Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
82b91b4d
Commit
82b91b4d
authored
Jul 12, 2021
by
Jelle van der Waa
🚧
Browse files
Merge branch 'fail2ban_exporter' into 'master'
Add fail2ban exporter See merge request
!457
parents
cbe8eab0
7b648d6b
Pipeline
#9656
passed with stage
in 33 seconds
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
roles/prometheus_exporters/files/fail2ban-textcollector.sh
0 → 100644
View file @
82b91b4d
#!/bin/bash
set
-o
errexit
set
-o
nounset
if
((
$#
!=
1
))
;
then
echo
"Missing textcollector directory argument"
exit
1
fi
TEXTFILE_COLLECTOR_DIR
=
${
1
}
PROM_FILE
=
$TEXTFILE_COLLECTOR_DIR
/fail2ban.prom
TMP_FILE
=
$PROM_FILE
.
$$
[
-e
$TMP_FILE
]
&&
rm
-f
$TMP_FILE
trap
"rm -f
$TMP_FILE
"
EXIT
json
=
$(
fail2ban-client banned |
tr
\'
\"
)
len
=
$(
echo
$json
| jq
'. | length'
)
echo
"# HELP fail2ban_bans"
>>
$TMP_FILE
echo
"# TYPE fail2ban_bans gauge"
>>
$TMP_FILE
for
((
i
=
0
;
i <
$len
;
i++
))
;
do
jail
=
$(
echo
$json
| jq
-r
".[
${
i
}
] | keys | .[0]"
)
bans
=
$(
echo
$json
| jq
-r
".[
${
i
}
] | to_entries | .[0].value | length"
)
echo
"fail2ban_bans{jail=
\"
${
jail
}
\"
}
$bans
"
>>
$TMP_FILE
done
mv
-f
$TMP_FILE
$PROM_FILE
roles/prometheus_exporters/tasks/main.yml
View file @
82b91b4d
...
...
@@ -58,6 +58,7 @@
-
repository-textcollector.sh
-
btrfs-textcollector.sh
-
aur-textcollector.sh
-
fail2ban-textcollector.sh
-
name
:
install arch textcollector service
template
:
src=prometheus-arch-textcollector.service.j2 dest=/etc/systemd/system/prometheus-arch-textcollector.service owner=root group=root mode=644
...
...
@@ -80,6 +81,15 @@
systemd
:
name=prometheus-borg-textcollector.timer enabled=yes daemon_reload=yes state=started
when
:
"
'borg_clients'
in
group_names"
-
name
:
install fail2ban textcollector service
template
:
src=prometheus-fail2ban-textcollector.service.j2 dest=/etc/systemd/system/prometheus-fail2ban-textcollector.service owner=root group=root mode=644
-
name
:
install fail2ban textcollector timer
template
:
src=prometheus-fail2ban-textcollector.timer.j2 dest=/etc/systemd/system/prometheus-fail2ban-textcollector.timer owner=root group=root mode=644
-
name
:
enable and start prometheus fail2ban textcollector timer
systemd
:
name=prometheus-fail2ban-textcollector.timer enabled=yes daemon_reload=yes state=started
-
name
:
install blackbox exporter configuration
copy
:
src=blackbox.yml dest=/etc/prometheus/blackbox.yml owner=root group=root mode=0644
when
:
"
'prometheus'
in
group_names"
...
...
roles/prometheus_exporters/templates/prometheus-fail2ban-textcollector.service.j2
0 → 100644
View file @
82b91b4d
[Unit]
Description=Prometheus Fail2ban Exporter
[Service]
Type=oneshot
ExecStart=/usr/local/bin/fail2ban-textcollector.sh {{ prometheus_textfile_dir }}
NoNewPrivileges=true
LockPersonality=true
PrivateDevices=true
PrivateTmp=true
PrivateNetwork=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths={{ prometheus_textfile_dir }}
MemoryDenyWriteExecute=true
RemoveIPC=true
RestrictRealtime=true
RestrictNamespaces=true
RestrictSUIDSGID=true
RestrictAddressFamilies=~AF_PACKET
RestrictAddressFamilies=~AF_NETLINK
ProtectHostname=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectClock=true
SystemCallArchitectures=native
roles/prometheus_exporters/templates/prometheus-fail2ban-textcollector.timer.j2
0 → 100644
View file @
82b91b4d
[Unit]
Description=Prometheus Fail2ban Exporter TextCollector Timer
[Timer]
OnUnitActiveSec=10min
OnBootSec=15min
RandomizedDelaySec=1min
[Install]
WantedBy=timers.target
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment