Repository
Munin (contrib)
Last change
2018-08-02
Graph Categories
Family
auto
Capabilities
Keywords
Language
Bash

auth

Sadly there is no documentation for this plugin.

#!/bin/bash
#
# A Munin Plugin to show auth stuff
# Created by Dominik Schulz <lkml@ds.gauner.org>
# http://developer.gauner.org/munin/
# Based on a work of "jintxo"
#
# Parameters understood:
#
# 	config   (required)
# 	autoconf (optional - used by munin-config)
#
#
# Magic markers (optional - used by munin-config and installation
# scripts):
#
#%# family=auto
#%# capabilities=autoconf


#############################
# Configuration
#############################
MAXLABEL=20
STAT_FILE=$MUNIN_PLUGSTATE/plugin-auth.state
EXPR_BIN=/usr/bin/expr
#############################

if [ "$1" = "autoconf" ]; then
	echo yes
	exit 0
fi

if [ "$1" = "config" ]; then

	echo 'graph_title Auth Log Parser'
	echo 'graph_args --base 1000 -l 0'
	echo 'graph_vlabel Daily Auth Counters'
	echo 'graph_category auth'
	echo 'illegal_user.label Illegal User'
	echo 'possible_breakin.label Breakin Attempt'
	echo 'authentication_failure.label Authentication Fail'
	echo 'valid_login.label Valid Login'
	exit 0
fi

#############################
# Initialization
#############################
if [ ! -r $STAT_FILE ]; then
	echo "ILL=0" > $STAT_FILE
	echo "POS=0" >> $STAT_FILE
	echo "AUT=0" >> $STAT_FILE
	echo "VAL=0" >> $STAT_FILE
fi

TODAY="`date '+%b'` `date '+%d' | sed 's/0\([0-9]\)/ \1/'`"
#############################

#############################
# Illegal User
#############################
echo -en "illegal_user.value "
NEW_ILL=$(grep "Illegal user\|no such user" /var/log/auth.log | grep "^$TODAY" | wc -l)
OLD_ILL=$(grep ILL $STAT_FILE | cut -f2 -d '=')
ILL=$($EXPR_BIN $NEW_ILL - $OLD_ILL)
if [ $ILL -gt 0 ]; then
	echo "$ILL"
else
	echo "0"
fi
echo -n
#############################
# Possible Breakins
#############################
echo -en "possible_breakin.value "
NEW_POS=$(grep -i "breakin attempt" /var/log/auth.log | grep "^$TODAY" | wc -l)
OLD_POS=$(grep POS $STAT_FILE | cut -f2 -d '=')
POS=$($EXPR_BIN $NEW_POS - $OLD_POS)
if [ $POS -gt 0 ]; then
	echo "$POS"
else
	echo "0"
fi
echo -n
#############################
# Authentication Failures
#############################
echo -en "authentication_failure.value "
NEW_AUT=$(grep "authentication failure" /var/log/auth.log | grep "^$TODAY" | wc -l)
OLD_AUT=$(grep AUT $STAT_FILE | cut -f2 -d '=')
AUT=$($EXPR_BIN $NEW_AUT - $OLD_AUT)
if [ $AUT -gt 0 ]; then
	echo "$AUT"
else
	echo "0"
fi
echo -n
#############################
# Valid Logins
#############################
echo -en "valid_login.value "
NEW_VAL=$(grep "sshd.*Accepted" /var/log/auth.log | grep "^$TODAY" | wc -l)
OLD_VAL=$(grep VAL $STAT_FILE | cut -f2 -d '=')
VAL=$($EXPR_BIN $NEW_VAL - $OLD_VAL)
if [ $VAL -gt 0 ]; then
	echo "$VAL"
else
	echo "0"
fi
echo -n
###
# Save the current values
###
echo "ILL=$NEW_ILL" > $STAT_FILE
echo "POS=$NEW_POS" >> $STAT_FILE
echo "AUT=$NEW_AUT" >> $STAT_FILE
echo "VAL=$NEW_VAL" >> $STAT_FILE