我正在嘗試使用 Nagios 監控fail2ban,因此,我透過 Google 搜尋找到了以下檢查: http://nagios.fm4dd.com/plugins/manual/check_fail2ban.htm
我試圖讓檢查在遠端主機上工作,但我無法讓它返回準確的結果。我在 CentOS 7 上使用 Fail2ban v0.9.3,因此我必須根據以下連結對腳本進行一項更改: https://exchange.nagios.org/directory/Plugins/Security/Firewall-Software/check_fail2ban/details#rev-3948
*筆記: 下面的所有輸出都來自“遠端伺服器”,而不是我的“Nagios 伺服器”。
我所做的更改(第 108 行)如下:
jail_list=$($fail2ban_client status|grep "list" |cut -d : -f 2 |tr -d ,)
我已經根據 wiki 授予了 Nagios 使用者和 NRPE 權限:
setfacl -m u:nagios:rwx /var/run/fail2ban/fail2ban.sock
我能夠以 Nagios 和 NRPE 用戶身份運行fail2ban-client 和腳本:
[root@localhost plugins]# sudo -u nrpe fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: openvpn, sshd
[root@localhost plugins]# sudo -u nagios fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: openvpn, sshd
[root@localhost etc]# sudo -u nagios /usr/lib64/nagios/plugins/check_fail2ban.sh -w 10 -c 20
OK: 1 banned IP(s) in 2 active jails|banned_IP=1;10;20;;
jail openvpn blocks 1 IP(s): 76.123.218.206
jail sshd blocks 0 IP(s):
| openvpn=1;;;; sshd=0;;;;
[root@localhost etc]# sudo -u nrpe /usr/lib64/nagios/plugins/check_fail2ban.sh -w 10 -c 20
OK: 1 banned IP(s) in 2 active jails|banned_IP=1;10;20;;
jail openvpn blocks 1 IP(s): 76.123.218.206
jail sshd blocks 0 IP(s):
| openvpn=1;;;; sshd=0;;;;
這是我在本地運行時得到的結果:
[root@localhost plugins]# ./check_fail2ban.sh -w 10 -c 20
OK: 1 banned IP(s) in 2 active jails|banned_IP=1;10;20;;
jail openvpn blocks 1 IP(s): 46.133.118.236
jail sshd blocks 0 IP(s):
| openvpn=1;;;; sshd=0;;;;
以下是我使用 NRPE 在本地運行時得到的結果:
[root@localhost plugins]# /usr/lib64/nagios/plugins/check_nrpe -t 60 -H 127.0.0.1 -p 5666 -c check_fail2ban -a 10 20
OK: 0 banned IP(s) in active jails|banned_IP=0;10;20;;
|
- 當我在 Nagios 伺服器上運行它時,我得到相同的結果
我的命令在我的 nrpe.cfg 中定義:
command[check_fail2ban]=/usr/lib64/nagios/plugins/check_fail2ban.sh -w $ARG1$ -c $ARG2$
我通過將以下內容添加到我的 nrpe.cfg 檔案中嘗試了一些“調試”:
command[check_fail2ban]=whoami
command[check_fail2ban]=env
“調試”輸出:
[root@localhost plugins]# /usr/lib64/nagios/plugins/check_nrpe -t 60 -H 127.0.0.1 -p 5666 -c check_fail2ban -a 10 20
SHELL=/sbin/nologin
NRPE_PROGRAMVERSION=2.15
USER=nrpe
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
PWD=/
LANG=en_US.UTF-8
SHLVL=1
HOME=/var/run/nrpe
LOGNAME=nrpe
NRPE_SSL_OPT=
NRPE_MULTILINESUPPORT=1
_=/usr/bin/env
我透過將 NRPE 設定為 debug =1 嘗試了額外的調試。這是我從 Nagios 伺服器執行命令時的輸出。
Sep 27 12:36:46 localhost nrpe[31031]: Connection from 192.168.1.200 port 61853
Sep 27 12:36:46 localhost nrpe[31031]: Host address is in allowed_hosts
Sep 27 12:36:46 localhost nrpe[31031]: Handling the connection...
Sep 27 12:36:46 localhost nrpe[31031]: Host is asking for command 'check_fail2ban' to be run...
Sep 27 12:36:46 localhost nrpe[31031]: Running command: usr/lib64/nagios/plugins/check_fail2ban.sh -w 10 -c 20
Sep 27 12:36:46 localhost nrpe[31031]: Command completed with return code 0 and output: OK: 0 banned IP(s) in active jails|banned_IP=0;10;20;;#012|
Sep 27 12:36:46 localhost nrpe[31031]: Return Code: 0, Output: OK: 0 banned IP(s) in active jails|banned_IP=0;10;20;;#012|
Sep 27 12:36:46 localhost nrpe[31031]: Connection from `bYj closed.
- 當我使用 check_nrpe 從伺服器本地運行它時,我得到了相同的結果。
看起來 NRPE 可能沒有捕獲腳本的所有輸出?如果我錯過了一些愚蠢的事情,請原諒我,因為我是 Windows 用戶,在 Linux 上做得很少。任何幫助是極大的讚賞!
* ***編輯答案* ***
用戶4556274,我認為它已啟用。這是該命令的輸出:
[root@localhost etc]# ls -Z /usr/lib64/nagios/plugins
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 check_apc
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 check_asterisk_pri.php
-rwxr-xr-x. root root system_u:object_r:nagios_checkdisk_plugin_exec_t:s0 check_disk
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_fail2ban.old
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_fail2ban.sh
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_load
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_mem.pl
-rwxr-xr-x. root root system_u:object_r:nagios_services_plugin_exec_t:s0 check_nrpe
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 check_openmanage
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_openvpn.php
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_openvpn_user_list
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_openvpn_user_status
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_openvpn_user_traffic
-rwxr-xr-x. root root unconfined_u:object_r:lib_t:s0 check_ping
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_procs
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_swap
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 check_swraid.py
-rwxr-xr-x. root root unconfined_u:object_r:usr_t:s0 check_swraid.sh
-rwxr-xr-x. root root system_u:object_r:nagios_system_plugin_exec_t:s0 check_users
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 negate
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 urlize
-rwxr-xr-x. root root system_u:object_r:bin_t:s0 utils.sh