From 476a60908e004bd330a111a0e6028d61053fafa5 Mon Sep 17 00:00:00 2001
From: vogelor <vogelor@ispconfig3>
Date: Mon, 26 Jan 2009 18:48:02 +0000
Subject: [PATCH] Added fail2ban - Log to the monitor (if installed at the
server). Updated installation-Instruction for debian
---
INSTALL_DEBIAN_4.0.txt | 18 ++--
INSTALL_DEBIAN_LENNY.txt | 41 +++++-----
interface/web/monitor/lib/module.conf.php | 4 +
interface/web/monitor/show_data.php | 7 ++
interface/web/monitor/tools.inc.php | 38 ++++++++-
.../monitor_core_module.inc.php | 82 ++++++++++++++++---
6 files changed, 150 insertions(+), 40 deletions(-)
diff --git a/INSTALL_DEBIAN_4.0.txt b/INSTALL_DEBIAN_4.0.txt
index 2323b8095d..7012b35766 100644
--- a/INSTALL_DEBIAN_4.0.txt
+++ b/INSTALL_DEBIAN_4.0.txt
@@ -133,21 +133,26 @@ make
make install
rm -rf jailkit-2.5*
+8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
+More info at: http://www.howtoforge.com/fail2ban_debian_etch
-8) Install ISPConfig 3
+apt-get install fail2ban
+
+
+9) Install ISPConfig 3
There are two possile scenarios, but not both:
-8.1) Install the latest released version
-8.2) Install directly from SVN
+9.1) Install the latest released version
+9.2) Install directly from SVN
-8.1) Installation of last version from tar.gz
+9.1) Installation of last version from tar.gz
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz
tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz
cd ispconfig3_install/install/
-8.2) Installation from SVN
+9.2) Installation from SVN
apt-get install subversion
cd /tmp
@@ -155,7 +160,7 @@ There are two possile scenarios, but not both:
cd trunk/install
-8.1+8.2) Now proceed with the ISPConfig installation.
+9.1+9.2) Now proceed with the ISPConfig installation.
Now start the installation process by executing:
@@ -205,5 +210,4 @@ done
Optional packages recommended:
denyhosts - a utility to help sys admins thwart ssh crackers
-fail2ban - Preventing Brute Force Attacks - http://www.howtoforge.com/fail2ban_debian_etch
rsync - fast remote file copy program (for backup)
\ No newline at end of file
diff --git a/INSTALL_DEBIAN_LENNY.txt b/INSTALL_DEBIAN_LENNY.txt
index 5c8e4db83a..03000a38f6 100644
--- a/INSTALL_DEBIAN_LENNY.txt
+++ b/INSTALL_DEBIAN_LENNY.txt
@@ -232,21 +232,37 @@ update-rc.d mydns defaults
apt-get install vlogger webalizer
+7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users)
-7) Install ISPConfig 3
+apt-get install build-essential autoconf automake1.9 libtool flex bison
+cd /tmp
+wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
+tar xvfz jailkit-2.5.tar.gz
+cd jailkit-2.5
+./configure
+make
+make install
+rm -rf jailkit-2.5*
+
+8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
+More info at: http://www.howtoforge.com/fail2ban_debian_etch
+
+apt-get install fail2ban
+
+9) Install ISPConfig 3
# There are two possile scenarios, but not both:
-7.1) Install the latest released version
-7.2) Install directly from SVN
+9.1) Install the latest released version
+9.2) Install directly from SVN
-7.1) Installation of last version from tar.gz
+9.1) Installation of last version from tar.gz
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz
tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz
cd ispconfig3_install/install/
-7.2) Installation from SVN
+9.2) Installation from SVN
apt-get install subversion
cd /tmp
@@ -254,7 +270,7 @@ apt-get install vlogger webalizer
cd trunk/install
-7.1+7.2) Now proceed with the ISPConfig installation.
+9.1+9.2) Now proceed with the ISPConfig installation.
