feature: add fail2ban application support (#5924)

* add single pool based poller for php-fpm * add the page for php-fpm * add graph for php-fpm * I agree to the conditions of the Contributor Agreement contained in doc/General/Contributing.md. * use named OID as suggest by @laf * document PHP-FPM monitoring * link it in the index * clean up the named oid * add how to grab the script in question * add f2b poller * add f2b app page * add f2b graph * add fail2ban notes * minor formatting cleanup * ...more formatting cleanup * rename it so it can be called via the app page * Revert "rename it so it can be called via the app page" This reverts commit 0bde88a03840138fa28b75606e3cd269ce023f67. * *rename it so it can be called via the apps page *setup the apps page to call it * renamed the graph * now include fail2ban in the apps properly * correct the wget command so it does not stomp on phpfpm-sp * update the fail2ban poller for the newest fail2ban script and now build multiple RRDs * update for now graphing firewalled and banned * update fail2ban docs to match the newest snmpd extend method * search automatically for jails and graph them * graphs the currently banned for a fail2ban jail * change the tital of the graph for the total banned to make it more descriptive * Add a explanation of the two variables in the total graph. * misc. white space cleans ups * misc. white space cleanup * minor white space cleanup * correct descr lenght * correct descr lenght * Update fail2ban.inc.php * Use rrd_name properly * note the cache file bits * make caching optional and note why * Update to new RrdDefinition class * And the use statement ;/ * Messed the second rrd_def * correct two minor errors that did not seem to be causing issues * don't use $vars as per pull #5994 * don't use $vars as per pull #5994 * fix jails graphs * Remove loops and temp variables * whitespace * Change graph so we don't get fractions
2024-10-07 16:52:45 +00:00 · 2017-02-24 11:50:33 -06:00
parent fdb0656c17
commit 6cf5add528
6 changed files with 199 additions and 0 deletions
--- a/doc/Extensions/Applications.md
+++ b/doc/Extensions/Applications.md
@ -28,6 +28,7 @@ Different applications support a variety of ways collect data: by direct connect
 1. [EXIM Stats](#exim-stats) - SNMP extend
 1. [Munin](#munin) - Agent
 1. [PHP-FPM](#php-fpm) - SNMP extend
+1. [Fail2ban](#fail2ban) - SNMP extend

 ### Apache
 Either use SNMP extend or use the agent.
@ -487,3 +488,33 @@ extend phpfpmsp /etc/snmp/phpfpm-sp
 7. On the device page in Librenms, edit your host and check `PHP-FPM` under the Applications tab.

 It is worth noting that this only monitors a single pool. If you want to monitor multiple pools, this won't do it.
+
+#### Fail2ban
+
+##### SNMP Extend
+
+1: Copy the shell script, fail2ban, to the desired host (the host must be added to LibreNMS devices) (wget https://github.com/librenms/librenms-agent/raw/master/snmp/fail2ban -O /etc/snmp/fail2ban)
+
+2: Make the script executable (chmod +x /etc/snmp/fail2ban)
+
+3: Edit your snmpd.conf file (usually /etc/snmp/fail2ban) and add:
+```
+extend fail2ban /etc/snmp/fail2ban
+```
+
+4: Edit /etc/snmp/fail2ban to match the firewall table you are using on your system. You should be good if you are using the defaults. Also make sure that the cache variable is properly set if you wish to use caching. The directory it exists in, needs to exist as well. To make sure it is working with out issue, run '/etc/snmp/fail2ban -u' and make sure it runs with out producing any errors.
+
+5: Restart snmpd on your host
+
+6: If you wish to use caching, add the following to /etc/crontab and restart cron.
+```
+*/3    *    *    *    *    root    /etc/snmp/fail2ban -u 
+```
+
+7: Restart or reload cron on your system.
+
+8: On the device page in Librenms, edit your host and check `Fail2ban` under the Applications tab.
+
+In regards to the totals graphed there are two variables banned and firewalled. Firewalled is a count of banned entries the firewall for fail2ban and banned is the currently banned total from fail2ban-client. Both are graphed as the total will diverge with some configurations when fail2ban fails to see if a IP is in more than one jail when unbanning it. This is most likely to happen when the recidive is in use.
+
+If you have more than a few jails configured, you may need to use caching as each jail needs to be polled and fail2ban-client can't do so in a timely manner for than a few. This can result in failure of other SNMP information being polled.
--- a/html/includes/graphs/application/fail2ban_banned.inc.php
+++ b/html/includes/graphs/application/fail2ban_banned.inc.php
@ -0,0 +1,35 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$scale_min     = 0;
+$colours       = 'mixed';
+$unit_text     = 'Banned IPs';
+$unitlen       = 10;
+$bigdescrlen   = 10;
+$smalldescrlen = 10;
+$dostack       = 0;
+$printtotal    = 0;
+$addarea       = 1;
+$transparency  = 15;
+
+$rrd_filename = rrd_name($device['hostname'], array('app', $app['app_type'], $app['app_id']));
+
+if (is_file($rrd_filename)) {
+    $rrd_list = array(
+        array(
+            'filename' => $rrd_filename,
+            'descr'    => 'Banned',
+            'ds'       => 'banned',
+            'colour'   => '582A72'
+        ),
+        array(
+            'filename' => $rrd_filename,
+            'descr'    => 'Firewalled',
+            'ds'       => 'firewalled',
+            'colour'   => '28774F'
+        )
+    );
+} else {
+    echo "file missing: $rrd_filename";
+}
+
+require 'includes/graphs/generic_v3_multiline.inc.php';
--- a/html/includes/graphs/application/fail2ban_jail.inc.php
+++ b/html/includes/graphs/application/fail2ban_jail.inc.php
@ -0,0 +1,28 @@
+<?php
+require 'includes/graphs/common.inc.php';
+$scale_min     = 0;
+$colours       = 'mixed';
+$unit_text     = ' ';
+$unitlen       = 10;
+$bigdescrlen   = 10;
+$smalldescrlen = 10;
+$dostack       = 0;
+$printtotal    = 0;
+$addarea       = 1;
+$transparency  = 15;
+
+$rrd_filename = rrd_name($device['hostname'], array('app', $app['app_type'], $app['app_id'], $vars['jail']));
+if (rrdtool_check_rrd_exists($rrd_filename)) {
+    $rrd_list = array(
+        array(
+            'filename' => $rrd_filename,
+            'descr'    => 'Banned IPs',
+            'ds'       => 'banned',
+            'colour'   => '582A72'
+        )
+    );
+} else {
+    echo "file missing: $rrd_filename";
+}
+
+require 'includes/graphs/generic_v3_multiline.inc.php';
--- a/html/pages/apps.inc.php
+++ b/html/pages/apps.inc.php
@ -99,6 +99,10 @@ $graphs['dhcp-stats'] = array(
     'stats',
 );

