From 58751fa4df5e090b4499a9328ad1dc18912db582 Mon Sep 17 00:00:00 2001 From: Daniel Nelson Date: Fri, 25 Aug 2017 11:42:07 -0700 Subject: [PATCH] Update fail2ban documentation --- plugins/inputs/fail2ban/README.md | 22 +++++++++------------- plugins/inputs/fail2ban/fail2ban.go | 8 +++----- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/plugins/inputs/fail2ban/README.md b/plugins/inputs/fail2ban/README.md index e785a0dd3..b0f6666bb 100644 --- a/plugins/inputs/fail2ban/README.md +++ b/plugins/inputs/fail2ban/README.md @@ -1,19 +1,19 @@ -# Fail2ban Plugin +# Fail2ban Input Plugin -The fail2ban plugin gathers counts of failed and banned ip addresses from fail2ban. +The fail2ban plugin gathers the count of failed and banned ip addresses using [fail2ban](https://www.fail2ban.org). -This plugin run fail2ban-client command, and fail2ban-client require root access. -You have to grant telegraf to run fail2ban-client: +This plugin runs the `fail2ban-client` command which generally requires root access. +Acquiring the required permissions can be done using several methods: -- Run telegraf as root. (deprecate) -- Configure sudo to grant telegraf to fail2ban-client. +- Use sudo run fail2ban-client. +- Run telegraf as root. (not recommended) ### Using sudo You may edit your sudo configuration with the following: ``` sudo -telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status * +telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status * ``` ### Configuration: @@ -21,10 +21,7 @@ telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status * ``` toml # Read metrics from fail2ban. [[inputs.fail2ban]] - ## fail2ban-client require root access. - ## Setting 'use_sudo' to true will make use of sudo to run fail2ban-client. - ## Users must configure sudo to allow telegraf user to run fail2ban-client with no password. - ## This plugin run only "fail2ban-client status". + ## Use sudo to run fail2ban-client use_sudo = false ``` @@ -38,7 +35,7 @@ telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status * - All measurements have the following tags: - jail - + ### Example Output: ``` @@ -55,6 +52,5 @@ Status for the jail: sshd ``` ``` -$ ./telegraf --config telegraf.conf --input-filter fail2ban --test fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000 ``` diff --git a/plugins/inputs/fail2ban/fail2ban.go b/plugins/inputs/fail2ban/fail2ban.go index 54655357f..37afb87b6 100644 --- a/plugins/inputs/fail2ban/fail2ban.go +++ b/plugins/inputs/fail2ban/fail2ban.go @@ -6,9 +6,10 @@ import ( "os/exec" "strings" + "strconv" + "github.com/influxdata/telegraf" "github.com/influxdata/telegraf/plugins/inputs" - "strconv" ) var ( @@ -21,10 +22,7 @@ type Fail2ban struct { } var sampleConfig = ` - ## fail2ban-client require root access. - ## Setting 'use_sudo' to true will make use of sudo to run fail2ban-client. - ## Users must configure sudo to allow telegraf user to run fail2ban-client with no password. - ## This plugin run only "fail2ban-client status". + ## Use sudo to run fail2ban-client use_sudo = false `