hermanekt
commented
4 years ago Please what return this command?
getent group | grep fail2ban
Closed gizmo15 closed 4 years ago
hermanekt
commented
4 years ago Please what return this command?
getent group | grep fail2ban
gizmo15
commented
4 years ago I have this :
getent group | grep fail2ban
fail2ban:x:1006:zabbixThank you and:
ls -l /var/run/fail2ban/fail2ban.sock
gizmo15
commented
4 years ago in the first post ;)
ls -l /var/run/fail2ban/fail2ban.sock
srwx-w---- 1 root fail2ban 0 mai 11 15:21 /var/run/fail2ban/fail2ban.sockCan you write me message to whatsapp? +420732447184 I think i need remote session, to see where is problem.
gizmo15
commented
4 years ago not possible, i haven't whatsapp and it's a production server.
hermanekt
commented
4 years ago I have in my lab debian 10, zabbix-agent2
root@hosting1:~# su - zabbix -s /bin/bash -c "fail2ban-client status | grep 'Jail list:'" `- Jail list: dovecot, ispconfig, postfix-sasl, pure-ftpd, sshd
Do you have selinux?
gizmo15
commented
4 years ago It's an ubuntu 18.04 LTS so no selinux :
su - zabbix -s /bin/bash -c "fail2ban-client status | grep 'Jail list:'"
NOT root user
`- Jail list: postfix-auth, sshdroot@hosting1:~# fail2ban-client status | grep 'Jail list:' | sed -e 's/^.:\W+//' -e 's/((\w|-)+)/{"{#JAIL}":"\1"}/g' -e 's/./{"data":[\0]}/' {"data":[{"{#JAIL}":"dovecot"}, {"{#JAIL}":"ispconfig"}, {"{#JAIL}":"postfix-sasl"}, {"{#JAIL}":"pure-ftpd"}, {"{#JAIL}":"sshd"}]}
root@hosting1:~# su - zabbix -s /bin/bash -c "fail2ban-client status | grep 'Jail list:' | sed -e 's/^.:\W+//' -e 's/((\w|-)+)/{"{#JAIL}":"\1"}/g' -e 's/./{"data":[\0]}/'" {data:[{{#JAIL}:1}, {{#JAIL}:1}, {{#JAIL}:1}, {{#JAIL}:1}, {{#JAIL}:1}]}
root@hosting1:~# su - zabbix
zabbix@hosting1:~$ fail2ban-client status | grep 'Jail list:' | sed -e 's/^.:\W+//' -e 's/((\w|-)+)/{"{#JAIL}":"\1"}/g' -e 's/./{"data":[\0]}/'
{"data":[{"{#JAIL}":"dovecot"}, {"{#JAIL}":"ispconfig"}, {"{#JAIL}":"postfix-sasl"}, {"{#JAIL}":"pure-ftpd"}, {"{#JAIL}":"sshd"}]}
gizmo15
commented
4 years ago on the zabbix server side, i have a message "Unknown metric fail2ban.discovery" so, that's why i try.
but i have that in /etc/zabbix/zabbix_agent2.d/fail2ban.conf :
UserParameter=fail2ban.status[*],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+'
UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/\(\(\w\|-\)\+\)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'if i switch with zabbix user and launch the command it work, yes.
hermanekt
commented
4 years ago root@hosting1:~# cat /etc/zabbix/zabbix_agent2.d/fail2ban.conf
UserParameter=fail2ban.status[],fail2ban-client status '$1' | grep 'Currently banned:' | grep -E -o '[0-9]+'
UserParameter=fail2ban.discovery,fail2ban-client status | grep 'Jail list:' | sed -e 's/^.:\W+//' -e 's/((\w|-)+)/{"{#JAIL}":"\1"}/g' -e 's/.*/{"data":[\0]}/'
root@hosting1:~# cat /etc/zabbix/zabbix_agent2.conf| grep -i inclInclude=/etc/zabbix/zabbix_agent2.d/*.conf
hermanekt
commented
4 years ago The problem is uknow key not in script. You need path:
Download the latest version of configuration file fail2ban.conf from the repo. Put the file here /etc/zabbix/zabbix_agentd2.d/fail2ban.conf
gizmo15
commented
4 years ago Indeed!
cat /etc/zabbix/zabbix_agent2.conf| grep -i incl
Include=/etc/zabbix/zabbix_agentd.d/*.confsorry for the noise and thanks!
hermanekt
commented
4 years ago You are welcome. I fix howto, thanks. Can i close issue now?
gizmo15
commented
4 years ago Yes no problem!
Hi,
I try to use your template on a Zabbix 4.4 on Ubuntu 18.04 with zabbix-agent2.
With root your command fail2ban.discovery work :
But with the user zabbix the return is not the same :
I follow your how to
if i remove the sed part :
I missed something?
Thanks!