initial release

.gitignore

@@ -0,0 +1 @@
+README.md.backup

README.md

@@ -0,0 +1,20 @@
+# fail2ban plugin for check_mk
+This plugin should replace the fail2ban plugin from notes.benv.junerules.com/fail2ban/.
+The original plugin does not work correctly with check_mk 2.0. So this a completly new write.
+
+This is my first plugin with the new API. 
+I followed [Writing you own check plug-ins](https://docs.checkmk.com/latest/en/devel_check_plugins.html) and the [Guidelines](https://docs.checkmk.com/latest/en/dev_guidelines.html).
+
+## Install from source 
+* 
+
+## Install from package
+* Download mkp.
+* Install with cmk -P install fail2ban*.mkp
+
+## Parameter to configure
+
+## TODO
+* use parse functions?
+* Add Agent Bakery support (I use core only)
+* Decide if total banned/failed are something you want to graph and altering on

agents/plugins/fail2ban

@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# (c) Jens Kühnel <[email protected]> 2021
+#
+# This file is a check Script for check_mk
+# Information about fail2ban check_mk module see:
+# https://github.com/JensKuehnel/fail2ban-check-mk
+#
+# This is free software;  you can redistribute it and/or modify it
+# under the  terms of the  GNU General Public License  as published by
+# the Free Software Foundation in version 2.  check_mk is  distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
+# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
+# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
+# ails.  You should have  received  a copy of the  GNU  General Public
+# License along with GNU Make; see the file  COPYING.  If  not,  write
+# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+if [ -x /usr/bin/fail2ban-client ]; then
+echo "<<<fail2ban>>>"
+jails=`/usr/bin/fail2ban-client status | grep "Jail list" | sed -e 's/.*://' -e 's/,//g'`
+	echo "Detected jails: $jails"
+	for jail in $jails
+	do
+		/usr/bin/fail2ban-client status "$jail"
+	done
+fi
+

lib/check_mk/base/plugins/agent_based/fail2ban_checks.py

@@ -0,0 +1,119 @@
+#!/usr/bin/env python3
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#
+# (c) Jens Kühnel <[email protected]> 2021
+#
+# Information about fail2ban check_mk module see:
+# https://github.com/JensKuehnel/fail2ban-check-mk
+#
+# This is free software;  you can redistribute it and/or modify it
+# under the  terms of the  GNU General Public License  as published by
+# the Free Software Foundation in version 2.  check_mk is  distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
+# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
+# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
+# ails.  You should have  received  a copy of the  GNU  General Public
+# License along with GNU Make; see the file  COPYING.  If  not,  write
+# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+
+# Example for output from agent
+# ---------------------------------------------------------
+# <<<fail2ban>>>
+# Detected jails: 	postfix-sasl  sshd
+# Status for the jail: postfix-sasl
+# |- Filter
+# |  |- Currently failed:	7
+# |  |- Total failed:	1839
+# |  `- Journal matches:	_SYSTEMD_UNIT=postfix.service
+# `- Actions
+#    |- Currently banned:	1
+#    |- Total banned:	76
+#    `- Banned IP list:	212.70.149.71
+# Status for the jail: sshd
+# |- Filter
+# |  |- Currently failed:	6
+# |  |- Total failed:	1066
+# |  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
+# `- Actions
+#    |- Currently banned:	5
+#    |- Total banned:	50
+#    `- Banned IP list:	112.122.54.162 144.135.85.184 103.200.21.89 1.14.61.204
+
+from .agent_based_api.v1 import *
+
+
+def discovery_fail2ban(section):
+    firstline = section[0]
+    if firstline[:2] == ['Detected', 'jails:']:
+        for jail in firstline[2:]:
+            yield Service(item=jail)
+
+
+def check_fail2ban(item, params, section):
+    currentjail = ""
+    currentfailedcrit = params["failed"][1]
+    currentfailedwarn = params["failed"][0]
+    currentbannedcrit = params["banned"][1]
+    currentbannedwarn = params["banned"][0]
+
+    for entry in section:
+        if (entry[:3]) == ['Status', 'for', 'the']:
+            currentjail = entry[4]
+        elif currentjail != item:
+            # skip lines when this item is requested at the moment
+            continue
+        elif (entry[:4]) == ['|', '|-', 'Currently', 'failed:', ]:
+            currentfailed = int(entry[4])
+        elif (entry[:4]) == ['|', '|-', 'Total', 'failed:', ]:
+            totalfailed = int(entry[4])
+        elif (entry[:3]) == ['|-', 'Currently', 'banned:', ]:
+            currentbanned = int(entry[3])
+        elif (entry[:3]) == ['|-', 'Total', 'banned:', ]:
+            totalbanned = int(entry[3])
+
+    yield Metric(
+            name="current_failed",
+            value=currentfailed,
+            levels=(currentfailedwarn, currentfailedcrit)
+            )
+    yield Metric(
+            name="total_failed",
+            value=totalfailed,
+            )
+    yield Metric(
+            name="current_banned",
+            value=currentbanned,
+            levels=(currentbannedwarn, currentbannedcrit)
+            )
+    yield Metric(
+            name="total_banned",
+            value=totalbanned,
+            )
+
+    if currentfailedcrit <= currentfailed or currentbannedcrit <= currentbanned:
+        s = State.CRIT
+        status = "Crit"
+    elif currentfailedwarn <= currentfailed or currentbannedwarn <= currentbanned:
+        s = State.WARN
+        status = "Warn"
+    else:
+        s = State.OK
+        status = "OK"
+
+    yield Result(
+            state=s,
+            summary=f"{status} - {item} active - {currentfailed} failed ({totalfailed} total), {currentbanned} banned ({totalbanned} total)"
+            )
+    return
+
+
+register.check_plugin(
+        name="fail2ban",
+        service_name="Jail %s",
+        discovery_function=discovery_fail2ban,
+        check_function=check_fail2ban,
+        check_default_parameters={'banned': (10, 20), 'failed': (30, 40)},
+        check_ruleset_name="fail2ban",
+        )

