Verified Commit 7b648d6b authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Add fail2ban exporter

The fail2ban exporter exports the amount of bans per jail.
parent cbe8eab0
#!/bin/bash
set -o errexit
set -o nounset
if (( $# != 1 )); then
echo "Missing textcollector directory argument"
exit 1
fi
TEXTFILE_COLLECTOR_DIR=${1}
PROM_FILE=$TEXTFILE_COLLECTOR_DIR/fail2ban.prom
TMP_FILE=$PROM_FILE.$$
[ -e $TMP_FILE ] && rm -f $TMP_FILE
trap "rm -f $TMP_FILE" EXIT
json=$(fail2ban-client banned | tr \' \")
len=$(echo $json | jq '. | length')
echo "# HELP fail2ban_bans" >> $TMP_FILE
echo "# TYPE fail2ban_bans gauge" >> $TMP_FILE
for ((i = 0; i < $len; i++ ));
do
jail=$(echo $json | jq -r ".[${i}] | keys | .[0]")
bans=$(echo $json | jq -r ".[${i}] | to_entries | .[0].value | length")
echo "fail2ban_bans{jail=\"${jail}\"} $bans" >> $TMP_FILE
done
mv -f $TMP_FILE $PROM_FILE
......@@ -58,6 +58,7 @@
- repository-textcollector.sh
- btrfs-textcollector.sh
- aur-textcollector.sh
- fail2ban-textcollector.sh
- name: install arch textcollector service
template: src=prometheus-arch-textcollector.service.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.service owner=root group=root mode=644
......@@ -80,6 +81,15 @@
systemd: name=prometheus-borg-textcollector.timer enabled=yes daemon_reload=yes state=started
when: "'borg_clients' in group_names"
- name: install fail2ban textcollector service
template: src=prometheus-fail2ban-textcollector.service.j2 dest=/etc/systemd/system/prometheus-fail2ban-textcollector.service owner=root group=root mode=644
- name: install fail2ban textcollector timer
template: src=prometheus-fail2ban-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-fail2ban-textcollector.timer owner=root group=root mode=644
- name: enable and start prometheus fail2ban textcollector timer
systemd: name=prometheus-fail2ban-textcollector.timer enabled=yes daemon_reload=yes state=started
- name: install blackbox exporter configuration
copy: src=blackbox.yml dest=/etc/prometheus/blackbox.yml owner=root group=root mode=0644
when: "'prometheus' in group_names"
......
[Unit]
Description=Prometheus Fail2ban Exporter
[Service]
Type=oneshot
ExecStart=/usr/local/bin/fail2ban-textcollector.sh {{ prometheus_textfile_dir }}
NoNewPrivileges=true
LockPersonality=true
PrivateDevices=true
PrivateTmp=true
PrivateNetwork=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths={{ prometheus_textfile_dir }}
MemoryDenyWriteExecute=true
RemoveIPC=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictSUIDSGID=true
RestrictAddressFamilies=~AF_PACKET
RestrictAddressFamilies=~AF_NETLINK
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectClock=true
SystemCallArchitectures=native
[Unit]
Description=Prometheus Fail2ban Exporter TextCollector Timer
[Timer]
OnUnitActiveSec=10min
OnBootSec=15min
RandomizedDelaySec=1min
[Install]
WantedBy=timers.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment