Nagios - 幫助 NRPE 與 check_fail2ban.sh 搭配使用

Nagios - 幫助 NRPE 與 check_fail2ban.sh 搭配使用

我正在嘗試使用 Nagios 監控fail2ban,因此,我透過 Google 搜尋找到了以下檢查: http://nagios.fm4dd.com/plugins/manual/check_fail2ban.htm

我試圖讓檢查在遠端主機上工作,但我無法讓它返回準確的結果。我在 CentOS 7 上使用 Fail2ban v0.9.3,因此我必須根據以下連結對腳本進行一項更改: https://exchange.nagios.org/directory/Plugins/Security/Firewall-Software/check_fail2ban/details#rev-3948

*筆記: 下面的所有輸出都來自“遠端伺服器”,而不是我的“Nagios 伺服器”。

我所做的更改(第 108 行)如下:

jail_list=$($fail2ban_client status|grep "list" |cut -d : -f 2 |tr -d ,)

我已經根據 wiki 授予了 Nagios 使用者和 NRPE 權限:

setfacl -m u:nagios:rwx /var/run/fail2ban/fail2ban.sock

我能夠以 Nagios 和 NRPE 用戶身份運行fail2ban-client 和腳本:

[root@localhost plugins]# sudo -u nrpe fail2ban-client status
Status
|- Number of jail:      2
`- Jail list:   openvpn, sshd

[root@localhost plugins]# sudo -u nagios fail2ban-client status
Status
|- Number of jail:      2
`- Jail list:   openvpn, sshd

[root@localhost etc]# sudo -u nagios /usr/lib64/nagios/plugins/check_fail2ban.sh -w 10 -c 20
OK: 1 banned IP(s) in 2 active jails|banned_IP=1;10;20;;
jail openvpn blocks 1 IP(s): 76.123.218.206
jail sshd blocks 0 IP(s):
| openvpn=1;;;; sshd=0;;;;

[root@localhost etc]# sudo -u nrpe /usr/lib64/nagios/plugins/check_fail2ban.sh -w 10 -c 20
OK: 1 banned IP(s) in 2 active jails|banned_IP=1;10;20;;
jail openvpn blocks 1 IP(s): 76.123.218.206
jail sshd blocks 0 IP(s):
| openvpn=1;;;; sshd=0;;;;

這是我在本地運行時得到的結果:

[root@localhost plugins]# ./check_fail2ban.sh -w 10 -c 20
OK: 1 banned IP(s) in 2 active jails|banned_IP=1;10;20;;
jail openvpn blocks 1 IP(s): 46.133.118.236
jail sshd blocks 0 IP(s):
| openvpn=1;;;; sshd=0;;;;

以下是我使用 NRPE 在本地運行時得到的結果:

[root@localhost plugins]# /usr/lib64/nagios/plugins/check_nrpe -t 60 -H 127.0.0.1 -p 5666 -c check_fail2ban -a 10 20
OK: 0 banned IP(s) in active jails|banned_IP=0;10;20;;
|
  • 當我在 Nagios 伺服器上運行它時,我得到相同的結果

我的命令在我的 nrpe.cfg 中定義:

command[check_fail2ban]=/usr/lib64/nagios/plugins/check_fail2ban.sh -w $ARG1$ -c $ARG2$

我通過將以下內容添加到我的 nrpe.cfg 檔案中嘗試了一些“調試”:

command[check_fail2ban]=whoami
command[check_fail2ban]=env

“調試”輸出:

[root@localhost plugins]# /usr/lib64/nagios/plugins/check_nrpe -t 60 -H 127.0.0.1 -p 5666 -c check_fail2ban -a 10 20
SHELL=/sbin/nologin
NRPE_PROGRAMVERSION=2.15
USER=nrpe
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
PWD=/
LANG=en_US.UTF-8
SHLVL=1
HOME=/var/run/nrpe
LOGNAME=nrpe
NRPE_SSL_OPT=
NRPE_MULTILINESUPPORT=1
_=/usr/bin/env

我透過將 NRPE 設定為 debug =1 嘗試了額外的調試。這是我從 Nagios 伺服器執行命令時的輸出。

Sep 27 12:36:46 localhost nrpe[31031]: Connection from 192.168.1.200 port 61853
Sep 27 12:36:46 localhost nrpe[31031]: Host address is in allowed_hosts
Sep 27 12:36:46 localhost nrpe[31031]: Handling the connection...
Sep 27 12:36:46 localhost nrpe[31031]: Host is asking for command 'check_fail2ban' to be run...
Sep 27 12:36:46 localhost nrpe[31031]: Running command: usr/lib64/nagios/plugins/check_fail2ban.sh -w 10 -c 20
Sep 27 12:36:46 localhost nrpe[31031]: Command completed with return code 0 and output: OK: 0 banned IP(s) in active jails|banned_IP=0;10;20;;#012|
Sep 27 12:36:46 localhost nrpe[31031]: Return Code: 0, Output: OK: 0 banned IP(s) in active jails|banned_IP=0;10;20;;#012|
Sep 27 12:36:46 localhost nrpe[31031]: Connection from `bYj closed.
  • 當我使用 check_nrpe 從伺服器本地運行它時,我得到了相同的結果。

看起來 NRPE 可能沒有捕獲腳本的所有輸出?如果我錯過了一些愚蠢的事情,請原諒我,因為我是 Windows 用戶,在 Linux 上做得很少。任何幫助是極大的讚賞!


* ***編輯答案* ***

用戶4556274,我認為它已啟用。這是該命令的輸出:

[root@localhost etc]# ls -Z /usr/lib64/nagios/plugins
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0   check_apc
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0   check_asterisk_pri.php
-rwxr-xr-x. root root system_u:object_r:nagios_checkdisk_plugin_exec_t:s0 check_disk
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_fail2ban.old
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_fail2ban.sh
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_load
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_mem.pl
-rwxr-xr-x. root root system_u:object_r:nagios_services_plugin_exec_t:s0 check_nrpe
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0   check_openmanage
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_openvpn.php
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_openvpn_user_list
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_openvpn_user_status
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_openvpn_user_traffic
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0   check_ping
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_procs
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_swap
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0   check_swraid.py
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0   check_swraid.sh
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_users
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       negate
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       urlize
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       utils.sh

相關內容