# Now start the installation process by executing:
@@ -304,21 +320,8 @@ done
----------------------------------------------------------------------------------------------------------
-Installing Jailkit:
-
-apt-get install build-essential autoconf automake1.9 libtool flex bison
-cd /tmp
-wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
-tar xvfz jailkit-2.5.tar.gz
-cd jailkit-2.5
-./configure
-make
-make install
-rm -rf jailkit-2.5*
-----------------------------------------------------------------------------------------------------------
Optional recommended packages:
denyhosts - a utility to help sys admins thwart ssh crackers
-fail2ban - Like denyhosts but updates firewall rules to reject/drop the IP address and supports many more apps
rsync - fast remote file copy program (for backup)
\ No newline at end of file
diff --git a/interface/web/monitor/lib/module.conf.php b/interface/web/monitor/lib/module.conf.php
index dd68504afa..58d849b88d 100644
--- a/interface/web/monitor/lib/module.conf.php
+++ b/interface/web/monitor/lib/module.conf.php
@@ -150,6 +150,10 @@ $items[] = array( 'title' => "Show RKHunter-Log",
'target' => 'content',
'link' => 'monitor/show_data.php?type=rkhunter');
+$items[] = array( 'title' => "Show fail2ban-Log",
+ 'target' => 'content',
+ 'link' => 'monitor/show_data.php?type=fail2ban');
+
$module["nav"][] = array( 'title' => 'Logfiles',
'open' => 1,
'items' => $items);
diff --git a/interface/web/monitor/show_data.php b/interface/web/monitor/show_data.php
index be95a3d1c6..cf39e90c4c 100644
--- a/interface/web/monitor/show_data.php
+++ b/interface/web/monitor/show_data.php
@@ -110,6 +110,13 @@ switch($dataType) {
$title = $app->lng("monitor_title_rkhunterlog_txt"). ' ('. $monTransSrv .' : ' . $_SESSION['monitor']['server_name'] . ')';
$description = '';
break;
+ case 'fail2ban':
+ $template = 'templates/show_data.htm';
+ $output .= showFail2ban();
+ $time = getDataTime('fail2ban');
+ $title = 'fail2ban - Log (' . $monTransSrv . ' : ' . $_SESSION['monitor']['server_name'] . ')';
+ $description = '';
+ break;
default:
$template = '';
break;
diff --git a/interface/web/monitor/tools.inc.php b/interface/web/monitor/tools.inc.php
index 8a365875d7..08007585ff 100644
--- a/interface/web/monitor/tools.inc.php
+++ b/interface/web/monitor/tools.inc.php
@@ -374,7 +374,7 @@ function showRKHunter()
/*
* First, we have to detect, if there is any monitoring-data.
- * If not (because the destribution is not supported) show this.
+ * If not (because rkhunter is not installed) show this.
*/
$data = unserialize($record['data']);
if ($data['output'] == ''){
@@ -392,6 +392,42 @@ function showRKHunter()
return $html;
}
+function showFail2ban()
+{
+ global $app;
+
+ /* fetch the Data from the DB */
+ $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+
+ if(isset($record['data'])) {
+ $html =
+ '<div class="systemmonitor-state state-'.$record['state'].'">
+ <div class="systemmonitor-content icons32 ico-'.$record['state'].'">';
+
+ /*
+ * First, we have to detect, if there is any monitoring-data.
+ * If not (because fail2ban is not installed) show this.
+ */
+ $data = unserialize($record['data']);
+ if ($data == ''){
+ $html .= '<p>'.
+ 'fail2ban is not installed at this server.<br />' .
+ 'See more (for debian) <a href="http://www.howtoforge.net/fail2ban_debian_etch" target="htf">here...</a>'.
