From 476a60908e004bd330a111a0e6028d61053fafa5 Mon Sep 17 00:00:00 2001
From: vogelor <vogelor@ispconfig3>
Date: Mon, 26 Jan 2009 13:48:02 -0500
Subject: [PATCH] Added fail2ban - Log to the monitor (if installed at the server). Updated installation-Instruction for debian
---
interface/web/monitor/tools.inc.php | 38 +++++++++
server/mods-available/monitor_core_module.inc.php | 80 +++++++++++++++++---
INSTALL_DEBIAN_4.0.txt | 18 ++-
INSTALL_DEBIAN_LENNY.txt | 41 +++++----
interface/web/monitor/lib/module.conf.php | 4 +
interface/web/monitor/show_data.php | 7 +
6 files changed, 149 insertions(+), 39 deletions(-)
diff --git a/INSTALL_DEBIAN_4.0.txt b/INSTALL_DEBIAN_4.0.txt
index 2323b80..7012b35 100644
--- a/INSTALL_DEBIAN_4.0.txt
+++ b/INSTALL_DEBIAN_4.0.txt
@@ -133,21 +133,26 @@
make install
rm -rf jailkit-2.5*
+8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
+More info at: http://www.howtoforge.com/fail2ban_debian_etch
-8) Install ISPConfig 3
+apt-get install fail2ban
+
+
+9) Install ISPConfig 3
There are two possile scenarios, but not both:
-8.1) Install the latest released version
-8.2) Install directly from SVN
+9.1) Install the latest released version
+9.2) Install directly from SVN
-8.1) Installation of last version from tar.gz
+9.1) Installation of last version from tar.gz
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz
tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz
cd ispconfig3_install/install/
-8.2) Installation from SVN
+9.2) Installation from SVN
apt-get install subversion
cd /tmp
@@ -155,7 +160,7 @@
cd trunk/install
-8.1+8.2) Now proceed with the ISPConfig installation.
+9.1+9.2) Now proceed with the ISPConfig installation.
Now start the installation process by executing:
@@ -205,5 +210,4 @@
Optional packages recommended:
denyhosts - a utility to help sys admins thwart ssh crackers
-fail2ban - Preventing Brute Force Attacks - http://www.howtoforge.com/fail2ban_debian_etch
rsync - fast remote file copy program (for backup)
\ No newline at end of file
diff --git a/INSTALL_DEBIAN_LENNY.txt b/INSTALL_DEBIAN_LENNY.txt
index 5c8e4db..03000a3 100644
--- a/INSTALL_DEBIAN_LENNY.txt
+++ b/INSTALL_DEBIAN_LENNY.txt
@@ -232,21 +232,37 @@
apt-get install vlogger webalizer
+7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users)
-7) Install ISPConfig 3
+apt-get install build-essential autoconf automake1.9 libtool flex bison
+cd /tmp
+wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
+tar xvfz jailkit-2.5.tar.gz
+cd jailkit-2.5
+./configure
+make
+make install
+rm -rf jailkit-2.5*
+
+8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
+More info at: http://www.howtoforge.com/fail2ban_debian_etch
+
+apt-get install fail2ban
+
+9) Install ISPConfig 3
# There are two possile scenarios, but not both:
-7.1) Install the latest released version
-7.2) Install directly from SVN
+9.1) Install the latest released version
+9.2) Install directly from SVN
-7.1) Installation of last version from tar.gz
+9.1) Installation of last version from tar.gz
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz
tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz
cd ispconfig3_install/install/
-7.2) Installation from SVN
+9.2) Installation from SVN
apt-get install subversion
cd /tmp
@@ -254,7 +270,7 @@
cd trunk/install
-7.1+7.2) Now proceed with the ISPConfig installation.
+9.1+9.2) Now proceed with the ISPConfig installation.
# Now start the installation process by executing:
@@ -304,21 +320,8 @@
----------------------------------------------------------------------------------------------------------
-Installing Jailkit:
-
-apt-get install build-essential autoconf automake1.9 libtool flex bison
-cd /tmp
-wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
-tar xvfz jailkit-2.5.tar.gz
-cd jailkit-2.5
-./configure
-make
-make install
-rm -rf jailkit-2.5*
-----------------------------------------------------------------------------------------------------------
Optional recommended packages:
denyhosts - a utility to help sys admins thwart ssh crackers
-fail2ban - Like denyhosts but updates firewall rules to reject/drop the IP address and supports many more apps
rsync - fast remote file copy program (for backup)
\ No newline at end of file
diff --git a/interface/web/monitor/lib/module.conf.php b/interface/web/monitor/lib/module.conf.php
index dd68504..58d849b 100644
--- a/interface/web/monitor/lib/module.conf.php
+++ b/interface/web/monitor/lib/module.conf.php
@@ -150,6 +150,10 @@
'target' => 'content',
'link' => 'monitor/show_data.php?type=rkhunter');
+$items[] = array( 'title' => "Show fail2ban-Log",
+ 'target' => 'content',
+ 'link' => 'monitor/show_data.php?type=fail2ban');
+
$module["nav"][] = array( 'title' => 'Logfiles',
'open' => 1,
'items' => $items);
diff --git a/interface/web/monitor/show_data.php b/interface/web/monitor/show_data.php
index be95a3d..cf39e90 100644
--- a/interface/web/monitor/show_data.php
+++ b/interface/web/monitor/show_data.php
@@ -110,6 +110,13 @@
$title = $app->lng("monitor_title_rkhunterlog_txt"). ' ('. $monTransSrv .' : ' . $_SESSION['monitor']['server_name'] . ')';
$description = '';
break;
+ case 'fail2ban':
+ $template = 'templates/show_data.htm';
+ $output .= showFail2ban();
+ $time = getDataTime('fail2ban');
+ $title = 'fail2ban - Log (' . $monTransSrv . ' : ' . $_SESSION['monitor']['server_name'] . ')';
+ $description = '';
+ break;
default:
$template = '';
break;
diff --git a/interface/web/monitor/tools.inc.php b/interface/web/monitor/tools.inc.php
index 8a36587..0800758 100644
--- a/interface/web/monitor/tools.inc.php
+++ b/interface/web/monitor/tools.inc.php
@@ -374,7 +374,7 @@
/*
* First, we have to detect, if there is any monitoring-data.
