volker.raschek/prometheus-fail2ban-exporter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: volker.raschek:0.2.0
Branches Tags
volker.raschek:master
volker.raschek:v0.1.1 volker.raschek:v0.1.0 volker.raschek:v0.9.1 volker.raschek:v0.9.0 volker.raschek:v0.8.1 volker.raschek:v0.8.0 volker.raschek:0.7.2 volker.raschek:0.7.1 volker.raschek:0.7.0 volker.raschek:0.6.0 volker.raschek:0.5.0 volker.raschek:0.4.0 volker.raschek:0.3.0 volker.raschek:0.2.0 volker.raschek:0.1.0 volker.raschek:0.0.0
...
compare: volker.raschek:0.6.0
Branches Tags
volker.raschek:master
volker.raschek:v0.1.1 volker.raschek:v0.1.0 volker.raschek:v0.9.1 volker.raschek:v0.9.0 volker.raschek:v0.8.1 volker.raschek:v0.8.0 volker.raschek:0.7.2 volker.raschek:0.7.1 volker.raschek:0.7.0 volker.raschek:0.6.0 volker.raschek:0.5.0 volker.raschek:0.4.0 volker.raschek:0.3.0 volker.raschek:0.2.0 volker.raschek:0.1.0 volker.raschek:0.0.0

73 Commits
0.2.0 ... 0.6.0

Author SHA1 Message Date
Hector
939fbf72f7 docs: update changelog for release 2022-02-20 16:59:16 +00:00
Hector
2759dcb159 Merge branch 'update-project-documentation' into 'main' 
Update project documentation

See merge request hectorjsmith/fail2ban-prometheus-exporter!66
 2022-02-20 16:44:27 +00:00
Hector
82b7e34866 docs: rewrite project readme 
Rewrite the project README file to be more succinct and to the point. Add
new section on getting started quickly with either docker or the standalone
binary file.
Update CHANGELOG file with recent changes.
 2022-02-20 16:44:27 +00:00
Hector
0eb4880286 Merge branch 'add-example-systemd-service-file' into 'main' 
Add example systemd service file

See merge request hectorjsmith/fail2ban-prometheus-exporter!65
 2022-02-20 09:05:38 +00:00
Hector
23e073ffde feat: add example systemd service file 
Add a basic systemd service file to serve as an example on how to run the
exporter as a system service. Add short README with an overview of the
service file.
 2022-02-20 09:05:38 +00:00
Hector
b12ab669b1 Merge branch 'update-goreleaser-config' into 'main' 
Update goreleaser config

See merge request hectorjsmith/fail2ban-prometheus-exporter!64
 2022-02-20 08:46:40 +00:00
Hector
3911eca07e feat: rename output binary and archives 
Update the goreleaser config to rename the output binary and archive names
to `fail2ban_exporter` instead of defaulting to the project name. This
better aligns with conventions used by other exporters.
Update Dockerfile and Makefile to follow the new naming scheme.
Update the output archives to wrap the build files in a folder. This makes
extracting the archives a little easier.

BREAKING CHANGE: Release binary name has been changed to `fail2ban_exporter`.
 2022-02-20 08:46:40 +00:00
Hector
cc68fe3f01 Merge branch 'add-mechanism-for-graceful-shutdown' into 'main' 
Add mechanism for graceful shutdown

See merge request hectorjsmith/fail2ban-prometheus-exporter!63
 2022-02-20 08:25:04 +00:00
Hector
f6e328a0aa feat: correctly handle shutdown signals 
Add a new method to the application startup to listen for OS shutdown
signals and handle them appropriately. A shutdown signal will cause the
app to exit immediately.
Use correct syntax for the `ENTRYPOINT` field in the Dockerfile to ensure
that OS signals get passed down to the running application.
 2022-02-20 08:17:06 +00:00
Hector
aedef536dd Merge branch 'update-changelog' into 'main' 
Update changelog

See merge request hectorjsmith/fail2ban-prometheus-exporter!62
 2022-02-19 17:10:25 +00:00
Hector
97ea58d86a docs: update changelog 2022-02-19 17:06:48 +00:00
Hector
ab80610a3a Merge branch 'rewrite-application-cli-parameters' into 'main' 
Rewrite application cli parameters

See merge request hectorjsmith/fail2ban-prometheus-exporter!61
 2022-02-19 17:01:50 +00:00
Hector
6e575aa0fd feat: rewrite cli flags and environment variables 
Replace existing CLI flags to make them more consistent and follow a more
standard format.
Remove CLI flags and environment variables that are no longer relevant.
Add short `-v` option for version flag.
Update README with new documentation.

BREAKING CHANGE: Replace `--socket` flag with `--collector.f2b.socket`.
BREAKING CHANGE: Merge `--port` flag and `--web.listen-address` into a single flag.
BREAKING CHANGE: Remove `--collector.textfile` flag, its value is now derived from `--collector.textfile.directory`.
BREAKING CHANGE: Remove `F2B_COLLECTOR_TEXT` and `F2B_WEB_PORT` environment variables.
 2022-02-19 17:01:49 +00:00
Hector
7515698ec8 Merge branch 'simplify-docker-image-for-exporter' into 'main' 
Simplify docker image for exporter

See merge request hectorjsmith/fail2ban-prometheus-exporter!60
 2022-02-19 14:58:51 +00:00
Hector
0f0efe58af feat: remove startup script from docker image 
Update the docker image to remove the `run.sh` script and instead run the
exporter directly. This keeps the docker image as simple as possible.
Update README file with extra info on how to collect textfile metrics in
a docker container.

BREAKING CHANGE: Using the textfile collector in docker now requires setting environment variables.
 2022-02-19 14:10:36 +00:00
Hector
e01d4cfe12 Merge branch 'update-exporter-logging-on-startup' into 'main' 
Update exporter logging on startup

See merge request hectorjsmith/fail2ban-prometheus-exporter!59
 2022-02-19 11:25:58 +00:00
Hector
e2902b8cc2 feat: improve logging on startup 
Update the exporter logging on startup to include the exporter version,
the path to the fail2ban socket, and whether basic-auth is enabled or not.
Fix code printing error messages on invalid CLI parameters to correct line
breaks and correctly print the "usage" information.
 2022-02-19 11:21:58 +00:00
Hector
ec10999814 Merge branch 'add-default-value-for-fail2ban-socket' into 'main' 
Add default value for fail2ban socket

See merge request hectorjsmith/fail2ban-prometheus-exporter!58
 2022-02-18 22:15:32 +00:00
Hector
1f27dace2d feat: add default value for fail2ban socket path 
Update the CLI param parser to include a default value for the fail2ban
socket file path. This is the default location fail2ban creates the socket
file on an ubuntu-based system.
 2022-02-18 22:15:32 +00:00
Hector
8452caf4c5 Merge branch 'update-changelog' into 'main' 
Update changelog

See merge request hectorjsmith/fail2ban-prometheus-exporter!57
 2022-02-18 21:52:01 +00:00
Hector
4bf63a6ed6 docs: update changelog 
Update the CHANGELOG file with recent unreleased changes.
 2022-02-18 21:49:20 +00:00
Hector
9f0327b028 Merge branch '19-update-creation-of-docker-image-labels' into 'main' 
Resolve "Update creation of docker image labels"

Closes #19

See merge request hectorjsmith/fail2ban-prometheus-exporter!56
 2022-02-12 17:31:01 +00:00
Hector
05f236902a ci: update creation of tags (#19) 
Update creation of docker tags to only tag actual releases with the
`:latest` tag. Builds on the main branch are now tagged with a `:nightly`
tag.
 2022-02-12 17:31:01 +00:00
Hector
191dda3b9f Merge branch '18-dash-missing-in-docker-run-sh-line-4-version' into 'main' 
Resolve "Dash missing in /docker/run.sh line 4 "-version""

Closes #18

See merge request hectorjsmith/fail2ban-prometheus-exporter!55
 2022-01-31 22:51:13 +00:00
Hector
93da909b0a fix: use correct flag in dockerfile (#18) 
Update the Dockerfile entrypoint script to use the correct version flag
syntax. The flag now requires two dashes instead of one. The syntax for
the texfile collector has also change, and the script was updated
accordingly.
Fix incorrect order of variable assignment when parsing CLI flags.
 2022-01-31 22:51:13 +00:00
Hector
98d376ac60 Merge branch '17-configure-exporter-using-environment-variables' into 'main' 
Resolve "Configure exporter using environment variables"

Closes #17

See merge request hectorjsmith/fail2ban-prometheus-exporter!54
 2022-01-30 21:32:48 +00:00
Hector
b7e317edbc feat: configure tool using environment variables (#17) 
Replace CLI parsing functionality with the `kingpin` library to better
support configuring the tool with environment variables.
Add new environment variables to configure the tool.

BREAKING CHANGE: CLI params now require two dashes instead of one (e.g. `--socket`)
 2022-01-30 21:32:48 +00:00
Hector
d92f7f79b6 Merge branch '16-add-basic-auth' into 'main' 
Resolve "Add basic auth"

Closes #16

See merge request hectorjsmith/fail2ban-prometheus-exporter!53
 2022-01-14 21:36:49 +00:00
Hector
6f76a03118 feat: add support for basic auth (#16) 
Add new CLI parameters to enable protecting the API endpoints with basic
auth authentication.
Wrap the server endpoints in a new auth middleware that protects it using
the provided basic auth credentials (if set).
Store the provided basic auth credentials as hashed values to prevent them
from being accidentally leaked.
Add unit tests to ensure the new functionality works as expected.
 2022-01-14 21:36:49 +00:00
Hector
013e8f30c9 Merge branch '15-update-sample-grafana-dashboard' into 'main' 
Update sample grafana dashboard

Closes #15

See merge request hectorjsmith/fail2ban-prometheus-exporter!52
 2021-12-23 11:42:10 +00:00
Hector
ae08a798b6 refactor: update grafana dashboard (#15) 
Update the sample Grafana dashboard to use a variable for the data
source. All panels have been updated to use the new variable. This makes
it easier to import the dashboard and have it work with different data
sources.
 2021-12-23 11:39:15 +00:00
Hector
cf71dc7449 Merge branch 'release/0.5.0' into 'main' 
Release/0.5.0

See merge request hectorjsmith/fail2ban-prometheus-exporter!51
 2021-12-21 21:25:00 +00:00
Hector
e0531694dd docs: update changelog for release 2021-12-21 21:16:38 +00:00
Hector
c2bc99afc2 Merge branch 'remove-deprecated-database-metric-collector' into 'main' 
Remove deprecated database metric collector

See merge request hectorjsmith/fail2ban-prometheus-exporter!50
 2021-12-21 17:46:46 +00:00
Hector
497e2ff692 remove: references to db collector 
Remove final references to the deprecated database metric collector.
Remove counter for db connection errors.

