volker.raschek/prometheus-fail2ban-exporter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: cleanup
All checks were successful
Run unit tests / test (push) Successful in 5m46s
Details

Browse Source
This commit is contained in:
Markus Pesch 2025-05-31 22:49:51 +02:00
parent 43fbbc015e
commit ec377df034
Signed by: volker.raschek
GPG Key ID: 852BCC170D81A982
3 changed files with 28 additions and 663 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

610
.drone.yml
View File

@ -1,610 +0,0 @@
---
kind: pipeline
type: kubernetes
name: linter
clone:
disable: true
platform:
os: linux
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: markdown lint
commands:
- markdownlint *.md
image: git.cryptic.systems/volker.raschek/markdownlint:0.45.0
resources:
limits:
cpu: 150
memory: 150M
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: docker
name: unit-test-amd64
clone:
disable: true
platform:
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: unit-test
commands:
- go test -v ./...
image: docker.io/library/golang:1.24.3
trigger:
event:
exclude:
- tag
---
kind: pipeline
type: docker
name: unit-test-arm64
clone:
disable: true
platform:
arch: arm64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: unit-test
commands:
- go test -v ./...
image: docker.io/library/golang:1.24.3
trigger:
event:
include:
- pull_request
- push
exclude:
- tag
---
kind: pipeline
type: docker
name: dry-run-amd64
clone:
disable: true
depends_on:
- linter
- unit-test-amd64
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build
image: docker.io/plugins/docker:20.18.8
settings:
auto_tag: false
dockerfile: Dockerfile
dry_run: true
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
tags: latest-amd64
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
when:
status:
- changed
- failure
trigger:
branch:
exclude:
- master
event:
- pull_request
- push
repo:
- volker.raschek/prometheus-fail2ban-exporter
---
kind: pipeline
type: docker
name: dry-run-arm64-v8
clone:
disable: true
depends_on:
- linter
- unit-test-arm64
platform:
os: linux
arch: arm64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build
image: docker.io/plugins/docker:20.18.8
settings:
auto_tag: false
dockerfile: Dockerfile
dry_run: true
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
tags: latest-arm64-v8
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
when:
status:
- changed
- failure
trigger:
branch:
exclude:
- master
event:
- pull_request
- push
repo:
- volker.raschek/prometheus-fail2ban-exporter
---
kind: pipeline
type: docker
name: latest-amd64
clone:
disable: true
depends_on:
- linter
- unit-test-amd64
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build
image: docker.io/plugins/docker:20.18.8
settings:
auto_tag: false
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
tags: latest-amd64
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/prometheus-fail2ban-exporter
---
kind: pipeline
type: docker
name: latest-arm64-v8
clone:
disable: true
depends_on:
- linter
- unit-test-arm64
platform:
os: linux
arch: arm64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build
image: docker.io/plugins/docker:20.18.8
settings:
auto_tag: false
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
tags: latest-arm64-v8
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/prometheus-fail2ban-exporter
---
kind: pipeline
type: kubernetes
name: latest-manifest
clone:
disable: true
depends_on:
- latest-amd64
- latest-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build-manifest
image: docker.io/plugins/manifest:1.4.0
settings:
auto_tag: false
ignore_missing: true
spec: manifest.tmpl
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
branch:
- master
event:
- cron
- push
repo:
- volker.raschek/prometheus-fail2ban-exporter
---
kind: pipeline
type: docker
name: tagged-amd64
clone:
disable: true
platform:
os: linux
arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build
image: docker.io/plugins/docker:20.18.8
settings:
auto_tag: true
auto_tag_suffix: amd64
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
build_args:
- VERSION=${DRONE_TAG}
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
when:
status:
- changed
- failure
trigger:
event:
- tag
repo:
- volker.raschek/prometheus-fail2ban-exporter
---
kind: pipeline
type: docker
name: tagged-arm64-v8
clone:
disable: true
platform:
os: linux
arch: arm64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build
image: docker.io/plugins/docker:20.18.8
settings:
auto_tag: true
auto_tag_suffix: arm64-v8
dockerfile: Dockerfile
force_tag: true
no_cache: true
purge: true
mirror:
from_secret: docker_io_mirror
registry: git.cryptic.systems
repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
build_args:
- VERSION=${DRONE_TAG}
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
when:
status:
- changed
- failure
trigger:
event:
- tag
repo:
- volker.raschek/prometheus-fail2ban-exporter
---
kind: pipeline
type: kubernetes
name: tagged-manifest
clone:
disable: true
depends_on:
- tagged-amd64
- tagged-arm64-v8
# docker.io/plugins/manifest only for amd64 architectures available
node_selector:
kubernetes.io/os: linux
kubernetes.io/arch: amd64
steps:
- name: clone
image: git.cryptic.systems/volker.raschek/git:1.4.0
- name: build-manifest
image: docker.io/plugins/manifest:1.4.0
settings:
auto_tag: true
ignore_missing: true
spec: manifest.tmpl
username:
from_secret: git_cryptic_systems_container_registry_user
password:
from_secret: git_cryptic_systems_container_registry_password
- name: email-notification
environment:
SMTP_FROM_ADDRESS:
from_secret: smtp_from_address
SMTP_FROM_NAME:
from_secret: smtp_from_name
SMTP_HOST:
from_secret: smtp_host
SMTP_USERNAME:
from_secret: smtp_username
SMTP_PASSWORD:
from_secret: smtp_password
image: git.cryptic.systems/volker.raschek/drone-email:0.2.0
resources:
limits:
cpu: 150
memory: 150M
when:
status:
- changed
- failure
trigger:
event:
- tag
repo:
- volker.raschek/prometheus-fail2ban-exporter

