- Repository
- Munin (contrib)
- Last change
- 2019-10-23
- Graph Categories
- Family
- manual
- Capabilities
- Keywords
- Language
- Bash
- Authors
hostdenied
Sadly there is no documentation for this plugin.
#!/bin/bash
#
# Plugin to monitor the number of hosts in /etc/hosts.deny
# that are denied access to sshd
# Copyright (C) 2010 Lothar Schmidt, l.munin@scarydevilmonastery.net
# Bushmills on #munin, irc.freenode.net
# latest versions on http://scarydevilmonastery.net/munin.cgi
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# ------------------------------------------------------------------------------------------------------
# 20100310 v1.01 ls
# as threatened, shows now "temperatures" of active hosts.deny lines. Recent additions are
# displayed in bright red, turning to blue as older the addition rules are.
# This requires denyhosts to add line to hosts.deny in a specific format. Also, times are currently
# hardcoded, and not a lot of flexibility adjusting them through parameters.
# A line in hosts.deny should come with a comment, looking like:
# # DenyHosts: Sat Mar 6 01:11:57 2010 | sshd: 87.101.51.198
# 8 graphs are drawn from that depicting number of rules in 24 h increments. Different colours are
# assigned to graphs which are <24h, 24-48h, 48-72h ... old. The last (coldest) graph shows rules
# which have been added > 168h ago.
# I'm considerering to change age granularity to hours, rather than days, and plot many graphs (64 or 128,
# which are nice for colour calculations), showing more of a colour cloud than discernible areas.
# The plugin must have permission to read /etc/hosts.deny, of course.
# 20100308, v1.0, ls
# Will probably add multiple stacked graphs, indicative for addition/removal date of denies,
# instead of a boring single area graph.
# ------------------------------------------------------------------------------------------------------
#%# family=manual
#%# capabilities=autoconf
# ------------------------------------------------------------------------------------------------------
DENY="/etc/hosts.deny"
NAME="$(basename "$0")" # component of naming temporary files
STATEFILE="$MUNIN_PLUGSTATE/$NAME.state"
COLOUR=(FF0000 DA0024 B60048 91006D 6D0091 4800B6 2400DA 0000FF) # hot to cold colours
# ------------------------------------------------------------------------------------------------------
run_autoconf() {
RUN="no (denyhosts not found)"
command -v denyhosts > /dev/null && RUN="yes" # only run when denyhosts is present
echo "$RUN"
}
run_config() {
cat << EOF
graph_title Hosts denied sshd access
graph_info Hosts denied sshd access in $DENY
graph_args --base 1000 -l 0
graph_vlabel Hosts denied
graph_category security
EOF
for AGE in {7..0}; do
if [ "${AGE}" = 0 ]; then
echo "age${AGE}.label added last 24h"
else
echo "age${AGE}.label older than $((AGE*24))h"
fi
cat << EOF
age${AGE}.draw AREASTACK
age${AGE}.colour ${COLOUR[$AGE]}
EOF
done
}
run_fetch() {
TOTAL=0
NOW=$(date +%s)
sed -n 's/^\# DenyHosts: //;s/ | .*//gp' $DENY | # strip all but date
while read -r DATE; do
echo $(((NOW - $(date -d "$DATE" +%s))/86400)) # calculate rule age
done > "$STATEFILE" # rather than going through temp file, the age could be
for AGE in {6..0} ; do # used to increment an array element with that index.
COUNT="$(grep -c "^$AGE$" "$STATEFILE")" # That'd save grepping for counting from temp file.
echo "age${AGE}.value $COUNT" # produce values for all but oldest
((TOTAL+=COUNT))
done
echo "age7.value $(($(grep -c . "$STATEFILE")-TOTAL))" # all non-printed are older
rm "$STATEFILE"
}
run_"${1:-fetch}"
exit 0