Open xm1234567 opened 3 years ago
My above tests were under CentoS7/python2. For CentOS8, it is python3, needs to do new tests
Did tests under centos 8/python 3.6, some minor adaptions:
python2 => #!/usr/bin/python
python3 => #!/usr/bin/python3
The following parts working for both python v2 and v3:
if showRet:
logSys.debug("OK : " + str(ret[1]))
logSys.debug("retval: %s" % retval)
return retval
else:
#logSys.debug("NOK: " +
ret[1].args)
logSys.debug("NOK: ret[1] return value")
logSys.debug(ret[1])
return
.......
except Exception as e:
Anothing is, don't name this script as fail2ban.py for collectd python plugin, it will confuse with the offical fail2ban python module. Name it something else, eg fail2ban_collectd.py
This link https://github.com/hermanekt/zabbix-fail2ban-discovery- , shows a way to keep the permission by systemd after fail2ban service restart:
[Service]
ExecStartPost=/bin/sh -c "while ! [ -S /run/fail2ban/fail2ban.sock ]; do sleep 1; done"
ExecStartPost=/bin/chgrp fail2ban /run/fail2ban/fail2ban.sock
ExecStartPost=/bin/chmod g+w /run/fail2ban/fail2ban.sock
Some feedback. I tested this plugin under centos 7.8/fail2ban v0.11.1-10. I did the following changes to make it working: 1) module path:
import sys, string, os, logging
import socket
import collectd
from fail2ban.client.csocket import CSocket
from fail2ban.client.configurator import Configurator
grant some permissons for collectd:
r permission /etc/fail2ban/fail2ban.local
rw permisson for /var/run/fail2ban/fail2ban.sock
Every time, fail2ban service restart, therw
permission on /var/run/fail2ban/fail2ban.sock for collectd is lost. need to find some permanent, good and safe solution?a conf example :
cat /etc/collectd.d/collectd.conf.d/fail2ban.conf
LoadPlugin python
<Plugin python>
ModulePath "/opt/collectd/lib_develop"
Import fail2ban2collectd
</Plugin>
Test your collectd.
ls -al /opt/collectd/lib_develop/fail2ban2collectd.py
-rwxr-xr-x 1 root root 3923 Oct 12 11:19 /opt/collectd/lib_develop/fail2ban2collectd.py