+$graphs['fail2ban'] = array(
+    'banned',
+);
+
 $graphs['freeswitch'] = array(
    'peak',
    'callsIn',
--- a/html/pages/device/apps/fail2ban.inc.php
+++ b/html/pages/device/apps/fail2ban.inc.php
@ -0,0 +1,56 @@
+<?php
+
+global $config;
+$graphs = array(
+    'fail2ban_banned' => 'Total Banned',
+);
+
+foreach ($graphs as $key => $text) {
+    $graph_type            = $key;
+    $graph_array['height'] = '100';
+    $graph_array['width']  = '215';
+    $graph_array['to']     = $config['time']['now'];
+    $graph_array['id']     = $app['app_id'];
+    $graph_array['type']   = 'application_'.$key;
+
+    echo '<div class="panel panel-default">
+    <div class="panel-heading">
+        <h3 class="panel-title">'.$text.'</h3>
+    </div>
+    <div class="panel-body">
+    <div class="row">';
+    include 'includes/print-graphrow.inc.php';
+    echo '</div>';
+    echo '</div>';
+    echo '</div>';
+}
+
+$baseName=rrd_name($device['hostname'], array('app', 'fail2ban', $app['app_id']), '-');
+$jails=array();
+$jailGlob=$baseName.'*.rrd';
+foreach (glob($jailGlob) as $jailrrd) {
+    $jail=str_replace($baseName, '', $jailrrd);
+    $jail=str_replace('.rrd', '', $jail);
+    $jails[]=$jail;
+}
+
+foreach ($jails as $jail) {
+    $graph_type            = 'fail2ban_jail';
+    $graph_array['height'] = '100';
+    $graph_array['width']  = '215';
+    $graph_array['to']     = $config['time']['now'];
+    $graph_array['id']     = $app['app_id'];
+    $graph_array['type']   = 'application_fail2ban_jail';
+    $graph_array['jail']   = $jail;
+
+    echo '<div class="panel panel-default">
+    <div class="panel-heading">
+        <h3 class="panel-title">Jail: '.$jail.'</h3>
+    </div>
+    <div class="panel-body">
+    <div class="row">';
+    include 'includes/print-graphrow.inc.php';
+    echo '</div>';
+    echo '</div>';
+    echo '</div>';
+}
--- a/includes/polling/applications/fail2ban.inc.php
+++ b/includes/polling/applications/fail2ban.inc.php
@ -0,0 +1,45 @@
+<?php
+
+use LibreNMS\RRD\RrdDefinition;
+
+$name = 'fail2ban';
+$app_id = $app['app_id'];
+
+$options      = '-O qv';
+$mib          = 'NET-SNMP-EXTEND-MIB';
+$oid          = 'nsExtendOutputFull.8.102.97.105.108.50.98.97.110';
+$f2b = snmp_walk($device, $oid, $options, $mib);
+
+$bannedStuff = explode("\n", $f2b);
+
+$banned=$bannedStuff[0];
+$firewalled=$bannedStuff[1];
+
+$rrd_name = array('app', $name, $app_id);
+$rrd_def = RrdDefinition::make()
+    ->addDataset('banned', 'GAUGE', 0)
+    ->addDataset('firewalled', 'GAUGE', 0);
+
+$fields = array(
+    'banned' =>$banned,
+    'firewalled' => $firewalled,
+);
+
+$tags = array('name' => $name, 'app_id' => $app_id, 'rrd_def' => $rrd_def, 'rrd_name' => $rrd_name);
+data_update($device, 'app', $tags, $fields);
+
+$int=2;
+while (isset($bannedStuff[$int])) {
+    list( $jail, $banned )=explode(" ", $bannedStuff[$int]);
+
+    if (isset($jail) && isset($banned)) {
+        $rrd_name = array('app', $name, $app_id, $jail);
+        $rrd_def = RrdDefinition::make()->addDataset('banned', 'GAUGE', 0);
+        $fields = array('banned' =>$banned);
+
+        $tags = array('name' => $name, 'app_id' => $app_id, 'rrd_def' => $rrd_def, 'rrd_name' => $rrd_name);
+        data_update($device, 'app', $tags, $fields);
+    }
+
+    $int++;
+}