From 56b1db7d2647232f9d008a0956f56e18f47ee32a Mon Sep 17 00:00:00 2001
From: Fredrik Wahlberg <fredrik@wahlberg.se>
Date: Sun, 18 Apr 2010 14:40:54 +0000
Subject: [PATCH] Lade till SSHD, fixade taket i denyhosts

---
 denyhosts |  2 +-
 sshd_log  | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100755 sshd_log

diff --git a/denyhosts b/denyhosts
index 39c2191..283035d 100755
--- a/denyhosts
+++ b/denyhosts
@@ -26,7 +26,7 @@ if [ "$1" = "config" ]; then
 	echo 'graph_period second'
 	echo 'graph_info This graph shows the current number of blocked hosts for SSHD.'
 	echo 'blocked.label active'
-	echo 'blocked.max 1000'
+	echo 'blocked.max 5000'
 	echo 'blocked.min 0'
 	echo 'blocked.info The number of active blocked hosts.'
 	exit 0
diff --git a/sshd_log b/sshd_log
new file mode 100755
index 0000000..58f513f
--- /dev/null
+++ b/sshd_log
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Plugin to monitor auth.log for sshd server events.
+#
+# Require read permitions for $LOG
+#  (set in /etc/munin/plugin-conf.d/munin-node on debian)
+# On busy servers you can change value type to COUNTER and set min to 0 to avoid minus peaks at logrotate
+#
+# $Log$
+# Revision 1.2  2010/03/19 15:03:00  pmoranga
+# Revision 1.1  2009/04/26 23:28:00  ckujau
+# Revision 1.0  2009/04/22 22:00:00  zlati
+# Initial revision
+#
+# Parameters:
+#
+#       config   (required)
+#       autoconf (optional - used by munin-config)
+#
+# Magick markers (optional):
+#%# family=auto
+#%# capabilities=autoconf
+
+# config example for /etc/munin/plugin-conf.d/munin-node
+#[sshd_log]
+#user root
+#group root
+#env.logfile /var/log/messages
+#env.category users
+#
+
+LOG=${logfile:-/var/log/secure}
+CATEGORY=${category:-system}
+
+
+if [ "$1" = "autoconf" ]; then
+        if [ -r "$LOG" ]; then
+                echo yes
+                exit 0
+        else
+                echo no
+                exit 1
+        fi
+fi
+
+if [ "$1" = "config" ]; then
+
+        echo 'graph_title SSHD login stats from' $LOG
+        echo 'graph_args --base 1000 -l 0'
+        echo 'graph_vlabel logins'
+        echo 'graph_category' $CATEGORY
+
+        echo 'LogPass.label Successful password logins'
+        echo 'LogPassPAM.label Successful login via PAM'
+        echo 'LogKey.label Successful PublicKey logins'
+        echo 'NoID.label No identification from user'
+        echo 'rootAttempt.label Root login attempts'
+        echo 'InvUsr.label Invalid user login attepmts'
+        echo 'NoRDNS.label No reverse DNS for peer'
+        echo 'Breakin.label Potential Breakin Attempts'
+        exit 0
+fi
+
+awk 'BEGIN{c["LogPass"]=0;c["LogKey"]=0;c["NoID"]=0;c["rootAttempt"]=0;c["InvUsr"]=0;c["LogPassPAM"]=0;c["Breakin"]=0;c["NoRDNS"]=0; }
+     /sshd\[.*Accepted password for/{c["LogPass"]++}
+     /sshd\[.*Accepted publickey for/{c["LogKey"]++}
+     /sshd\[.*Did not receive identification string/{c["NoID"]++}
+     /sshd\[.*Failed password for root/{c["rootAttempt"]++}
+     /sshd\[.*Invalid user/{c["InvUsr"]++}
+     /sshd\[.*POSSIBLE BREAK-IN ATTEMPT!/{c["Breakin"]++}
+     /sshd\[.*keyboard-interactive\/pam/{c["LogPassPAM"]++}
+     /sshd\[.*reverse mapping checking getaddrinfo/{c["NoRDNS"]++}a
+     END{for(i in c){print i".value " c[i]} }' < $LOG
\ No newline at end of file