3
This plugin checks if the fail2ban server is running and how many IPs are currently banned.
4
You can use this plugin to monitor all the jails or just a specific jail.
9
Just have to run the following command:
10
$ ./check_fail2ban --help
12
If you need to use this script with NRPE you just have to do the
15
1 allow your user to run the script with the sudo rights. Just add
16
something like that in your /etc/sudoers (use visudo) :
17
nagios ALL=(ALL) NOPASSWD: /<path-to>/check_fail2ban
19
2 then just add this kind of line in your NRPE config file :
20
command[check_fail2ban]=/usr/bin/sudo /<path-to>/check_fail2ban
22
3 don't forget to restart your NRPE daemon
24
/!\ be careful to let no one able to update the check_fail2ban ;)
25
------------------------------------------------------------------------------
28
Notes (from f2ban.txt)
30
It seems that Fail2ban is currently not working, please login and check
35
/etc/init.d/fail2ban stop
37
2.) delete the socket if available
41
/etc/init.d/fail2ban start
43
4.) check if fail2ban is working
45
Answer should be "pong"
47
5.) if the answer is not "pong" run away or CRY FOR HELP ;-)
53
Usage: /<path-to>/check_fail2ban [-p] [-D "CHECK FAIL2BAN ACTIVITY"] [-v] [-c 2] [-w 1] [-s /<path-to>/socket] [-P /usr/bin/fail2ban-client]
57
Print detailed help screen
59
Print version information
61
To modify the output display
62
default is "CHECK FAIL2BAN ACTIVITY"
63
-P, --path-fail2ban_client=STRING
64
Specify the path to the tw_cli binary
65
default value is /usr/bin/fail2ban-client
67
Specify a critical threshold
70
Specify a warning threshold
76
If you want to activate the perfdata output
78
Show details for command-line debugging (Nagios may truncate the output)
85
$ ./check_fail2ban --verbose -p -j ssh -w 1 -c 5 -P /usr/bin/fail2ban-client
86
DEBUG : fail2ban_client_path: /usr/bin/fail2ban-client
87
DEBUG : /usr/bin/fail2ban-client exists and is executable
88
DEBUG : final fail2ban command: /usr/bin/fail2ban-client
89
DEBUG : warning threshold : 1, critical threshold : 5
90
DEBUG : it seems the connection with the fail2ban server is ok
91
CHECK FAIL2BAN ACTIVITY - OK - 0 current banned IP(s) for the specific jail ssh | currentBannedIP=0
93
# for all the current jails
94
$ ./check_fail2ban --verbose -p -w 1 -c 5 -P /usr/bin/fail2ban-client
95
DEBUG : fail2ban_client_path: /usr/bin/fail2ban-client
96
DEBUG : /usr/bin/fail2ban-client exists and is executable
97
DEBUG : final fail2ban command: /usr/bin/fail2ban-client
98
DEBUG : warning threshold : 1, critical threshold : 5
99
DEBUG : it seems the connection with the fail2ban server is ok
100
DEBUG : jails list: apache, ssh-ddos, ssh
101
DEBUG : the jail apache has currently 0 banned IPs
102
DEBUG : the jail ssh-ddos has currently 0 banned IPs
103
DEBUG : the jail ssh has currently 0 banned IPs
104
CHECK FAIL2BAN ACTIVITY - OK - 3 detected jails with 0 current banned IP(s) | currentBannedIP=0