Skip to content

hermanekt/zabbix-fail2ban-discovery-

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Fail2Ban template for Zabbix

Features:

  • Automatic discovery of jails
  • Monitor service status
  • Monitor jails
  • Jails graph

Installation

1. Set configuration file

Download the latest version of configuration file fail2ban.conf from the repo. Put the file here /etc/zabbix/zabbix_agentd.d/fail2ban.conf or here for zabbix agent 2 /etc/zabbix/zabbix_agentd2.d/fail2ban.conf

Zabbix Agent

wget https://raw.githubusercontent.com/hermanekt/zabbix-fail2ban-discovery-/master/fail2ban.conf -O /etc/zabbix/zabbix_agentd.d/fail2ban.conf

Zabbix Agent 2

wget https://raw.githubusercontent.com/hermanekt/zabbix-fail2ban-discovery-/master/fail2ban.conf -O /etc/zabbix/zabbix_agent2.d/fail2ban.conf

2. Grant access to Fail2Ban

Fail2ban works only with root by default. We need to grant permission to Zabbix to access the Fail2ban by adding this 2 lines to /etc/sudoers:

zabbix ALL=NOPASSWD: /usr/bin/fail2ban-client status
zabbix ALL=NOPASSWD: /usr/bin/fail2ban-client status *

Then apply new sudoers and zabbix agent setting

/etc/init.d/sudo restart
/etc/init.d/zabbix-agent restart 

OR

/etc/init.d/sudo restart
/etc/init.d/zabbix-agend restart

If you have systemd, please use this correct command.

systemctl restart zabbix-agent

OR

systemctl restart zabbix-agent2

3. Test Zabbix Agent setting

Zabbix Agent

root@server:~$ sudo -u zabbix zabbix_agent -c /etc/zabbix/zabbix_agent.conf -t fail2ban.discovery
fail2ban.discovery [s|{"data":[{"{#JAIL}":"imapd"}, {"{#JAIL}":"sendmail-reject"}, {"{#JAIL}":"sshd"}, {"{#JAIL}":"wordpress"}]}]

root@server:~$ sudo -u zabbix zabbix_agent -c /etc/zabbix/zabbix_agent.conf -t fail2ban.status['sshd']
fail2ban.status[sshd]                         [s|191]

Zabbix Agent 2

root@server:~$ sudo -u zabbix zabbix_agent2 -c /etc/zabbix/zabbix_agent2.conf -t fail2ban.discovery
fail2ban.discovery [s|{"data":[{"{#JAIL}":"imapd"}, {"{#JAIL}":"sendmail-reject"}, {"{#JAIL}":"sshd"}, {"{#JAIL}":"wordpress"}]}]

root@server:~$ sudo -u zabbix zabbix_agent2 -c /etc/zabbix/zabbix_agent2.conf -t fail2ban.status['sshd']
fail2ban.status[sshd]                         [s|191]

The response above with list of jails means that everything works fine.

Configure the Zabbix Server

  1. Import the template file into Zabbix Server (this operation is done only once).
There is 2 verisons, for Ubuntu/Debian and for other systems!
  1. Change the update Interval to what pleases you (default is 1 minute).
  2. Add the template to your hosts.

paypal

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published