+ '</p>';
+ }
+ else {
+ $html .= nl2br($data);
+ }
+ $html .= '</div></div>';
+
+ } else {
+ $html = '<p>There is no data available at the moment.</p>';
+ }
+
+ return $html;
+}
+
+
function showMailq()
{
global $app;
diff --git a/server/mods-available/monitor_core_module.inc.php b/server/mods-available/monitor_core_module.inc.php
index cf263a2645..5633539c52 100644
--- a/server/mods-available/monitor_core_module.inc.php
+++ b/server/mods-available/monitor_core_module.inc.php
@@ -121,6 +121,7 @@ class monitor_core_module {
$this->monitorMailQueue();
$this->monitorRaid();
$this->monitorRkHunter();
+ $this->monitorFail2ban();
$this->monitorSysLog();
}
@@ -748,6 +749,58 @@ class monitor_core_module {
$this->_delOldRecords($type, 0, 2);
}
+ function monitorFail2ban(){
+ global $app;
+ global $conf;
+
+ /* the id of the server as int */
+ $server_id = intval($conf["server_id"]);
+
+ /** The type of the data */
+ $type = 'log_fail2ban';
+
+ /* This monitoring is only available if fail2ban is installed */
+ $location = shell_exec('which fail2ban-client');
+ if($location != ''){
+ /* Get the data of the log */
+ $data = $this->_getLogData($type);
+
+ /*
+ * At this moment, there is no state (maybe later)
+ */
+ $state = 'no_state';
+ }
+ else {
+ /*
+ * fail2ban is not installed, so there is no data and no state
+ *
+ * no_state, NOT unknown, because "unknown" is shown as state
+ * inside the GUI. no_state is hidden.
+ *
+ * We have to write NO DATA inside the DB, because the GUI
+ * could not know, if there is any dat, or not...
+ */
+ $state = 'no_state';
+ $data = '';
+ }
+
+ /*
+ * Insert the data into the database
+ */
+ $sql = "INSERT INTO monitor_data (server_id, type, created, data, state) " .
+ "VALUES (".
+ $server_id . ", " .
+ "'" . $app->dbmaster->quote($type) . "', " .
+ time() . ", " .
+ "'" . $app->dbmaster->quote(serialize($data)) . "', " .
+ "'" . $state . "'" .
+ ")";
+ $app->dbmaster->query($sql);
+
+ /* The new data is written, now we can delete the old one */
+ $this->_delOldRecords($type, 10);
+ }
+
function monitorSysLog(){
global $app;
global $conf;
@@ -758,19 +811,19 @@ class monitor_core_module {
/** The type of the data */
$type = 'sys_log';
- /*
- * is there any warning or error for this server?
- */
- $state = 'ok';
+ /*
+ * is there any warning or error for this server?
+ */
+ $state = 'ok';
$dbData = $app->dbmaster->queryAllRecords("SELECT loglevel FROM sys_log WHERE server_id = " . $server_id . " AND loglevel > 0");
- if (is_array($dbData)) {
- foreach($dbData as $item){
- if ($item['loglevel'] == 1) $state = $this->_setState($state, 'warning');
- if ($item['loglevel'] == 2) $state = $this->_setState($state, 'error');
- }
- }
-
- /** There is no monitor-data because the data is in the sys_log table */
+ if (is_array($dbData)) {
+ foreach($dbData as $item){
+ if ($item['loglevel'] == 1) $state = $this->_setState($state, 'warning');
+ if ($item['loglevel'] == 2) $state = $this->_setState($state, 'error');
+ }
+ }
+
+ /** There is no monitor-data because the data is in the sys_log table */
$data['output']= '';
/*
@@ -790,7 +843,7 @@ class monitor_core_module {
$this->_delOldRecords($type, 10);
}
-function monitorMailLog()
+ function monitorMailLog()
{
global $app;
global $conf;
@@ -1140,6 +1193,9 @@ function monitorMailLog()
case 'log_clamav':
$logfile = '/var/log/clamav/clamav.log';
break;
+ case 'log_fail2ban':
+ $logfile = '/var/log/fail2ban.log';
+ break;
case 'log_ispconfig':
$logfile = '/var/log/ispconfig/ispconfig.log';
break;
--
GitLab