BREAKING CHANGE: Remove `-db` CLI flag.
 2021-12-21 17:42:42 +00:00
Hector
157e065369 Merge branch '15-add-sample-grafana-dashboard' into 'main' 
Resolve "Add sample grafana dashboard"

Closes #15

See merge request hectorjsmith/fail2ban-prometheus-exporter!49
 2021-12-21 17:29:00 +00:00
Hector
b397a51cf8 feat: sample grafana dashboard (#15) 
Add a sample Grafana dashboard to display all the metrics collected by
this tool.
Update the README file to mention Grafana dashboard.
 2021-12-21 17:29:00 +00:00
Hector
4be463a7c8 Merge branch 'python2' into 'main' 
fix: support python2 fail2ban

Closes #14

See merge request hectorjsmith/fail2ban-prometheus-exporter!48
 2021-12-18 06:58:40 +00:00
Private Creator
7932ccbe23 fix: support python2 fail2ban 
Python2 pickles use different class names for some types. Specifically,
builtins.str is __builtin__.str.
 2021-12-18 06:58:40 +00:00
Hector
6bbdd7a0a6 Merge branch 'main' into 'main' 
feat: Add listen address parameter

See merge request hectorjsmith/fail2ban-prometheus-exporter!47
 2021-12-18 06:45:37 +00:00
Private Creator
c208c8e97d feat: add listen address parameter 
Add new -web.listen-address command line parameter, so that the
listening interface can be limited. This follows a similar style as
the official prometheus-node-exporter project.
Update project README with the new parameter.
 2021-12-18 06:45:37 +00:00
Hector
f18bd78d4e Merge branch 'release/0.4.0' into 'main' 
Release/0.4.0

See merge request hectorjsmith/fail2ban-prometheus-exporter!46
 2021-10-18 18:44:46 +00:00
Hector
61a8a58754 docs: update changelog for release 2021-10-18 19:33:59 +01:00
Hector
4f2d8d9079 refactor: update imports in exporter.go 
Remove unnecessary name from the textfile import.
Remove the sqlite3 dependency which is no longer required.
 2021-10-18 19:32:08 +01:00
Hector
f2cd6ebb7b Merge branch 'refactor-project-makefile' into 'main' 
Refactor project makefile

See merge request hectorjsmith/fail2ban-prometheus-exporter!45
 2021-10-17 17:39:03 +00:00
Hector
695447a4c2 refactor: update project makefile 
Rename steps in the project makefile to follow a more consistent naming
scheme.
Add new gitlab CI step to check for unused dependencies.
 2021-10-17 17:39:02 +00:00
Hector
5363cad4ce Merge branch 'update-changelog' into 'main' 
Update changelog

See merge request hectorjsmith/fail2ban-prometheus-exporter!44
 2021-10-16 21:04:20 +00:00
Hector
1a660ab046 docs: update project changelog 2021-10-16 22:01:09 +01:00
Hector
4c122609b8 Merge branch 'remove-fail2ban-database-based-metrics' into 'main' 
Remove fail2ban database based metrics

See merge request hectorjsmith/fail2ban-prometheus-exporter!43
 2021-10-15 18:02:26 +00:00
Hector
b268f8654c remove: database-based metrics 
Remove all database-based metrics from the metrics endpoint.
Remove all code related to pulling metrics from the fail2ban database.
Remove all configuration variables related to the fail2ban database.
The CLI parameter for the database path was not removed to avoid breaking
compatibility.
Update docker entrypoint to remove references to the fail2ban database.
Remove all references to the old database metrics from the README.
 2021-10-15 18:02:26 +00:00
Hector
025347b7ca Merge branch 'add-metrics-on-basic-jail-configuration' into 'main' 
Add metrics on basic jail configuration

See merge request hectorjsmith/fail2ban-prometheus-exporter!42
 2021-10-14 20:52:25 +00:00
Hector
56730c8774 feat: add new jail config metrics 
Add new metrics around basic jail configuration. The new metrics expose the
max retries, ban time, and find time for each jail.
Update project README with the new metrics.
 2021-10-14 20:52:25 +00:00
Hector
bb5c15de1b Merge branch 'refactor-metric-collector-file-structure' into 'main' 
Refactor metric collector file structure

See merge request hectorjsmith/fail2ban-prometheus-exporter!41
 2021-10-13 20:40:10 +00:00
Hector
60e6365e1f refactor: create new collector folder 
Create a new `collector` folder to store the code for the different
collectors. Move the existing f2b and textfile collectors to this folder.
Minor refactors to the f2b collector to better match the code style of the
newer textfile collector.
 2021-10-13 21:33:49 +01:00
Hector
7cdaf1ebd1 Merge branch 'update-readme-with-missing-version-metric' into 'main' 
Update readme with missing version metric

See merge request hectorjsmith/fail2ban-prometheus-exporter!40
 2021-10-13 16:35:25 +00:00
Hector
9ccad42342 docs: add details on version metric to readme 
Update the README file to include info on the new version metrics.
 2021-10-13 17:21:33 +01:00
Hector
3591582b61 Merge branch 'remove-windows-support' into 'main' 
Remove windows support

See merge request hectorjsmith/fail2ban-prometheus-exporter!39
 2021-10-13 06:57:59 +00:00
Hector
0b6a941b38 remove: windows builds 
Update the goreleaser config to remove windows builds. It doesn't make
sense to build binaries for windows because fail2ban does not provide any
binary for windows. If windows support is required, docker can be used.
 2021-10-13 07:53:27 +01:00
Hector
d8ce799223 Merge branch 'add-support-for-exposing-metrics-from-text-file' into 'main' 
Add support for exposing metrics from text file

See merge request hectorjsmith/fail2ban-prometheus-exporter!38
 2021-10-12 20:38:26 +00:00
Hector
5a107cc547 feat: support for textfile metrics (#13) 
Add support for collecting arbitrary metrics from a textfile as well as
metrics collected from fail2ban. This allows other data to be exported
along with the fail2ban metrics (e.g. instance metadata).
Update the docker image to allow mounting a folder with a collection of
metric files to be exported. Only files ending in `.prom` with be read.
Update project README with the new functionality.
 2021-10-12 20:38:26 +00:00
Hector
351d3344f7 Merge branch 'release/0.3.0' into 'main' 
Release/0.3.0

See merge request hectorjsmith/fail2ban-prometheus-exporter!37
 2021-09-27 19:00:02 +00:00
Hector
1e29f6bfbf docs: update changelog for release 2021-09-27 19:55:58 +01:00
Hector
038aeaaafd Merge branch 'update-changelog' into 'main' 
Update changelog

See merge request hectorjsmith/fail2ban-prometheus-exporter!36
 2021-09-26 11:39:49 +00:00
Hector
94ee6cac4e docs: update changelog 2021-09-26 12:32:48 +01:00
Hector
51c1157d21 Merge branch 'render-basic-root-html-page-with-link-to-metrics' into 'main' 
Render basic root html page with link to metrics

See merge request hectorjsmith/fail2ban-prometheus-exporter!35
 2021-09-25 21:23:29 +00:00
Hector
84b9d02068 feat: render basic html page at root url 
Add a new request handler for the root URL (`/`) to render a simple HTML
page with a link to the metrics page. This follows the convention of other
metric exporters.
 2021-09-25 21:23:28 +00:00
Hector
a1a0aa03a4 Merge branch 'print-ready-message-with-host-and-port-on-startup' into 'main' 
Print ready message with host and port on startup

See merge request hectorjsmith/fail2ban-prometheus-exporter!34
 2021-09-22 12:34:39 +00:00
Hector
22a165da3e feat: improve startup logging 
Update the exporter startup to add more log messages. The server address,
port, and metrics path are now logged on startup.
A "ready" log message is printed when the server is up and running.
 2021-09-21 09:34:23 +01:00
Hector
964fbfd0f8 Merge branch 'split-export-functions-into-separate-package' into 'main' 
Split export functions into separate package

See merge request hectorjsmith/fail2ban-prometheus-exporter!33
 2021-09-14 20:28:15 +00:00
Hector
03f5084020 refactor: move exporter code to new package 
Split out all the code to define exporter functions and collect data into
a new package. The new package is responsible for all exporter related
activity. This makes the code easier to read.
Split the code for collecting metrics from the database and from the socket
into different files to make the separation more obvious.
 2021-09-13 20:25:54 +01:00
Hector
911736cee4 Merge branch '12-export-metric-with-fail2ban-server-and-exporter-versions' into 'main' 
Resolve "Export metric with fail2ban server and exporter versions"

Closes #12

See merge request hectorjsmith/fail2ban-prometheus-exporter!32
 2021-09-10 06:13:56 +00:00
Hector
fba9ee2809 feat: export new version metric (#12) 
Add a new `f2b_version` metric that includes the version of the fail2ban
server and the exporter.
Add a new socket command to get back the fail2ban server version.
 2021-09-10 06:13:56 +00:00
Hector
d9f1ee33c8 Merge branch 'docs/update-changelog-for-release' into 'main' 
Docs/update changelog for release

See merge request hectorjsmith/fail2ban-prometheus-exporter!31
 2021-08-31 13:07:54 +00:00
28 changed files with 1855 additions and 618 deletions
Expand all files Collapse all files

58
.gitlab-ci.yml
View File

@ -1,23 +1,41 @@
image: golang:latest
before_script:
- make install-deps
stages: stages:
- test - test
- build - build
format: .go_template:
image: golang:latest
before_script:
- make go/dependencies
.docker_template:
image: docker:stable
services:
- docker:dind
before_script:
- apk add git
- apk add make
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
dependencies:
extends: .go_template
stage: test stage: test
script: script:
- make format - make go/checkDependencies
format:
extends: .go_template
stage: test
script:
- make go/checkFmt
test: test:
extends: .go_template
stage: test stage: test
script: script:
- make test - make go/test
build: build:
extends: .go_template
stage: build stage: build
only: only:
- main - main
@ -31,19 +49,21 @@ build:
- dist/checksums.txt - dist/checksums.txt
expire_in: 1 day expire_in: 1 day
docker-gitlab: docker/gitlab:
extends: .docker_template
stage: build
only:
- tags
script:
- make docker/build/latest
- make docker/build/tag
- docker push registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter
docker/gitlab/nightly:
extends: .docker_template
stage: build stage: build
only: only:
- main - main
- tags
image: docker:stable
services:
- docker:dind
before_script:
- apk add git
- apk add make
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script: script:
- make docker/build-latest - make docker/build/nightly
- make docker/build-tag
- docker push registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter - docker push registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter

6
.goreleaser.yml
View File

@ -1,14 +1,15 @@
# This is an example goreleaser.yaml file with some sane defaults. # This is an example goreleaser.yaml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com # Make sure to check the documentation at http://goreleaser.com
project_name: fail2ban_exporter
before: before:
hooks: hooks:
- make install-deps - make go/dependencies
builds: builds:
- -
binary: fail2ban_exporter
dir: src dir: src
goos: goos:
- linux - linux
- windows
- darwin - darwin
goarch: goarch:
- amd64 - amd64
@ -21,6 +22,7 @@ builds:
archives: archives:
- -
wrap_in_directory: true
files: files:
- LICENSE - LICENSE
- README.md - README.md

