts denied access in ${LOG}" echo 'graph_args --base 1000 -l 0' echo 'graph_vlabel Hosts denied ' echo 'graph_category security' # Assume we always have SSH echo 'sshd.label sshd' echo 'sshd.draw AREA' echo "${COUNTS}" \ | sed '/ssh/d; # skip ssh s/^\([^\.]\+\)\..*/\1.label \1\n\1.draw STACK/' if [ "${MUNIN_DIRTYCONFIG:-0}" != 1 ]; then exit 0 fi fi echo "${COUNTS}"