search

annttu / collectd-plugins

Plugins for collectd
3 stars 3 forks source link

module path, permissions and config #2

Open xm1234567 opened 3 years ago

xm1234567 commented 3 years ago

Some feedback. I tested this plugin under centos 7.8/fail2ban v0.11.1-10. I did the following changes to make it working: 1) module path: import sys, string, os, logging import socket import collectd from fail2ban.client.csocket import CSocket from fail2ban.client.configurator import Configurator

  1. grant some permissons for collectd: r permission /etc/fail2ban/fail2ban.local rw permisson for /var/run/fail2ban/fail2ban.sock Every time, fail2ban service restart, the rw permission on /var/run/fail2ban/fail2ban.sock for collectd is lost. need to find some permanent, good and safe solution?

  2. a conf example : cat /etc/collectd.d/collectd.conf.d/fail2ban.conf LoadPlugin python <Plugin python> ModulePath "/opt/collectd/lib_develop" Import fail2ban2collectd </Plugin>

Test your collectd.

ls -al /opt/collectd/lib_develop/fail2ban2collectd.py -rwxr-xr-x 1 root root 3923 Oct 12 11:19 /opt/collectd/lib_develop/fail2ban2collectd.py

xm1234567 commented 3 years ago

My above tests were under CentoS7/python2. For CentOS8, it is python3, needs to do new tests

xm1234567 commented 3 years ago

Did tests under centos 8/python 3.6, some minor adaptions: python2 => #!/usr/bin/python python3 => #!/usr/bin/python3

The following parts working for both python v2 and v3:

if showRet: logSys.debug("OK : " + str(ret[1])) logSys.debug("retval: %s" % retval) return retval else: #logSys.debug("NOK: " +ret[1].args) logSys.debug("NOK: ret[1] return value") logSys.debug(ret[1]) return ....... except Exception as e:

Anothing is, don't name this script as fail2ban.py for collectd python plugin, it will confuse with the offical fail2ban python module. Name it something else, eg fail2ban_collectd.py

xm1234567 commented 3 years ago

This link https://github.com/hermanekt/zabbix-fail2ban-discovery- , shows a way to keep the permission by systemd after fail2ban service restart: [Service] ExecStartPost=/bin/sh -c "while ! [ -S /run/fail2ban/fail2ban.sock ]; do sleep 1; done" ExecStartPost=/bin/chgrp fail2ban /run/fail2ban/fail2ban.sock ExecStartPost=/bin/chmod g+w /run/fail2ban/fail2ban.sock