65
CHANGELOG.md
View File

@ -5,6 +5,66 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog], and this project adheres to [Semantic Versioning]. The format is based on [Keep a Changelog], and this project adheres to [Semantic Versioning].
## [Unreleased] ## [Unreleased]
*Nothing yet*
## [0.6.0] - 2022-02-20
*Rewrite CLI flags and environment variables*
### Added
- (23e073f) feat: add example systemd service file
- (3911eca) feat: rename output binary and archives
- (f6e328a) feat: correctly handle shutdown signals
- (6e575aa) feat: rewrite cli flags and environment variables
- (0f0efe5) feat: remove startup script from docker image
- (e2902b8) feat: improve logging on startup
- (1f27dac) feat: add default value for fail2ban socket path
- (b7e317e) feat: configure tool using environment variables ([#17](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/17))
- (6f76a03) feat: add support for basic auth ([#16](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/16))
### Fixed
- (93da909) fix: use correct flag in dockerfile ([#18](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/18))
### BREAKING CHANGE
- Release binary name has been changed to `fail2ban_exporter`.
- Replace `--socket` flag with `--collector.f2b.socket`.
- Merge `--port` flag and `--web.listen-address` into a single flag.
- Remove `--collector.textfile` flag, its value is now derived from `--collector.textfile.directory`.
- Remove `F2B_COLLECTOR_TEXT` and `F2B_WEB_PORT` environment variables.
- Using the textfile collector in docker now requires setting environment variables.
- CLI params now require two dashes instead of one (e.g. `--socket`).
## [0.5.0] - 2021-12-21
*Remove deprecated code & support python2*
### Added
- (b397a51) feat: sample grafana dashboard ([#15](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/15))
- (c208c8e) feat: add listen address parameter - thanks [@private-creator](https://gitlab.com/private-creator)!
### Fixed
- (7932ccb) fix: support python2 fail2ban ([#14](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/14)) - thanks [@private-creator](https://gitlab.com/private-creator)!
### BREAKING CHANGE
- Remove `-db` CLI flag
- Remove `f2b_errors{type="db"}` metric
## [0.4.0] - 2021-10-18
*Add new fail2ban config metrics*
### Added
- (56730c8) feat: add new jail config metrics
- (5a107cc) feat: support for textfile metrics ([#13](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/13))
### Removed
- (b268f86) remove: database-based metrics
- (0b6a941) remove: windows builds
## [0.3.0] - 2021-09-27
*Export new version metrics ([#12](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/12))*
### Added
- (3c9a005) feat: render basic html page at root url
- (22a165d) feat: improve startup logging
- (fba9ee2) feat: export new version metric ([#12](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/12))
## [0.2.0] - 2021-08-31 ## [0.2.0] - 2021-08-31
*Collect metrics through fail2ban socket - based on [#11](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/11)* *Collect metrics through fail2ban socket - based on [#11](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/issues/11)*
@ -39,6 +99,7 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic
- (0842419) fix: compile tool without cgo_enabled flag - (0842419) fix: compile tool without cgo_enabled flag
## 0.0.0 - 2021-02-05 ## 0.0.0 - 2021-02-05
*Repository creation*
--- ---
@ -47,3 +108,7 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic
[Unreleased]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.1.0...main [Unreleased]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.1.0...main
[0.1.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.0.0...0.1.0 [0.1.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.0.0...0.1.0
[0.2.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.1.0...0.2.0 [0.2.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.1.0...0.2.0
[0.3.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.2.0...0.3.0
[0.4.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.3.0...0.4.0
[0.5.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.4.0...0.5.0
[0.6.0]: https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/compare/0.5.0...0.6.0

7
Dockerfile
View File

@ -18,9 +18,6 @@ FROM debian:buster-slim
WORKDIR /app WORKDIR /app
# Copy compiled binary to release image # Copy compiled binary to release image
COPY --from=build /build/src/exporter /app/fail2ban-prometheus-exporter COPY --from=build /build/src/fail2ban_exporter /app/fail2ban_exporter
# Copy init script into main app folder and set as entry point ENTRYPOINT ["/app/fail2ban_exporter"]
COPY docker/run.sh /app/
RUN chmod +x /app/*
ENTRYPOINT /app/run.sh

31
Makefile
View File

@ -1,20 +1,22 @@
install-deps: go/dependencies:
cd src/ && go mod download cd src/ && go mod download
# Standard go test
test:
cd src/ && go test ./... -v -race
# Make sure no unnecessary dependencies are present # Make sure no unnecessary dependencies are present
go-mod-tidy: go/checkDependencies:
cd src/ && go mod tidy -v cd src/ && go mod tidy -v
git diff-index --quiet HEAD git diff-index --quiet HEAD
format: # Standard go test
cd src/ && go fmt $(go list ./... | grep -v /vendor/) go/test:
cd src/ && go vet $(go list ./... | grep -v /vendor/) cd src/ && go test ./... -v -race
generateChangelog: go/fmt:
cd src/ && go fmt ./...
go/checkFmt:
test -z $(shell gofmt -l .)
docs/genChangelog:
./tools/git-chglog_linux_amd64 --config tools/chglog/config.yml 0.0.0.. > CHANGELOG_gen.md ./tools/git-chglog_linux_amd64 --config tools/chglog/config.yml 0.0.0.. > CHANGELOG_gen.md
build/snapshot: build/snapshot:
@ -24,11 +26,14 @@ build/release:
./tools/goreleaser_linux_amd64 --rm-dist --skip-publish ./tools/goreleaser_linux_amd64 --rm-dist --skip-publish
build/docker: build/docker:
cd src/ && go build -o exporter \ cd src/ && go build -o fail2ban_exporter \
-ldflags '-X main.version=$(shell git describe --tags) -X main.commit=${shell git rev-parse HEAD} -X "main.date=${shell date --rfc-3339=seconds}" -X main.builtBy=docker' exporter.go -ldflags '-X main.version=$(shell git describe --tags) -X main.commit=${shell git rev-parse HEAD} -X "main.date=${shell date --rfc-3339=seconds}" -X main.builtBy=docker' exporter.go
docker/build-latest: docker/build/latest:
docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest . docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest .
docker/build-tag: docker/build/nightly:
docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:nightly .
docker/build/tag:
docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:$(shell git describe --tags) . docker build -t registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:$(shell git describe --tags) .

