parent
47264bc860
commit
30949c4596
|
@ -1,19 +1,19 @@
|
||||||
# Fail2ban Plugin
|
# Fail2ban Input Plugin
|
||||||
|
|
||||||
The fail2ban plugin gathers counts of failed and banned ip addresses from fail2ban.
|
The fail2ban plugin gathers the count of failed and banned ip addresses using [fail2ban](https://www.fail2ban.org).
|
||||||
|
|
||||||
This plugin run fail2ban-client command, and fail2ban-client require root access.
|
This plugin runs the `fail2ban-client` command which generally requires root access.
|
||||||
You have to grant telegraf to run fail2ban-client:
|
Acquiring the required permissions can be done using several methods:
|
||||||
|
|
||||||
- Run telegraf as root. (deprecate)
|
- Use sudo run fail2ban-client.
|
||||||
- Configure sudo to grant telegraf to fail2ban-client.
|
- Run telegraf as root. (not recommended)
|
||||||
|
|
||||||
### Using sudo
|
### Using sudo
|
||||||
|
|
||||||
You may edit your sudo configuration with the following:
|
You may edit your sudo configuration with the following:
|
||||||
|
|
||||||
``` sudo
|
``` sudo
|
||||||
telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status *
|
telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
|
||||||
```
|
```
|
||||||
|
|
||||||
### Configuration:
|
### Configuration:
|
||||||
|
@ -21,10 +21,7 @@ telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status *
|
||||||
``` toml
|
``` toml
|
||||||
# Read metrics from fail2ban.
|
# Read metrics from fail2ban.
|
||||||
[[inputs.fail2ban]]
|
[[inputs.fail2ban]]
|
||||||
## fail2ban-client require root access.
|
## Use sudo to run fail2ban-client
|
||||||
## Setting 'use_sudo' to true will make use of sudo to run fail2ban-client.
|
|
||||||
## Users must configure sudo to allow telegraf user to run fail2ban-client with no password.
|
|
||||||
## This plugin run only "fail2ban-client status".
|
|
||||||
use_sudo = false
|
use_sudo = false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -55,6 +52,5 @@ Status for the jail: sshd
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ./telegraf --config telegraf.conf --input-filter fail2ban --test
|
|
||||||
fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000
|
fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000
|
||||||
```
|
```
|
||||||
|
|
|
@ -6,9 +6,10 @@ import (
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"github.com/influxdata/telegraf"
|
"github.com/influxdata/telegraf"
|
||||||
"github.com/influxdata/telegraf/plugins/inputs"
|
"github.com/influxdata/telegraf/plugins/inputs"
|
||||||
"strconv"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -21,10 +22,7 @@ type Fail2ban struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
var sampleConfig = `
|
var sampleConfig = `
|
||||||
## fail2ban-client require root access.
|
## Use sudo to run fail2ban-client
|
||||||
## Setting 'use_sudo' to true will make use of sudo to run fail2ban-client.
|
|
||||||
## Users must configure sudo to allow telegraf user to run fail2ban-client with no password.
|
|
||||||
## This plugin run only "fail2ban-client status".
|
|
||||||
use_sudo = false
|
use_sudo = false
|
||||||
`
|
`
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue