search

hermanekt / zabbix-fail2ban-discovery-

51 stars 27 forks source link

Simplified setup #10

Closed rightkick closed 4 years ago

rightkick commented 4 years ago

The doc seems to recommend a convoluted setup. One can simply setup this template by following the below steps:

  1. Add following line at sudoers file zabbix ALL= (ALL) NOPASSWD: /usr/bin/fail2ban-client

  2. Edit fail2ban.conf, and prepend sudo at the used commands. Example: 

    UserParameter=fail2ban.status[*],sudo fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+'
UserParameter=fail2ban.discovery,sudo fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\(\w\|-\)\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'

  3. Copy fail2ban.conf at /etc/zabbix/zabbix_agentd.d

  4. Restart zabbix-agent: systemctl restart zabbix-agent

Note:

I had to amend the template to correctly detect status of fail2ban-server as following: proc.num[python2,root,,fail2ban-server]

In case your fail2ban is running with another user then root, then replace root with your user.

hermanekt commented 4 years ago

Hi Alex,

this have reason, check this: https://github.com/hermanekt/zabbix-fail2ban-discovery-/issues/3 and follow issue 4 and check pull requests.

Tom

rightkick commented 4 years ago

Hi Tom,

It is not granting root to zabbix-agent as zabbix-agent still runs as "zabbix" user. It is just granting elevated rights to run a single command (fail2ban-client) through sudo. This approach is followed with other modules also (for example smartctl tool).