312
README.md
View File

@ -1,114 +1,48 @@
# Fail2Ban Prometheus Exporter # Fail2Ban Prometheus Exporter
Go tool to collect and export metrics on Fail2Ban [![Pipeline](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/badges/main/pipeline.svg)](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter)
Collect metrics from a running fail2ban instance.
## Table of Contents ## Table of Contents
1. Introduction 1. Quick Start
2. Running the Exporter 2. Metrics
3. Running in Docker 3. Configuration
4. Metrics 4. Building from source
5. Textfile metrics
## 1. Introduction ## 1. Quick Start
The exporter can collect metrics from 2 locations: the fail2ban server socket and the fail2ban server database.
Once the exporter is running, metrics are available at `localhost:9191/metrics`. The exporter can be run as a standalone binary or a docker container.
(The default port is `9191` but can be modified with the `-port` flag) ### 1.1. Standalone
### 1.1. Socket The following command will start collecting metrics from the `/var/run/fail2ban/fail2ban.sock` file and expose them on port `9191`.
The recommended way to run the exporter is to point it at the fail2ban server socket.
This allows the exporter to communicate with the server the same way `fail2ban-client` does and ensures the metrics it collects align with the values reported by `fail2ban-client status <jail>`.
The default path to the socket is: `/var/run/fail2ban/fail2ban.sock`
### 1.2. Deprecated: Database
The original way to collect metrics is to read them from the fail2ban database.
This has now been deprecated in favour of using the socket.
The reason being that database metrics do not always align with the output of `fail2ban-client status <jail>` and cause confusion.
See [#11](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11) for more details.
If necessary, these metrics can still be exported by providing the database path to the exporter.
The default path to the fail2ban database is: `/var/lib/fail2ban/fail2ban.sqlite3`
## 2. Running the Exporter
The exporter is compiled and released as a single binary.
This makes it very easy to run in any environment.
No additional runtime dependencies are required.
Compiled binaries for various platforms are provided in each release.
See the [releases page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases) for more information.
**Usage**
```
$ fail2ban-prometheus-exporter -h
-db string
path to the fail2ban sqlite database (deprecated)
-port int
port to use for the metrics server (default 9191)
-socket string
path to the fail2ban server socket
-version
show version info and exit
```
**Example**
``` ```
fail2ban-prometheus-exporter -socket /var/run/fail2ban/fail2ban.sock -port 9191 $ fail2ban_exporter --collector.f2b.socket=/var/run/fail2ban/fail2ban.sock --web.listen-address=":9191"
2022/02/20 09:54:06 fail2ban exporter version 0.5.0
2022/02/20 09:54:06 starting server at :9191
2022/02/20 09:54:06 reading metrics from fail2ban socket: /var/run/fail2ban/fail2ban.sock
2022/02/20 09:54:06 metrics available at '/metrics'
2022/02/20 09:54:06 ready
``` ```
Note that the exporter will need read access to the fail2ban socket or database. Binary files for each release can be found on the [releases](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases) page.
### 2.1. Compile from Source ### 1.2. Docker
The code can be compiled from source by running `go build` inside the `src/` folder.
Go version `1.15` or greater is required.
Run `go mod download` to download all necessary dependencies before running the build.
## 3. Running in Docker
If use of docker is desired, an official docker image is available on the Gitlab container registry.
Use it by pulling the following image:
```
registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
```
Use the `:latest` tag to get the most up to date code (less stable) or use one of the version tagged images to use a specific release.
See the [registry page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags.
### 3.1. Volumes
The docker image is designed to run by mounting either the fail2ban sqlite3 database of the fail2ban run folder.
- The database should be mounted at: `/app/fail2ban.sqlite3`
- The run folder should be mounted at: `/var/run/fail2ban`
Both paths can be mounted with readonly (`ro`) permissions.
**NOTE:** While it is possible to mount the `fail2ban.sock` file directly, it is recommended to mount the parent folder instead.
The `.sock` file is deleted by fail2ban on shutdown and re-created on startup and this causes problems for the docker mount.
See [this reply](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11#note_665003499) for more details.
### 3.2. Docker run
Use the following command to run the exporter as a docker container.
**Docker run**
``` ```
docker run -d \ docker run -d \
--name "fail2ban-exporter" \ --name "fail2ban-exporter" \
-v /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro \
-v /var/run/fail2ban:/var/run/fail2ban:ro \ -v /var/run/fail2ban:/var/run/fail2ban:ro \
-p "9191:9191" \ -p "9191:9191" \
registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
``` ```
### 3.3. Docker compose **Docker compose**
The following is a simple docker-compose file to run the exporter.
``` ```
version: "2" version: "2"
@ -116,79 +50,44 @@ services:
exporter: exporter:
image: registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest image: registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
volumes: volumes:
- /var/lib/fail2ban/fail2ban.sqlite3:/app/fail2ban.sqlite3:ro
- /var/run/fail2ban/:/var/run/fail2ban:ro - /var/run/fail2ban/:/var/run/fail2ban:ro
ports: ports:
- "9191:9191" - "9191:9191"
``` ```
## 4. Metrics Use the `:latest` tag to get the latest stable release. Or use the `:nightly` tag for the latest (unstable) version.
See the [registry page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags.
Access exported metrics at the `/metrics` path on the configured port. **NOTE:** While it is possible to mount the `fail2ban.sock` file directly, it is recommended to mount the parent folder instead.
The `.sock` file is deleted by fail2ban on shutdown and re-created on startup and this causes problems for the docker mount.
See [this reply](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11#note_665003499) for more details.
**Note on Fail2Ban Jails** ## 2. Metrics
fail2ban can be configured to process different log files and use different rules for each one. The exporter exposes the following metrics:
These separate configurations are referred to as *jails*.
For example, fail2ban can be configured to watch the system logs for failed SSH connections and Nextcloud logs for failed logins. *All metric names are prefixed with `f2b_`*
In this configuration, there will be two jails - one for IPs banned from the SSH logs, and one for IPs banned from the Nextcloud logs.
This tool exports several metrics *per jail*, meaning that it is possible to track how many IPs are being banned in each jail as well as the overall total. | Metric | Description | Example |
This can be useful to track what services are seeing more failed logins. |------------------------------|------------------------------------------------------------------------------------|-----------------------------------------------------|
| `up` | Returns 1 if the exporter is up and running | `f2b_up 1` |
### 4.1. Socket-based Metrics | `errors` | Count the number of errors since startup by type | |
| `errors{type="socket_conn"}` | Errors connecting to the fail2ban socket (e.g. connection refused) | `f2b_errors{type="socket_conn"} 0` |
These are the metrics exported by reading data from the fail2ban server socket. | `errors{type="socket_req"}` | Errors sending requests to the fail2ban server (e.g. invalid responses) | `f2b_errors{type="socket_req"} 0` |
All metrics are prefixed with `f2b_`. | `jail_count` | Number of jails configured in fail2ban | `f2b_jail_count 2` |
| `jail_banned_current` | Number of IPs currently banned per jail | `f2b_jail_banned_current{jail="sshd"} 15` |
Exposed metrics: | `jail_banned_total` | Total number of banned IPs since fail2ban startup per jail (includes expired bans) | `f2b_jail_banned_total{jail="sshd"} 31` |
* `up` - Returns 1 if the fail2ban server is up and connection succeeds | `jail_failed_current` | Number of current failures per jail | `f2b_jail_failed_current{jail="sshd"} 6` |
* `errors` - Number of errors since startup | `jail_failed_total` | Total number of failures since fail2ban startup per jail | `f2b_jail_failed_total{jail="sshd"} 125` |
* `db` - Errors connecting to the database | `jail_config_ban_time` | How long an IP is banned for in this jail (in seconds) | `f2b_config_jail_ban_time{jail="sshd"} 600` |
* `socket_conn` - Errors connecting to the fail2ban socket (e.g. connection refused) | `jail_config_find_time` | How far back the filter will look for failures in this jail (in seconds) | `f2b_config_jail_find_time{jail="sshd"} 600` |
* `socket_req` - Errors sending requests to the fail2ban server (e.g. invalid responses) | `jail_config_max_retry` | The max number of failures allowed before banning an IP in this jail | `f2b_config_jail_max_retries{jail="sshd"} 5` |
* `jail_count` - Number of jails configured in fail2ban | `version` | Version string of the exporter and fail2ban | `f2b_version{exporter="0.5.0",fail2ban="0.11.1"} 1` |
* `jail_banned_current` (per jail) - Number of IPs currently banned
* `jail_banned_total` (per jail) - Total number of banned IPs since fail2ban startup (includes expired bans)
* `jail_failed_current` (per jail) - Number of current failures
* `jail_failed_total` (per jail) - Total number of failures since fail2ban startup
**Sample**
```
# HELP f2b_errors Number of errors found since startup
# TYPE f2b_errors counter
f2b_errors{type="db"} 0
f2b_errors{type="socket_conn"} 0
f2b_errors{type="socket_req"} 0
# HELP f2b_jail_banned_current Number of IPs currently banned in this jail
# TYPE f2b_jail_banned_current gauge
f2b_jail_banned_current{jail="recidive"} 5
f2b_jail_banned_current{jail="sshd"} 15
# HELP f2b_jail_banned_total Total number of IPs banned by this jail (includes expired bans)
# TYPE f2b_jail_banned_total gauge
f2b_jail_banned_total{jail="recidive"} 6
f2b_jail_banned_total{jail="sshd"} 31
# HELP f2b_jail_count Number of defined jails
# TYPE f2b_jail_count gauge
f2b_jail_count 2
# HELP f2b_jail_failed_current Number of current failures on this jail's filter
# TYPE f2b_jail_failed_current gauge
f2b_jail_failed_current{jail="recidive"} 5
f2b_jail_failed_current{jail="sshd"} 6
# HELP f2b_jail_failed_total Number of total failures on this jail's filter
# TYPE f2b_jail_failed_total gauge
f2b_jail_failed_total{jail="recidive"} 7
f2b_jail_failed_total{jail="sshd"} 125
# HELP f2b_up Check if the fail2ban server is up
# TYPE f2b_up gauge
f2b_up 1
```
The metrics above correspond to the matching fields in the `fail2ban-client status <jail>` command: The metrics above correspond to the matching fields in the `fail2ban-client status <jail>` command:
``` ```
Status for the jail: sshd|- Filter Status for the jail: sshd
|- Filter
| |- Currently failed: 6 | |- Currently failed: 6
| |- Total failed: 125 | |- Total failed: 125
| `- File list: /var/log/auth.log | `- File list: /var/log/auth.log
@ -198,45 +97,92 @@ Status for the jail: sshd|- Filter
`- Banned IP list: ... `- Banned IP list: ...
``` ```
### 4.2. Database Metrics (deprecated) ### 2.1. Grafana
These are the original metrics exported by the initial release of the exporter. The metrics exported by this tool are compatible with Prometheus and Grafana.
They are all based on the data stored in the fail2ban sqlite3 database. A sample grafana dashboard can be found in the [grafana.json](/examples/grafana/dashboard.json) file.
Just import the contents of this file into a new Grafana dashboard to get started.
*These metrics are deprecated and will be removed in a future release.* *(Sample dashboard is compatible with Grafana `8.3.3` and above)*
All metrics are prefixed with `fail2ban_`. ## 3. Configuration
Exposed metrics: The exporter is configured with CLI flags and environment variables.
* `up` - Returns 1 if the service is up There are no configuration files.
* `errors` - Returns the number of errors found since startup
* `enabled_jails` - Returns 1 for each jail that is enabled, 0 if disabled.
* `bad_ips` (per jail)
* A *bad IP* is defined as an IP that has been banned at least once in the past
* Bad IPs are counted per jail
* `banned_ips` (per jail)
* A *banned IP* is defined as an IP that is currently banned on the firewall
* Banned IPs are counted per jail
**Sample** **CLI flags**
```
usage: fail2ban_exporter [<flags>]
Flags:
-h, --help Show context-sensitive help (also try --help-long and --help-man).
-v, --version show version info and exit
--collector.f2b.socket="/var/run/fail2ban/fail2ban.sock"
path to the fail2ban server socket
--collector.textfile.directory=""
directory to read text files with metrics from
--web.listen-address=":9191"
address to use for the metrics server
--web.basic-auth.username=""
username to use to protect endpoints with basic auth
--web.basic-auth.password=""
password to use to protect endpoints with basic auth
```
**Environment variables**
Each environment variable corresponds to a CLI flag.
If both are specified, the CLI flag takes precedence.
| Environment variable | Corresponding CLI flag |
|---------------------------|----------------------------------|
| `F2B_COLLECTOR_SOCKET` | `--collector.f2b.socket` |
| `F2B_COLLECTOR_TEXT_PATH` | `--collector.textfile.directory` |
| `F2B_WEB_LISTEN_ADDRESS` | `--web.listen-address` |
| `F2B_WEB_BASICAUTH_USER` | `--web.basic-auth.username` |
| `F2B_WEB_BASICAUTH_PASS` | `--web.basic-auth.password` |
## 4. Building from source
The simplest way to build the project is to run the `build/snapshot` make command.
This will use `goreleaser` to build out binaries and archives for the project.
Binaries are stored in the `dist/` folder.
Alternatively, `go mod download` and `go build` can be used from the `src/` folder to build out the project.
This will download dependencies and build the project.
## 5. Textfile metrics
For more flexibility the exporter also allows exporting metrics collected from a text file.
To enable textfile metrics provide the directory to read files from with the `--collector.textfile.directory` flag.
Metrics collected from these files will be exposed directly alongside the other metrics without any additional processing.
This means that it is the responsibility of the file creator to ensure the format is correct.
By exporting textfile metrics an extra metric is also exported with an error count for each file:
``` ```
# HELP fail2ban_bad_ips (Deprecated) Number of bad IPs stored in the database (per jail). # HELP textfile_error Checks for errors while reading text files
# TYPE fail2ban_bad_ips gauge # TYPE textfile_error gauge
fail2ban_bad_ips{jail="recidive"} 0 textfile_error{path="file.prom"} 0
fail2ban_bad_ips{jail="sshd"} 0 ```
# HELP fail2ban_banned_ips (Deprecated) Number of banned IPs stored in the database (per jail).
# TYPE fail2ban_banned_ips gauge **NOTE:** Any file not ending with `.prom` will be ignored.
fail2ban_banned_ips{jail="recidive"} 0
fail2ban_banned_ips{jail="sshd"} 0 **Running in Docker**
# HELP fail2ban_enabled_jails (Deprecated) Enabled jails.
# TYPE fail2ban_enabled_jails gauge To collect textfile metrics inside a docker container, a couple of things need to be done:
fail2ban_enabled_jails{jail="recidive"} 1 1. Mount the folder with the metrics files
fail2ban_enabled_jails{jail="sshd"} 1 2. Set the `F2B_COLLECTOR_TEXT_PATH` environment variable
# HELP fail2ban_errors (Deprecated) Number of errors found since startup.
# TYPE fail2ban_errors counter *For example:*
fail2ban_errors{type="db"} 0 ```
# HELP fail2ban_up (Deprecated) Was the last fail2ban query successful. docker run -d \
# TYPE fail2ban_up gauge --name "fail2ban-exporter" \
fail2ban_up 1 -v /var/run/fail2ban:/var/run/fail2ban:ro \
-v /path/to/metrics:/app/metrics/:ro \
-e F2B_COLLECTOR_TEXT_PATH=/app/metrics \
-p "9191:9191" \
registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
``` ```

21
docker/run.sh
View File

@ -1,21 +0,0 @@
#/bin/sh
# Print version to logs for debugging purposes
/app/fail2ban-prometheus-exporter -version
db_path=/app/fail2ban.sqlite3
socket_path=/var/run/fail2ban/fail2ban.sock
# Blank out the file paths if they do not exist - a hacky way to only use these files if they were mounted into the container.
if [ ! -f "$db_path" ]; then
db_path=""
fi
if [ ! -S "$socket_path" ]; then
socket_path=""
fi
# Start the exporter (use exec to support graceful shutdown)
# Inspired by: https://akomljen.com/stopping-docker-containers-gracefully/
exec /app/fail2ban-prometheus-exporter \
-db "$db_path" \
-socket "$socket_path"