- * If not (because the destribution is not supported) show this.
+ * If not (because rkhunter is not installed) show this.
*/
$data = unserialize($record['data']);
if ($data['output'] == ''){
@@ -392,6 +392,42 @@
return $html;
}
+function showFail2ban()
+{
+ global $app;
+
+ /* fetch the Data from the DB */
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+
+ if(isset($record['data'])) {
+ $html =
+ '<div class="systemmonitor-state state-'.$record['state'].'">
+ <div class="systemmonitor-content icons32 ico-'.$record['state'].'">';
+
+ /*
+ * First, we have to detect, if there is any monitoring-data.
+ * If not (because fail2ban is not installed) show this.
+ */
+ $data = unserialize($record['data']);
+ if ($data == ''){
+ $html .= '<p>'.
+ 'fail2ban is not installed at this server.<br />' .
+ 'See more (for debian) <a href="http://www.howtoforge.net/fail2ban_debian_etch" target="htf">here...</a>'.
+ '</p>';
+ }
+ else {
+ $html .= nl2br($data);
+ }
+ $html .= '</div></div>';
+
+ } else {
+ $html = '<p>There is no data available at the moment.</p>';
+ }
+
+ return $html;
+}
+
+
function showMailq()
{
global $app;
diff --git a/server/mods-available/monitor_core_module.inc.php b/server/mods-available/monitor_core_module.inc.php
index cf263a2..5633539 100644
--- a/server/mods-available/monitor_core_module.inc.php
+++ b/server/mods-available/monitor_core_module.inc.php
@@ -121,6 +121,7 @@
$this->monitorMailQueue();
$this->monitorRaid();
$this->monitorRkHunter();
+ $this->monitorFail2ban();
$this->monitorSysLog();
}
@@ -748,6 +749,58 @@
$this->_delOldRecords($type, 0, 2);
}
+ function monitorFail2ban(){
+ global $app;
+ global $conf;
+
+ /* the id of the server as int */
+ $server_id = intval($conf["server_id"]);
+
+ /** The type of the data */
+ $type = 'log_fail2ban';
+
+ /* This monitoring is only available if fail2ban is installed */
+ $location = shell_exec('which fail2ban-client');
+ if($location != ''){
+ /* Get the data of the log */
+ $data = $this->_getLogData($type);
+
+ /*
+ * At this moment, there is no state (maybe later)
+ */
+ $state = 'no_state';
+ }
+ else {
+ /*
+ * fail2ban is not installed, so there is no data and no state
+ *
+ * no_state, NOT unknown, because "unknown" is shown as state
+ * inside the GUI. no_state is hidden.
+ *
+ * We have to write NO DATA inside the DB, because the GUI
+ * could not know, if there is any dat, or not...
+ */
+ $state = 'no_state';
+ $data = '';
+ }
+
+ /*
+ * Insert the data into the database
+ */
+ $sql = "INSERT INTO monitor_data (server_id, type, created, data, state) " .
+ "VALUES (".
+ $server_id . ", " .
+ "'" . $app->dbmaster->quote($type) . "', " .
+ time() . ", " .
+ "'" . $app->dbmaster->quote(serialize($data)) . "', " .
+ "'" . $state . "'" .
+ ")";
+ $app->dbmaster->query($sql);
+
+ /* The new data is written, now we can delete the old one */
+ $this->_delOldRecords($type, 10);
+ }
+
function monitorSysLog(){
global $app;
global $conf;
@@ -758,19 +811,19 @@
/** The type of the data */
$type = 'sys_log';
- /*
- * is there any warning or error for this server?
- */
- $state = 'ok';
+ /*
+ * is there any warning or error for this server?
+ */
+ $state = 'ok';
$dbData = $app->dbmaster->queryAllRecords("SELECT loglevel FROM sys_log WHERE server_id = " . $server_id . " AND loglevel > 0");
- if (is_array($dbData)) {
- foreach($dbData as $item){
- if ($item['loglevel'] == 1) $state = $this->_setState($state, 'warning');
- if ($item['loglevel'] == 2) $state = $this->_setState($state, 'error');
- }
- }
+ if (is_array($dbData)) {
+ foreach($dbData as $item){
+ if ($item['loglevel'] == 1) $state = $this->_setState($state, 'warning');
+ if ($item['loglevel'] == 2) $state = $this->_setState($state, 'error');
+ }
+ }
- /** There is no monitor-data because the data is in the sys_log table */
+ /** There is no monitor-data because the data is in the sys_log table */
$data['output']= '';
/*
@@ -790,7 +843,7 @@
$this->_delOldRecords($type, 10);
}
-function monitorMailLog()
+ function monitorMailLog()
{
global $app;
global $conf;
@@ -1140,6 +1193,9 @@
case 'log_clamav':
$logfile = '/var/log/clamav/clamav.log';
break;
+ case 'log_fail2ban':
+ $logfile = '/var/log/fail2ban.log';
+ break;
case 'log_ispconfig':
$logfile = '/var/log/ispconfig/ispconfig.log';
break;
--
Gitblit v1.9.1