share/check_mk/checkman/fail2ban

@@ -0,0 +1,19 @@
+title: fail2ban
+agents: linux
+author: Jens Kuehnel <[email protected]>
+license: GPL
+distribution: none
+description:
+ Monitor the number of failed and banned IPs from a fail2ban installation.
+
+perfdata:
+ The failed and banned IPs are graphed, both current and total.
+
+item:
+ For every fail2ban jail an extra check item is created.
+
+inventory:
+ Automatic inventory is supported. Install the agent and the rest is done automatically.
+
+ Warning and critical levels can be configured via WATO for both current and total.
+

web/plugins/metrics/fail2ban_metric.py

@@ -0,0 +1,62 @@
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#
+# (c) Jens Kühnel <[email protected]> 2021
+#
+# Information about fail2ban check_mk module see:
+# https://github.com/JensKuehnel/fail2ban-check-mk
+#
+# This is free software;  you can redistribute it and/or modify it
+# under the  terms of the  GNU General Public License  as published by
+# the Free Software Foundation in version 2.  check_mk is  distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
+# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
+# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
+# ails.  You should have  received  a copy of the  GNU  General Public
+# License along with GNU Make; see the file  COPYING.  If  not,  write
+# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+from cmk.gui.i18n import _
+
+from cmk.gui.plugins.metrics import (
+    metric_info,
+    graph_info,
+)
+
+metric_info["current_failed"] = {
+    "title": _("current failed"),
+    "unit": "count",
+    "color": "16/a",
+}
+
+metric_info["current_banned"] = {
+    "title": _("current banned "),
+    "unit": "count",
+    "color": "24/a",
+}
+
+metric_info["total_failed"] = {
+    "title": _("toal failed"),
+    "unit": "count",
+    "color": "16/b",
+}
+
+metric_info["total_banned"] = {
+    "title": _("total banned "),
+    "unit": "count",
+    "color": "24/b",
+}
+
+graph_info["current"] = {
+    "metrics": [
+        ("current_failed", "line"),
+        ("current_banned", "line"),
+    ],
+}
+
+graph_info["total"] = {
+    "metrics": [
+        ("total_failed", "line"),
+        ("total_banned", "line"),
+    ],
+}

web/plugins/wato/fail2ban_parameters.py

@@ -0,0 +1,72 @@
+# -*- encoding: utf-8; py-indent-offset: 4 -*-
+#
+# (c) Jens Kühnel <[email protected]> 2021
+#
+# Information about fail2ban check_mk module see:
+# https://github.com/JensKuehnel/fail2ban-check-mk
+#
+# This is free software;  you can redistribute it and/or modify it
+# under the  terms of the  GNU General Public License  as published by
+# the Free Software Foundation in version 2.  check_mk is  distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY;  with-
+# out even the implied warranty of  MERCHANTABILITY  or  FITNESS FOR A
+# PARTICULAR PURPOSE. See the  GNU General Public License for more de-
+# ails.  You should have  received  a copy of the  GNU  General Public
+# License along with GNU Make; see the file  COPYING.  If  not,  write
+# to the Free Software Foundation, Inc., 51 Franklin St,  Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+from cmk.gui.i18n import _
+
+from cmk.gui.valuespec import (
+    Dictionary,
+    Integer,
+    TextAscii,
+)
+
+from cmk.gui.plugins.wato import (
+    CheckParameterRulespecWithItem,
+    rulespec_registry,
+    RulespecGroupCheckParametersOperatingSystem,
+)
+
+
+def _item_valuespec_fail2ban():
+    return TextAscii(title=_("Jail name"))
+
+
+def _parameter_valuespec_fail2ban():
+    return Dictionary(elements=[
+         ("banned",
+             Tuple(
+                 title=_("Number of banned IPs"),
+                 help=_("This number of IPs have failed multiple times and "
+                        "are banned of a configure amount of times."),
+                 elements=[
+                     Integer(title=_("Warning at")),
+                     Integer(title=_("Critical at")),
+                 ],
+             )),
+         ("failed",
+             Tuple(
+                 title=_("Number of failed IPs"),
+                 help=_("This number of IPs have failed logins. "
+                        "If this happens multiple times they will be banned."),
+                 elements=[
+                     Integer(title=_("Warning at")),
+                     Integer(title=_("Critical at")),
+                 ],
+             )),
+        ],
+    )
+
+
+rulespec_registry.register(
+    CheckParameterRulespecWithItem(
+        check_group_name="fail2ban",
+        group=RulespecGroupCheckParametersOperatingSystem,
+        match_type="dict",
+        item_spec=_item_valuespec_fail2ban,
+        parameter_valuespec=_parameter_valuespec_fail2ban,
+        title=lambda: _("Number of fail2ban Banned/Failed IPs"),
+    ))