807
examples/grafana/dashboard.json Normal file
View File

@ -0,0 +1,807 @@
{
"__inputs": [
{
"name": "DS_PROMETHEUS",
"label": "Prometheus",
"description": "",
"type": "datasource",
"pluginId": "prometheus",
"pluginName": "Prometheus"
}
],
"__elements": [],
"__requires": [
{
"type": "grafana",
"id": "grafana",
"name": "Grafana",
"version": "8.3.3"
},
{
"type": "datasource",
"id": "prometheus",
"name": "Prometheus",
"version": "1.0.0"
},
{
"type": "panel",
"id": "table",
"name": "Table",
"version": ""
},
{
"type": "panel",
"id": "timeseries",
"name": "Time series",
"version": ""
}
],
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 2,
"id": null,
"iteration": 1640159475017,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"displayMode": "auto"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": ".*Time"
},
"properties": [
{
"id": "unit",
"value": "s"
}
]
}
]
},
"gridPos": {
"h": 6,
"w": 24,
"x": 0,
"y": 0
},
"id": 206,
"options": {
"footer": {
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "8.3.3",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": false,
"expr": "f2b_config_jail_max_retries",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "{{jail}}",
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": false,
"expr": "f2b_config_jail_ban_time",
"format": "table",
"hide": false,
"instant": true,
"interval": "",
"legendFormat": "{{jail}}",
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": false,
"expr": "f2b_config_jail_find_time",
"format": "table",
"hide": false,
"instant": true,
"interval": "",
"legendFormat": "{{jail}}",
"refId": "C"
}
],
"title": "F2B Config",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "groupBy",
"options": {
"fields": {
"Value #A": {
"aggregations": [
"lastNotNull"
],
"operation": "aggregate"
},
"Value #B": {
"aggregations": [
"lastNotNull"
],
"operation": "aggregate"
},
"Value #C": {
"aggregations": [
"lastNotNull"
],
"operation": "aggregate"
},
"jail": {
"aggregations": [],
"operation": "groupby"
}
}
}
},
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Value #A (lastNotNull)": "Max Retries",
"Value #B (lastNotNull)": "Ban Time",
"Value #C (lastNotNull)": "Find Time",
"jail": "Jail"
}
}
}
],
"transparent": true,
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 6
},
"id": 190,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right"
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "f2b_jail_failed_total",
"hide": false,
"interval": "",
"legendFormat": "{{jail}}",
"refId": "A"
}
],
"title": "Fail2Ban Failures (Total)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 6
},
"id": 191,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right"
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "f2b_jail_banned_total",
"interval": "",
"legendFormat": "{{jail}}",
"refId": "A"
}
],
"title": "Fail2Ban Bans (Total)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 14
},
"id": 208,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right"
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "f2b_jail_failed_current",
"interval": "",
"legendFormat": "{{jail}}",
"refId": "A"
}
],
"title": "Fail2Ban Failures (Current)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 14
},
"id": 209,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right"
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "f2b_jail_banned_current",
"interval": "",
"legendFormat": "{{jail}}",
"refId": "A"
}
],
"title": "Fail2Ban Bans (Current)",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 1,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 5,
"w": 12,
"x": 0,
"y": 22
},
"id": 203,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right"
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "f2b_up",
"interval": "",
"legendFormat": "Up",
"refId": "A"
}
],
"title": "Fail2Ban Up",
"transparent": true,
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"description": "",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": true,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 1,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 5,
"w": 12,
"x": 12,
"y": 22
},
"id": 204,
"options": {
"legend": {
"calcs": [
"lastNotNull"
],
"displayMode": "table",
"placement": "right"
},
"tooltip": {
"mode": "single"
}
},
"pluginVersion": "8.2.1",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "${DS_PROMETHEUS}"
},
"exemplar": true,
"expr": "f2b_errors",
"interval": "",
"legendFormat": "{{type}}",
"refId": "A"
}
],
"title": "Fail2Ban Exporter Errors",
"transparent": true,
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 34,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"current": {
"selected": true,
"text": "Prometheus",
"value": "Prometheus"
},
"hide": 0,
"includeAll": false,
"label": "Data Source",
"multi": false,
"name": "DataSource",
"options": [],
"query": "prometheus",
"queryValue": "",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"type": "datasource"
}
]
},
"time": {
"from": "now-6h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "F2B",
"uid": "cTkH9AT7z",
"version": 17,
"weekStart": ""
}

7
examples/systemd/README.md Normal file
View File

@ -0,0 +1,7 @@
# Systemd
The `.service` file in this directory should be copied to the `/etc/systemd/system/` folder.
- It expects the binary file to be installed at `/usr/sbin/fail2ban_exporter`.
- It expects a user named `fail2ban_exporter` to exist. This user should not have a shell or any special privileges aside from read-access to the fail2ban socket file.
The `ExecStart` line can be modified to add any custom CLI flags.

9
examples/systemd/fail2ban_exporter.service Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Fail2Ban Exporter
[Service]
User=fail2ban_exporter
ExecStart=/usr/sbin/fail2ban_exporter
[Install]
WantedBy=multi-user.target

18
src/auth/hash.go Normal file
View File

@ -0,0 +1,18 @@
package auth
import (
"crypto/sha256"
"encoding/hex"
)
func Hash(data []byte) []byte {
if len(data) == 0 {
return []byte{}
}
b := sha256.Sum256(data)
return b[:]
}
func HashString(data string) string {
return hex.EncodeToString(Hash([]byte(data)))
}

26
src/auth/hash_test.go Normal file
View File

@ -0,0 +1,26 @@
package auth
import (
"reflect"
"testing"
)
func TestHashString(t *testing.T) {
tests := []struct {
name string
args string
want string
}{
{"Happy path #1", "123", "a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3"},
{"Happy path #2", "hello world", "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9"},
{"Happy path #3", "H3Ll0_W0RLD", "d58a27fe9a6e73a1d8a67189fb8acace047e7a1a795276a0056d3717ad61bd0e"},
{"Blank string", "", ""},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := HashString(tt.args); !reflect.DeepEqual(got, tt.want) {
t.Errorf("HashString() = %v, want %v", got, tt.want)
}
})
}
}

31
src/auth/middleware.go Normal file
View File

@ -0,0 +1,31 @@
package auth
import (
"net/http"
)
type BasicAuthProvider interface {
Enabled() bool
DoesBasicAuthMatch(username, password string) bool
}
func BasicAuthMiddleware(handlerFunc http.HandlerFunc, basicAuthProvider BasicAuthProvider) http.HandlerFunc {
if basicAuthProvider.Enabled() {
return func(w http.ResponseWriter, r *http.Request) {
if doesBasicAuthMatch(r, basicAuthProvider) {
handlerFunc.ServeHTTP(w, r)
} else {
w.WriteHeader(http.StatusUnauthorized)
}
}
}
return handlerFunc
}
func doesBasicAuthMatch(r *http.Request, basicAuthProvider BasicAuthProvider) bool {
rawUsername, rawPassword, ok := r.BasicAuth()
if ok {
return basicAuthProvider.DoesBasicAuthMatch(rawUsername, rawPassword)
}
return false
}

58
src/auth/middleware_test.go Normal file
View File

@ -0,0 +1,58 @@
package auth
import (
"net/http"
"net/http/httptest"
"testing"
)
type testAuthProvider struct {
enabled bool
match bool
}
func (p testAuthProvider) Enabled() bool {
return p.enabled
}
func (p testAuthProvider) DoesBasicAuthMatch(username, password string) bool {
return p.match
}
func newTestRequest() *http.Request {
return httptest.NewRequest(http.MethodGet, "http://example.com", nil)
}
func executeBasicAuthMiddlewareTest(t *testing.T, authEnabled bool, authMatches bool, expectedCode int, expectedCallCount int) {
callCount := 0
testHandler := func(w http.ResponseWriter, r *http.Request) {
callCount++
}
handler := BasicAuthMiddleware(testHandler, testAuthProvider{enabled: authEnabled, match: authMatches})
recorder := httptest.NewRecorder()
request := newTestRequest()
if authEnabled {
request.SetBasicAuth("test", "test")
}
handler.ServeHTTP(recorder, request)
if recorder.Code != expectedCode {
t.Errorf("statusCode = %v, want %v", recorder.Code, expectedCode)
}
if callCount != expectedCallCount {
t.Errorf("callCount = %v, want %v", callCount, expectedCallCount)
}
}
func Test_GIVEN_DisabledBasicAuth_WHEN_MethodCalled_THEN_RequestProcessed(t *testing.T) {
executeBasicAuthMiddlewareTest(t, false, false, http.StatusOK, 1)
}
func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithCorrectCredentials_THEN_RequestProcessed(t *testing.T) {
executeBasicAuthMiddlewareTest(t, true, true, http.StatusOK, 1)
}
func Test_GIVEN_EnabledBasicAuth_WHEN_MethodCalledWithIncorrectCredentials_THEN_RequestRejected(t *testing.T) {
executeBasicAuthMiddlewareTest(t, true, false, http.StatusUnauthorized, 0)
}

25
src/cfg/basicAuth.go Normal file
View File

@ -0,0 +1,25 @@
package cfg
import "fail2ban-prometheus-exporter/auth"
type hashedBasicAuth struct {
username string
password string
}
func newHashedBasicAuth(rawUsername, rawPassword string) *hashedBasicAuth {
return &hashedBasicAuth{
username: auth.HashString(rawUsername),
password: auth.HashString(rawPassword),
}
}
func (p *hashedBasicAuth) Enabled() bool {
return len(p.username) > 0 && len(p.password) > 0
}
func (p *hashedBasicAuth) DoesBasicAuthMatch(rawUsername, rawPassword string) bool {
username := auth.HashString(rawUsername)
password := auth.HashString(rawPassword)
return username == p.username && password == p.password
}

60
src/cfg/basicAuth_test.go Normal file
View File

@ -0,0 +1,60 @@
package cfg
import "testing"
func Test_hashedBasicAuth_DoesBasicAuthMatch(t *testing.T) {
type args struct {
username string
password string
}
type fields struct {
username string
password string
}
tests := []struct {
name string
fields fields
args args
want bool
}{
{"Happy test #1", fields{username: "1234", password: "1234"}, args{username: "1234", password: "1234"}, true},
{"Happy test #2", fields{username: "test", password: "1234"}, args{username: "test", password: "1234"}, true},
{"Happy test #3", fields{username: "TEST", password: "1234"}, args{username: "TEST", password: "1234"}, true},
{"Non match #1", fields{username: "test", password: "1234"}, args{username: "1234", password: "1234"}, false},
{"Non match #2", fields{username: "1234", password: "test"}, args{username: "1234", password: "1234"}, false},
{"Non match #3", fields{username: "1234", password: "test"}, args{username: "1234", password: "TEST"}, false},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
if got := basicAuth.DoesBasicAuthMatch(tt.args.username, tt.args.password); got != tt.want {
t.Errorf("DoesBasicAuthMatch() = %v, want %v", got, tt.want)
}
})
}
}
func Test_hashedBasicAuth_Enabled(t *testing.T) {
type fields struct {
username string
password string
}
tests := []struct {
name string
fields fields
want bool
}{
{"Both blank", fields{username: "", password: ""}, false},
{"Single blank #1", fields{username: "test", password: ""}, false},
{"Single blank #1", fields{username: "", password: "test"}, false},
{"Both populated", fields{username: "test", password: "test"}, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
basicAuth := newHashedBasicAuth(tt.fields.username, tt.fields.password)
if got := basicAuth.Enabled(); got != tt.want {
t.Errorf("Enabled() = %v, want %v", got, tt.want)
}
})
}
}