13
.markdownlint.yaml
View File

@ -45,19 +45,17 @@ MD012:
# MD013/line-length - Line length
MD013:
# Number of characters
line_length: 80
line_length: 120
# Number of characters for headings
heading_line_length: 80
heading_line_length: 120
# Number of characters for code blocks
code_block_line_length: 80
code_block_line_length: 120
# Include code blocks
code_blocks: false
# Include tables
tables: false
# Include headings
headings: true
# Include headings
headers: true
# Strict length checking
strict: false
# Stern length checking
@ -70,11 +68,6 @@ MD022:
# Blank lines below heading
lines_below: 1
# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content
MD024:
# Only check sibling headings
allow_different_nesting: true
# MD025/single-title/single-h1 - Multiple top-level headings in the same document
MD025:
# Heading level

68
README.md
View File

@ -1,11 +1,7 @@
# prometheus-fail2ban-exporter
[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter)
This is a fork of Hector's fail2ban
[exporter](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter). This
fork contains some changes to get the application running in a kubernetes
cluster.
This is a fork of Hector's fail2ban [exporter](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter). This fork
contains some changes to get the application running in a kubernetes cluster.
## Table of Contents
@ -21,8 +17,8 @@ The exporter can be run as a standalone binary or a docker container.
### 1.1. Standalone
The following command will start collecting metrics from the
`/var/run/fail2ban/fail2ban.sock` file and expose them on port `9191`.
The following command will start collecting metrics from the `/var/run/fail2ban/fail2ban.sock` file and expose them on
port `9191`.
```bash
$ fail2ban_exporter --collector.f2b.socket=/var/run/fail2ban/fail2ban.sock --web.listen-address=":9191"
@ -35,12 +31,10 @@ $ fail2ban_exporter --collector.f2b.socket=/var/run/fail2ban/fail2ban.sock --web
```
Binary files for each release can be found on the
[releases](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases)
page.
[releases](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases) page.
There is also an [example systemd service
file](/_examples/systemd/fail2ban_exporter.service) included in the repository.
This is a starting point to run the exporter as a service.
There is also an [example systemd service file](/_examples/systemd/fail2ban_exporter.service) included in the
repository. This is a starting point to run the exporter as a service.
### 1.2. Docker
@ -68,14 +62,11 @@ services:
```
Use the `:latest` tag to get the latest stable release. See the [registry
page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry)
for all available tags.
page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags.
**NOTE:** While it is possible to mount the `fail2ban.sock` file directly, it is
recommended to mount the parent folder instead. The `.sock` file is deleted by
fail2ban on shutdown and re-created on startup and this causes problems for the
docker mount. See [this
reply](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11#note_665003499)
**NOTE:** While it is possible to mount the `fail2ban.sock` file directly, it is recommended to mount the parent folder
instead. The `.sock` file is deleted by fail2ban on shutdown and re-created on startup and this causes problems for the
docker mount. See [this reply](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11#note_665003499)
for more details.
## 2. Metrics
@ -117,20 +108,18 @@ Status for the jail: sshd
### 2.1. Grafana
The metrics exported by this tool are compatible with Prometheus and Grafana. A
sample grafana dashboard can be found in the
[grafana.json](/_examples/grafana/dashboard.json) file. Just import the contents
of this file into a new Grafana dashboard to get started.
The metrics exported by this tool are compatible with Prometheus and Grafana. A sample grafana dashboard can be found in
the [grafana.json](/_examples/grafana/dashboard.json) file. Just import the contents of this file into a new Grafana
dashboard to get started.
The dashboard supports displaying data from multiple exporters. Use the
`instance` dashboard variable to select which ones to display.
The dashboard supports displaying data from multiple exporters. Use the `instance` dashboard variable to select which
ones to display.
*(Sample dashboard is compatible with Grafana `9.1.8` and above)*
## 3. Configuration
The exporter is configured with CLI flags and environment variables.
There are no configuration files.
The exporter is configured with CLI flags and environment variables. There are no configuration files.
### CLI flags
@ -164,8 +153,7 @@ Flags:
### Environment variables
Each environment variable corresponds to a CLI flag.
If both are specified, the CLI flag takes precedence.
Each environment variable corresponds to a CLI flag. If both are specified, the CLI flag takes precedence.
| Environment variable | Corresponding CLI flag |
|---------------------------------|---------------------------------------------------|
@ -185,23 +173,18 @@ Building from source has the following dependencies:
From there, simply run `make build`
This will download the necessary dependencies and build a `fail2ban_exporter`
binary in the root of the project.
This will download the necessary dependencies and build a `fail2ban_exporter` binary in the root of the project.
## 5. Textfile metrics
For more flexibility the exporter also allows exporting metrics collected from a
text file.
For more flexibility the exporter also allows exporting metrics collected from a text file.
To enable textfile metrics provide the directory to read files from with the
`--collector.textfile.directory` flag.
To enable textfile metrics provide the directory to read files from with the `--collector.textfile.directory` flag.
Metrics collected from these files will be exposed directly alongside the other
metrics without any additional processing. This means that it is the
responsibility of the file creator to ensure the format is correct.
Metrics collected from these files will be exposed directly alongside the other metrics without any additional
processing. This means that it is the responsibility of the file creator to ensure the format is correct.
By exporting textfile metrics an extra metric is also exported with an error
count for each file:
By exporting textfile metrics an extra metric is also exported with an error count for each file:
```text
# HELP textfile_error Checks for errors while reading text files
@ -213,8 +196,7 @@ textfile_error{path="file.prom"} 0
### Running in Docker
To collect textfile metrics inside a docker container, a couple of things need
to be done:
To collect textfile metrics inside a docker container, a couple of things need to be done:
1. Mount the folder with the metrics files
2. Set the `F2B_COLLECTOR_TEXT_PATH` environment variable