search

librenms / librenms-agent

LibreNMS Agent & Scripts
GNU General Public License v2.0
118 stars 188 forks source link

fail2ban: output data format wrong #283

Closed markuspachali closed 4 years ago

markuspachali commented 4 years ago

Hi all,

today I updated one of my servers to CentOS 8. During the sanity checks I discovered that there is an issue with the output of the fail2ban client. When I execute the fail2ban snmp extension manually I got the following:

[root@host ~]# /usr/local/lib/snmpd/fail2ban -c {"version":"1","error":"0","errorString":"fail2ban-client exited with 0","data":{"jails":{"selinux-ssh":"0","sshd":"1"},"total":1}} [root@host ~]# [root@host ~]# [root@host ~]# /usr/local/lib/snmpd/fail2ban {"version":"1","error":"0","errorString":"fail2ban-client exited with 0","data":{"jails":{"selinux-ssh":"0","sshd":"2"},"total":2}} [root@host ~]#

After that I check also on my other boxes and realized that the output is the same on CentOS 7 Deban 10. As this sounds like an issue with the code an not with the OS I started having a look on the script and found this:

my $jailsOutput=$f2bc status; $toReturn{error}=$?; if ( $? == -1){ $toReturn{errorString}='failed to run fail2ban-client'; } elsif ($? & 127) { $toReturn{errorString}= sprintf "fail2ban-client died with signal %d, %s coredump\n", ($? & 127), ($? & 128) ? 'with' : 'without'; } else { $toReturn{error}=$? >> 8; $toReturn{errorString}="fail2ban-client exited with ".$toReturn{error}; } if ( $toReturn{error} == 0 ){

I'm far away from being a coding expert but could may it be possible that the check for $toReturn{error} is handled wrong and that the check for if == 0 should happen before checking for

elsif ($? & 127) ? As $? can also be 0 I also would expect and "exit" or so after the
$toReturn{errorString}="fail2ban-client exited with ".$toReturn{error};

As of the output of the scripts seems to be like it "throws" the error because return code "0" matches "elsif ($? & 127)" and after that the output of fail2ban-client if also printed to stdout.

Please correct me if I'm wrong and the error is somewhere else.

Best regards, Markus

murrant commented 4 years ago

The output looks correct to me, what is the problem? error 0 means no error.

markuspachali commented 4 years ago

Hi @murrant, yes, sure it means no error, but I haven't expected the return code and "no error" message in the output if there is no error. If expected the message only if the return code is != 0. But if this is the intended behaviour then please ignore my report :)

PVasileff commented 2 years ago

I have configured librenms to monitoring few servers. On two of them I have installed fail2ban and configured that snmp extend. On VM with Debian 11 and on rasberry pi 4 with rasbian 11.

I have installed libjson-perl and configured on both server on snmpd.conf:

extend fail2ban '/usr/bin/sudo /opt/snmp/fail2ban -c -U -f /usr/local/bin/fail2ban-client'

and in /etc/sudoers:

Debian-snmp ALL = NOPASSWD: /opt/snmp/fail2ban

When I have run with root on cli:

sudo -u Debian-snmp /usr/bin/sudo /opt/snmp/fail2ban -c -U -f /usr/local/bin/fail2ban-client

on VM with Debian 11 - reported:

{"data":{"jails":{"nginx-forbidden":"0","ssh":"206"},"total":206},"error":"0","errorString":"fail2ban-client exited with 0","version":"1"} on RPI 4 with Rasbian - reported:

{"data":{"jails":{"openvpn":"0","ssh":"0"},"total":0},"error":"0","errorString":"fail2ban-client exited with 0","version":"1"}

BUT on librenms graphs for VM with Debian 11 - graphs are OK

Debian 11 Graphs RPI4

Any Ideas how to fix that on RPI 4?