89
src/cfg/cfg.go
View File

@ -1,50 +1,101 @@
package cfg package cfg
import ( import (
"flag"
"fmt" "fmt"
"gopkg.in/alecthomas/kingpin.v2"
"os" "os"
) )
const ( const (
minServerPort = 1000 socketEnvName = "F2B_COLLECTOR_SOCKET"
maxServerPort = 65535 fileCollectorPathEnvName = "F2B_COLLECTOR_TEXT_PATH"
addressEnvName = "F2B_WEB_LISTEN_ADDRESS"
basicAuthUserEnvName = "F2B_WEB_BASICAUTH_USER"
basicAuthPassEnvName = "F2B_WEB_BASICAUTH_PASS"
) )
type AppSettings struct { type AppSettings struct {
VersionMode bool VersionMode bool
MetricsPort int MetricsAddress string
Fail2BanDbPath string
Fail2BanSocketPath string Fail2BanSocketPath string
FileCollectorPath string
BasicAuthProvider *hashedBasicAuth
}
func init() {
kingpin.HelpFlag.Short('h')
} }
func Parse() *AppSettings { func Parse() *AppSettings {
appSettings := &AppSettings{} settings := &AppSettings{}
flag.BoolVar(&appSettings.VersionMode, "version", false, "show version info and exit") readParamsFromCli(settings)
flag.IntVar(&appSettings.MetricsPort, "port", 9191, "port to use for the metrics server") settings.validateFlags()
flag.StringVar(&appSettings.Fail2BanDbPath, "db", "", "path to the fail2ban sqlite database (deprecated)") return settings
flag.StringVar(&appSettings.Fail2BanSocketPath, "socket", "", "path to the fail2ban server socket") }
flag.Parse() func readParamsFromCli(settings *AppSettings) {
appSettings.validateFlags() versionMode := kingpin.
return appSettings Flag("version", "show version info and exit").
Short('v').
Default("false").
Bool()
socketPath := kingpin.
Flag("collector.f2b.socket", "path to the fail2ban server socket").
Default("/var/run/fail2ban/fail2ban.sock").
Envar(socketEnvName).
String()
fileCollectorPath := kingpin.
Flag("collector.textfile.directory", "directory to read text files with metrics from").
Default("").
Envar(fileCollectorPathEnvName).
String()
address := kingpin.
Flag("web.listen-address", "address to use for the metrics server").
Default(":9191").
Envar(addressEnvName).
String()
rawBasicAuthUsername := kingpin.
Flag("web.basic-auth.username", "username to use to protect endpoints with basic auth").
Default("").
Envar(basicAuthUserEnvName).
String()
rawBasicAuthPassword := kingpin.
Flag("web.basic-auth.password", "password to use to protect endpoints with basic auth").
Default("").
Envar(basicAuthPassEnvName).
String()
kingpin.Parse()
settings.VersionMode = *versionMode
settings.MetricsAddress = *address
settings.Fail2BanSocketPath = *socketPath
settings.FileCollectorPath = *fileCollectorPath
settings.setBasicAuthValues(*rawBasicAuthUsername, *rawBasicAuthPassword)
}
func (settings *AppSettings) setBasicAuthValues(rawUsername, rawPassword string) {
settings.BasicAuthProvider = newHashedBasicAuth(rawUsername, rawPassword)
} }
func (settings *AppSettings) validateFlags() { func (settings *AppSettings) validateFlags() {
var flagsValid = true var flagsValid = true
if !settings.VersionMode { if !settings.VersionMode {
if settings.Fail2BanDbPath == "" && settings.Fail2BanSocketPath == "" { if settings.Fail2BanSocketPath == "" {
fmt.Println("at least one of the following flags must be provided: 'db', 'socket'") fmt.Println("error: fail2ban socket path must not be blank")
flagsValid = false flagsValid = false
} }
if settings.MetricsPort < minServerPort || settings.MetricsPort > maxServerPort { if settings.MetricsAddress == "" {
fmt.Printf("invalid server port, must be within %d and %d (found %d)\n", fmt.Println("error: invalid server address, must not be blank")
minServerPort, maxServerPort, settings.MetricsPort) flagsValid = false
}
if (len(settings.BasicAuthProvider.username) > 0) != (len(settings.BasicAuthProvider.password) > 0) {
fmt.Println("error: to enable basic auth both the username and the password must be provided")
flagsValid = false flagsValid = false
} }
} }
if !flagsValid { if !flagsValid {
flag.Usage() kingpin.Usage()
os.Exit(1) os.Exit(1)
} }
} }

54
src/collector/f2b/collector.go Normal file
View File

@ -0,0 +1,54 @@
package f2b
import (
"fail2ban-prometheus-exporter/cfg"
"fail2ban-prometheus-exporter/socket"
"github.com/prometheus/client_golang/prometheus"
"log"
)
type Collector struct {
socketPath string
exporterVersion string
lastError error
socketConnectionErrorCount int
socketRequestErrorCount int
}
func NewExporter(appSettings *cfg.AppSettings, exporterVersion string) *Collector {
log.Printf("reading metrics from fail2ban socket: %s", appSettings.Fail2BanSocketPath)
return &Collector{
socketPath: appSettings.Fail2BanSocketPath,
exporterVersion: exporterVersion,
lastError: nil,
socketConnectionErrorCount: 0,
socketRequestErrorCount: 0,
}
}
func (c *Collector) Describe(ch chan<- *prometheus.Desc) {
ch <- metricServerUp
ch <- metricJailCount
ch <- metricJailFailedCurrent
ch <- metricJailFailedTotal
ch <- metricJailBannedCurrent
ch <- metricJailBannedTotal
ch <- metricErrorCount
}
func (c *Collector) Collect(ch chan<- prometheus.Metric) {
s, err := socket.ConnectToSocket(c.socketPath)
if err != nil {
log.Printf("error opening socket: %v", err)
c.socketConnectionErrorCount++
} else {
defer s.Close()
}
c.collectServerUpMetric(ch, s)
if err == nil && s != nil {
c.collectJailMetrics(ch, s)
c.collectVersionMetric(ch, s)
}
c.collectErrorCountMetric(ch)
}

179
src/collector/f2b/socket.go Normal file
View File

@ -0,0 +1,179 @@
package f2b
import (
"fail2ban-prometheus-exporter/socket"
"github.com/prometheus/client_golang/prometheus"
"log"
)
const (
namespace = "f2b"
)
var (
metricErrorCount = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "errors"),
"Number of errors found since startup",
[]string{"type"}, nil,
)
metricServerUp = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "up"),
"Check if the fail2ban server is up",
nil, nil,
)
metricJailCount = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_count"),
"Number of defined jails",
nil, nil,
)
metricJailFailedCurrent = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_failed_current"),
"Number of current failures on this jail's filter",
[]string{"jail"}, nil,
)
metricJailFailedTotal = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_failed_total"),
"Number of total failures on this jail's filter",
[]string{"jail"}, nil,
)
metricJailBannedCurrent = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_banned_current"),
"Number of IPs currently banned in this jail",
[]string{"jail"}, nil,
)
metricJailBannedTotal = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_banned_total"),
"Total number of IPs banned by this jail (includes expired bans)",
[]string{"jail"}, nil,
)
metricJailBanTime = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "config", "jail_ban_time"),
"How long an IP is banned for in this jail (in seconds)",
[]string{"jail"}, nil,
)
metricJailFindTime = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "config", "jail_find_time"),
"How far back will the filter look for failures in this jail (in seconds)",
[]string{"jail"}, nil,
)
metricJailMaxRetry = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "config", "jail_max_retries"),
"The number of failures allowed until the IP is banned by this jail",
[]string{"jail"}, nil,
)
metricVersionInfo = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "version"),
"Version of the exporter and fail2ban server",
[]string{"exporter", "fail2ban"}, nil,
)
)
func (c *Collector) collectErrorCountMetric(ch chan<- prometheus.Metric) {
ch <- prometheus.MustNewConstMetric(
metricErrorCount, prometheus.CounterValue, float64(c.socketConnectionErrorCount), "socket_conn",
)
ch <- prometheus.MustNewConstMetric(
metricErrorCount, prometheus.CounterValue, float64(c.socketRequestErrorCount), "socket_req",
)
}
func (c *Collector) collectServerUpMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
var serverUp float64 = 0
if s != nil {
pingSuccess, err := s.Ping()
if err != nil {
c.socketRequestErrorCount++
log.Print(err)
}
if err == nil && pingSuccess {
serverUp = 1
}
}
ch <- prometheus.MustNewConstMetric(
metricServerUp, prometheus.GaugeValue, serverUp,
)
}
func (c *Collector) collectJailMetrics(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
jails, err := s.GetJails()
var count float64 = 0
if err != nil {
c.socketRequestErrorCount++
log.Print(err)
}
if err == nil {
count = float64(len(jails))
}
ch <- prometheus.MustNewConstMetric(
metricJailCount, prometheus.GaugeValue, count,
)
for i := range jails {
c.collectJailStatsMetric(ch, s, jails[i])
c.collectJailConfigMetrics(ch, s, jails[i])
}
}
func (c *Collector) collectJailStatsMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket, jail string) {
stats, err := s.GetJailStats(jail)
if err != nil {
c.socketRequestErrorCount++
log.Printf("failed to get stats for jail %s: %v", jail, err)
return
}
ch <- prometheus.MustNewConstMetric(
metricJailFailedCurrent, prometheus.GaugeValue, float64(stats.FailedCurrent), jail,
)
ch <- prometheus.MustNewConstMetric(
metricJailFailedTotal, prometheus.GaugeValue, float64(stats.FailedTotal), jail,
)
ch <- prometheus.MustNewConstMetric(
metricJailBannedCurrent, prometheus.GaugeValue, float64(stats.BannedCurrent), jail,
)
ch <- prometheus.MustNewConstMetric(
metricJailBannedTotal, prometheus.GaugeValue, float64(stats.BannedTotal), jail,
)
}
func (c *Collector) collectJailConfigMetrics(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket, jail string) {
banTime, err := s.GetJailBanTime(jail)
if err != nil {
c.socketRequestErrorCount++
log.Printf("failed to get ban time for jail %s: %v", jail, err)
} else {
ch <- prometheus.MustNewConstMetric(
metricJailBanTime, prometheus.GaugeValue, float64(banTime), jail,
)
}
findTime, err := s.GetJailFindTime(jail)
if err != nil {
c.socketRequestErrorCount++
log.Printf("failed to get find time for jail %s: %v", jail, err)
} else {
ch <- prometheus.MustNewConstMetric(
metricJailFindTime, prometheus.GaugeValue, float64(findTime), jail,
)
}
maxRetry, err := s.GetJailMaxRetries(jail)
if err != nil {
c.socketRequestErrorCount++
log.Printf("failed to get max retries for jail %s: %v", jail, err)
} else {
ch <- prometheus.MustNewConstMetric(
metricJailMaxRetry, prometheus.GaugeValue, float64(maxRetry), jail,
)
}
}
func (c *Collector) collectVersionMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
fail2banVersion, err := s.GetServerVersion()
if err != nil {
c.socketRequestErrorCount++
log.Printf("failed to get fail2ban server version: %v", err)
}
ch <- prometheus.MustNewConstMetric(
metricVersionInfo, prometheus.GaugeValue, float64(1), c.exporterVersion, fail2banVersion,
)
}

48
src/collector/textfile/collector.go Normal file
View File

@ -0,0 +1,48 @@
package textfile
import (
"fail2ban-prometheus-exporter/cfg"
"github.com/prometheus/client_golang/prometheus"
"log"
)
type Collector struct {
enabled bool
folderPath string
fileMap map[string]*fileData
}
type fileData struct {
readErrors int
fileName string
fileContents []byte
}
func NewCollector(appSettings *cfg.AppSettings) *Collector {
collector := &Collector{
enabled: appSettings.FileCollectorPath != "",
folderPath: appSettings.FileCollectorPath,
fileMap: make(map[string]*fileData),
}
if collector.enabled {
log.Printf("reading textfile metrics from: %s", collector.folderPath)
}
return collector
}
func (c *Collector) Describe(ch chan<- *prometheus.Desc) {
if c.enabled {
ch <- metricReadError
}
}
func (c *Collector) Collect(ch chan<- prometheus.Metric) {
if c.enabled {
c.collectFileContents()
c.collectFileErrors(ch)
}
}
func (c *Collector) appendErrorForPath(path string) {
c.fileMap[path].readErrors++
}

55
src/collector/textfile/file.go Normal file
View File

@ -0,0 +1,55 @@
package textfile
import (
"github.com/prometheus/client_golang/prometheus"
"io/ioutil"
"log"
"path/filepath"
"strings"
)
const namespace = "textfile"
var (
metricReadError = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "error"),
"Checks for errors while reading text files",
[]string{"path"}, nil,
)
)
func (c *Collector) collectFileContents() {
files, err := ioutil.ReadDir(c.folderPath)
if err != nil {
log.Printf("error reading directory '%s': %v", c.folderPath, err)
return
}
for _, file := range files {
fileName := file.Name()
if !strings.HasSuffix(strings.ToLower(fileName), ".prom") {
continue
}
c.fileMap[fileName] = &fileData{
readErrors: 0,
fileName: fileName,
}
fullPath := filepath.Join(c.folderPath, fileName)
content, err := ioutil.ReadFile(fullPath)
if err != nil {
c.appendErrorForPath(fileName)
log.Printf("error reading contents of file '%s': %v", fileName, err)
}
c.fileMap[fileName].fileContents = content
}
}
func (c *Collector) collectFileErrors(ch chan<- prometheus.Metric) {
for _, f := range c.fileMap {
ch <- prometheus.MustNewConstMetric(
metricReadError, prometheus.GaugeValue, float64(f.readErrors), f.fileName,
)
}
}

20
src/collector/textfile/writer.go Normal file
View File

@ -0,0 +1,20 @@
package textfile
import (
"log"
"net/http"
)
func (c *Collector) WriteTextFileMetrics(w http.ResponseWriter, r *http.Request) {
if !c.enabled {
return
}
for _, f := range c.fileMap {
_, err := w.Write(f.fileContents)
if err != nil {
c.appendErrorForPath(f.fileName)
log.Printf("error writing file contents to response writer '%s': %v", f.fileName, err)
}
}
}

84
src/db/db.go
View File

@ -1,84 +0,0 @@
package db
import (
"database/sql"
"log"
"os"
)
const queryBadIpsPerJail = "SELECT j.name, (SELECT COUNT(1) FROM bips b WHERE j.name = b.jail) FROM jails j"
const queryBannedIpsPerJail = "SELECT j.name, (SELECT COUNT(1) FROM bans b WHERE j.name = b.jail AND b.timeofban + b.bantime >= strftime('%s','now') + 0) FROM jails j"
const queryJailNameToEnabled = "SELECT j.name, j.enabled FROM jails j"
type Fail2BanDB struct {
DatabasePath string
sqliteDB *sql.DB
}
func MustConnectToDb(databasePath string) *Fail2BanDB {
if _, err := os.Stat(databasePath); os.IsNotExist(err) {
log.Fatalf("database path does not exist: %v", err)
}
db, err := sql.Open("sqlite3", databasePath)
if err != nil {
log.Fatal(err)
}
return &Fail2BanDB{
DatabasePath: databasePath,
sqliteDB: db,
}
}
func (db *Fail2BanDB) CountBannedIpsPerJail() (map[string]int, error) {
return db.RunJailNameToCountQuery(queryBannedIpsPerJail)
}
func (db *Fail2BanDB) CountBadIpsPerJail() (map[string]int, error) {
return db.RunJailNameToCountQuery(queryBadIpsPerJail)
}
func (db *Fail2BanDB) JailNameToEnabledValue() (map[string]int, error) {
return db.RunJailNameToCountQuery(queryJailNameToEnabled)
}
func (db *Fail2BanDB) RunJailNameToCountQuery(query string) (map[string]int, error) {
stmt, err := db.sqliteDB.Prepare(query)
defer db.mustCloseStatement(stmt)
if err != nil {
return nil, err
}
jailNameToCountMap := map[string]int{}
rows, err := stmt.Query()
if err != nil {
return nil, err
}
if rows == nil {
return jailNameToCountMap, nil
}
for rows.Next() {
if rows.Err() != nil {
return nil, err
}
jailName := ""
count := 0
err = rows.Scan(&jailName, &count)
if err != nil {
return nil, err
}
jailNameToCountMap[jailName] = count
}
return jailNameToCountMap, nil
}
func (db *Fail2BanDB) mustCloseStatement(stmt *sql.Stmt) {
if stmt != nil {
err := stmt.Close()
if err != nil {
log.Fatal(err)
}
}
}

338
src/exporter.go
View File

@ -1,21 +1,22 @@
package main package main
import ( import (
"fail2ban-prometheus-exporter/auth"
"fail2ban-prometheus-exporter/cfg" "fail2ban-prometheus-exporter/cfg"
fail2banDb "fail2ban-prometheus-exporter/db" "fail2ban-prometheus-exporter/collector/f2b"
"fail2ban-prometheus-exporter/socket" "fail2ban-prometheus-exporter/collector/textfile"
"fmt" "fmt"
"log"
"net/http"
_ "github.com/mattn/go-sqlite3"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp" "github.com/prometheus/client_golang/prometheus/promhttp"
"log"
"net/http"
"os"
"os/signal"
"syscall"
) )
const ( const (
deprecatedNamespace = "fail2ban" metricsPath = "/metrics"
namespace = "f2b"
) )
var ( var (
@ -23,279 +24,80 @@ var (
commit = "none" commit = "none"
date = "unknown" date = "unknown"
builtBy = "unknown" builtBy = "unknown"
deprecatedMetricUp = prometheus.NewDesc(
prometheus.BuildFQName(deprecatedNamespace, "", "up"),
"(Deprecated) Was the last fail2ban query successful.",
nil, nil,
)
deprecatedMetricBannedIpsPerJail = prometheus.NewDesc(
prometheus.BuildFQName(deprecatedNamespace, "", "banned_ips"),
"(Deprecated) Number of banned IPs stored in the database (per jail).",
[]string{"jail"}, nil,
)
deprecatedMetricBadIpsPerJail = prometheus.NewDesc(
prometheus.BuildFQName(deprecatedNamespace, "", "bad_ips"),
"(Deprecated) Number of bad IPs stored in the database (per jail).",
[]string{"jail"}, nil,
)
deprecatedMetricEnabledJails = prometheus.NewDesc(
prometheus.BuildFQName(deprecatedNamespace, "", "enabled_jails"),
"(Deprecated) Enabled jails.",
[]string{"jail"}, nil,
)
deprecatedMetricErrorCount = prometheus.NewDesc(
prometheus.BuildFQName(deprecatedNamespace, "", "errors"),
"(Deprecated) Number of errors found since startup.",
[]string{"type"}, nil,
)
metricErrorCount = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "errors"),
"Number of errors found since startup",
[]string{"type"}, nil,
)
metricServerUp = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "up"),
"Check if the fail2ban server is up",
nil, nil,
)
metricJailCount = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_count"),
"Number of defined jails",
nil, nil,
)
metricJailFailedCurrent = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_failed_current"),
"Number of current failures on this jail's filter",
[]string{"jail"}, nil,
)
metricJailFailedTotal = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_failed_total"),
"Number of total failures on this jail's filter",
[]string{"jail"}, nil,
)
metricJailBannedCurrent = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_banned_current"),
"Number of IPs currently banned in this jail",
[]string{"jail"}, nil,
)
metricJailBannedTotal = prometheus.NewDesc(
prometheus.BuildFQName(namespace, "", "jail_banned_total"),
"Total number of IPs banned by this jail (includes expired bans)",
[]string{"jail"}, nil,
)
) )
type Exporter struct {
db *fail2banDb.Fail2BanDB
socketPath string
lastError error
dbErrorCount int
socketConnectionErrorCount int
socketRequestErrorCount int
}
func (e *Exporter) Describe(ch chan<- *prometheus.Desc) {
if e.db != nil {
ch <- deprecatedMetricUp
ch <- deprecatedMetricBadIpsPerJail
ch <- deprecatedMetricBannedIpsPerJail
ch <- deprecatedMetricEnabledJails
ch <- deprecatedMetricErrorCount
}
if e.socketPath != "" {
ch <- metricServerUp
ch <- metricJailCount
ch <- metricJailFailedCurrent
ch <- metricJailFailedTotal
ch <- metricJailBannedCurrent
ch <- metricJailBannedTotal
}
ch <- metricErrorCount
}
func (e *Exporter) Collect(ch chan<- prometheus.Metric) {
if e.db != nil {
e.collectDeprecatedBadIpsPerJailMetrics(ch)
e.collectDeprecatedBannedIpsPerJailMetrics(ch)
e.collectDeprecatedEnabledJailMetrics(ch)
e.collectDeprecatedUpMetric(ch)
e.collectDeprecatedErrorCountMetric(ch)
}
if e.socketPath != "" {
s, err := socket.ConnectToSocket(e.socketPath)
if err != nil {
log.Printf("error opening socket: %v", err)
e.socketConnectionErrorCount++
} else {
defer s.Close()
}
e.collectServerUpMetric(ch, s)
if err == nil && s != nil {
e.collectJailMetrics(ch, s)
}
}
e.collectErrorCountMetric(ch)
}
func (e *Exporter) collectDeprecatedUpMetric(ch chan<- prometheus.Metric) {
var upMetricValue float64 = 1
if e.lastError != nil {
upMetricValue = 0
}
ch <- prometheus.MustNewConstMetric(
deprecatedMetricUp, prometheus.GaugeValue, upMetricValue,
)
}
func (e *Exporter) collectDeprecatedErrorCountMetric(ch chan<- prometheus.Metric) {
ch <- prometheus.MustNewConstMetric(
deprecatedMetricErrorCount, prometheus.CounterValue, float64(e.dbErrorCount), "db",
)
}
func (e *Exporter) collectDeprecatedBadIpsPerJailMetrics(ch chan<- prometheus.Metric) {
jailNameToCountMap, err := e.db.CountBadIpsPerJail()
e.lastError = err
if err != nil {
e.dbErrorCount++
log.Print(err)
}
for jailName, count := range jailNameToCountMap {
ch <- prometheus.MustNewConstMetric(
deprecatedMetricBadIpsPerJail, prometheus.GaugeValue, float64(count), jailName,
)
}
}
func (e *Exporter) collectDeprecatedBannedIpsPerJailMetrics(ch chan<- prometheus.Metric) {
jailNameToCountMap, err := e.db.CountBannedIpsPerJail()
e.lastError = err
if err != nil {
e.dbErrorCount++
log.Print(err)
}
for jailName, count := range jailNameToCountMap {
ch <- prometheus.MustNewConstMetric(
deprecatedMetricBannedIpsPerJail, prometheus.GaugeValue, float64(count), jailName,
)
}
}
func (e *Exporter) collectDeprecatedEnabledJailMetrics(ch chan<- prometheus.Metric) {
jailNameToEnabledMap, err := e.db.JailNameToEnabledValue()
e.lastError = err
if err != nil {
e.dbErrorCount++
log.Print(err)
}
for jailName, count := range jailNameToEnabledMap {
ch <- prometheus.MustNewConstMetric(
deprecatedMetricEnabledJails, prometheus.GaugeValue, float64(count), jailName,
)
}
}
func (e *Exporter) collectErrorCountMetric(ch chan<- prometheus.Metric) {
ch <- prometheus.MustNewConstMetric(
metricErrorCount, prometheus.CounterValue, float64(e.dbErrorCount), "db",
)
ch <- prometheus.MustNewConstMetric(
metricErrorCount, prometheus.CounterValue, float64(e.socketConnectionErrorCount), "socket_conn",
)
ch <- prometheus.MustNewConstMetric(
metricErrorCount, prometheus.CounterValue, float64(e.socketRequestErrorCount), "socket_req",
)
}
func (e *Exporter) collectServerUpMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
var serverUp float64 = 0
if s != nil {
pingSuccess, err := s.Ping()
if err != nil {
e.socketRequestErrorCount++
log.Print(err)
}
if err == nil && pingSuccess {
serverUp = 1
}
}
ch <- prometheus.MustNewConstMetric(
metricServerUp, prometheus.GaugeValue, serverUp,
)
}
func (e *Exporter) collectJailMetrics(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket) {
jails, err := s.GetJails()
var count float64 = 0
if err != nil {
e.socketRequestErrorCount++
log.Print(err)
}
if err == nil {
count = float64(len(jails))
}
ch <- prometheus.MustNewConstMetric(
metricJailCount, prometheus.GaugeValue, count,
)
for i := range jails {
e.collectJailStatsMetric(ch, s, jails[i])
}
}
func (e *Exporter) collectJailStatsMetric(ch chan<- prometheus.Metric, s *socket.Fail2BanSocket, jail string) {
stats, err := s.GetJailStats(jail)
if err != nil {
e.socketRequestErrorCount++
log.Printf("failed to get stats for jail %s: %v", jail, err)
return
}
ch <- prometheus.MustNewConstMetric(
metricJailFailedCurrent, prometheus.GaugeValue, float64(stats.FailedCurrent), jail,
)
ch <- prometheus.MustNewConstMetric(
metricJailFailedTotal, prometheus.GaugeValue, float64(stats.FailedTotal), jail,
)
ch <- prometheus.MustNewConstMetric(
metricJailBannedCurrent, prometheus.GaugeValue, float64(stats.BannedCurrent), jail,
)
ch <- prometheus.MustNewConstMetric(
metricJailBannedTotal, prometheus.GaugeValue, float64(stats.BannedTotal), jail,
)
}
func printAppVersion() { func printAppVersion() {
fmt.Println(version) fmt.Println(version)
fmt.Printf(" build date: %s\r\n commit hash: %s\r\n built by: %s\r\n", date, commit, builtBy) fmt.Printf(" build date: %s\r\n commit hash: %s\r\n built by: %s\r\n", date, commit, builtBy)
} }
func rootHtmlHandler(w http.ResponseWriter, r *http.Request) {
_, err := w.Write([]byte(
`<html>
<head><title>Fail2Ban Exporter</title></head>
<body>
<h1>Fail2Ban Exporter</h1>
<p><a href="` + metricsPath + `">Metrics</a></p>
</body>
</html>`))
if err != nil {
log.Printf("error handling root url: %v", err)
w.WriteHeader(http.StatusInternalServerError)
}
}
func metricHandler(w http.ResponseWriter, r *http.Request, collector *textfile.Collector) {
promhttp.Handler().ServeHTTP(w, r)
collector.WriteTextFileMetrics(w, r)
}
func main() { func main() {
appSettings := cfg.Parse() appSettings := cfg.Parse()
if appSettings.VersionMode { if appSettings.VersionMode {
printAppVersion() printAppVersion()
} else { } else {
log.Print("starting fail2ban exporter") handleGracefulShutdown()
log.Printf("fail2ban exporter version %s", version)
log.Printf("starting server at %s", appSettings.MetricsAddress)
exporter := &Exporter{} f2bCollector := f2b.NewExporter(appSettings, version)
if appSettings.Fail2BanDbPath != "" { prometheus.MustRegister(f2bCollector)
log.Print("database-based metrics have been deprecated and will be removed in a future release")
exporter.db = fail2banDb.MustConnectToDb(appSettings.Fail2BanDbPath)
}
if appSettings.Fail2BanSocketPath != "" {
exporter.socketPath = appSettings.Fail2BanSocketPath
}
prometheus.MustRegister(exporter)
http.Handle("/metrics", promhttp.Handler()) textFileCollector := textfile.NewCollector(appSettings)
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", appSettings.MetricsPort), nil)) prometheus.MustRegister(textFileCollector)
http.HandleFunc("/", auth.BasicAuthMiddleware(rootHtmlHandler, appSettings.BasicAuthProvider))
http.HandleFunc(metricsPath, auth.BasicAuthMiddleware(
func(w http.ResponseWriter, r *http.Request) {
metricHandler(w, r, textFileCollector)
},
appSettings.BasicAuthProvider,
))
log.Printf("metrics available at '%s'", metricsPath)
if appSettings.BasicAuthProvider.Enabled() {
log.Printf("basic auth enabled")
}
svrErr := make(chan error)
go func() {
svrErr <- http.ListenAndServe(appSettings.MetricsAddress, nil)
}()
log.Print("ready")
err := <-svrErr
log.Print(err)
} }
} }
func handleGracefulShutdown() {
var signals = make(chan os.Signal)
signal.Notify(signals, syscall.SIGTERM)
signal.Notify(signals, syscall.SIGINT)
go func() {
sig := <-signals
log.Printf("caught signal: %+v", sig)
os.Exit(0)
}()
}

2
src/go.mod
View File

@ -4,7 +4,7 @@ go 1.15
require ( require (
github.com/kisielk/og-rek v1.1.0 github.com/kisielk/og-rek v1.1.0
github.com/mattn/go-sqlite3 v1.14.6
github.com/nlpodyssey/gopickle v0.1.0 github.com/nlpodyssey/gopickle v0.1.0
github.com/prometheus/client_golang v1.9.0 github.com/prometheus/client_golang v1.9.0
gopkg.in/alecthomas/kingpin.v2 v2.2.6
) )

12
src/go.sum
View File

@ -7,9 +7,11 @@ github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMx
github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d h1:UQZhZ2O0vMHr2cI+DC1Mbh0TJxzA3RcLoMsFw+aXw7E=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@ -40,6 +42,7 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
@ -142,8 +145,10 @@ github.com/kisielk/og-rek v1.1.0/go.mod h1:6ihsOSzSAxR/65S3Bn9zNihoEqRquhDQZ2c6I
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
@ -152,8 +157,6 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
@ -204,6 +207,7 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@ -257,6 +261,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
@ -381,9 +386,11 @@ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miE
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
@ -397,6 +404,7 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

45
src/socket/fail2banSocket.go
View File

@ -118,6 +118,51 @@ func (s *Fail2BanSocket) GetJailStats(jail string) (JailStats, error) {
return stats, newBadFormatError(statusCommand, response) return stats, newBadFormatError(statusCommand, response)
} }
func (s *Fail2BanSocket) GetJailBanTime(jail string) (int, error) {
command := fmt.Sprintf(banTimeCommandFmt, jail)
return s.sendSimpleIntCommand(command)
}
func (s *Fail2BanSocket) GetJailFindTime(jail string) (int, error) {
command := fmt.Sprintf(findTimeCommandFmt, jail)
return s.sendSimpleIntCommand(command)
}
func (s *Fail2BanSocket) GetJailMaxRetries(jail string) (int, error) {
command := fmt.Sprintf(maxRetriesCommandFmt, jail)
return s.sendSimpleIntCommand(command)
}
func (s *Fail2BanSocket) GetServerVersion() (string, error) {
response, err := s.sendCommand([]string{versionCommand})
if err != nil {
return "", err
}
if lvl1, ok := response.(*types.Tuple); ok {
if versionStr, ok := lvl1.Get(1).(string); ok {
return versionStr, nil
}
}
return "", newBadFormatError(versionCommand, response)
}
// sendSimpleIntCommand sends a command to the fail2ban socket and parses the response to extract an int.
// This command assumes that the response data is in the format of `(d, d)` where `d` is a number.
func (s *Fail2BanSocket) sendSimpleIntCommand(command string) (int, error) {
response, err := s.sendCommand(strings.Split(command, " "))
if err != nil {
return -1, err
}
if lvl1, ok := response.(*types.Tuple); ok {
if banTime, ok := lvl1.Get(1).(int); ok {
return banTime, nil
}
}
return -1, newBadFormatError(command, response)
}
func newBadFormatError(command string, data interface{}) error { func newBadFormatError(command string, data interface{}) error {
return fmt.Errorf("(%s) unexpected response format - cannot parse: %v", command, data) return fmt.Errorf("(%s) unexpected response format - cannot parse: %v", command, data)
} }

6
src/socket/protocol.go
View File

@ -11,6 +11,10 @@ const (
commandTerminator = "<F2B_END_COMMAND>" commandTerminator = "<F2B_END_COMMAND>"
pingCommand = "ping" pingCommand = "ping"
statusCommand = "status" statusCommand = "status"
versionCommand = "version"
banTimeCommandFmt = "get %s bantime"
findTimeCommandFmt = "get %s findtime"
maxRetriesCommandFmt = "get %s maxretry"
socketReadBufferSize = 1024 socketReadBufferSize = 1024
) )
@ -55,7 +59,7 @@ func (s *Fail2BanSocket) read() (interface{}, error) {
unpickler := pickle.NewUnpickler(bufReader) unpickler := pickle.NewUnpickler(bufReader)
unpickler.FindClass = func(module, name string) (interface{}, error) { unpickler.FindClass = func(module, name string) (interface{}, error) {
if module == "builtins" && name == "str" { if (module == "builtins" || module == "__builtin__") && name == "str" {
return &Py_builtins_str{}, nil return &Py_builtins_str{}, nil
} }
return nil, fmt.Errorf("class not found: " + module + " : " + name) return nil, fmt.Errorf("class not found: " + module + " : " + name)