Added fail2ban - Log to the monitor (if installed at the server).

Updated installation-Instruction for debian

Author: vogelor

INSTALL_DEBIAN_4.0.txt

@@ -133,29 +133,34 @@ make
 make install
 rm -rf jailkit-2.5*
 
+8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
+More info at: http://www.howtoforge.com/fail2ban_debian_etch
 
-8) Install ISPConfig 3
+apt-get install fail2ban
+
+
+9) Install ISPConfig 3
 
 There are two possile scenarios, but not both:
-8.1) Install the latest released version 
-8.2) Install directly from SVN
+9.1) Install the latest released version 
+9.2) Install directly from SVN
 
-8.1) Installation of last version from tar.gz
+9.1) Installation of last version from tar.gz
 
   cd /tmp
   wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz
   tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz
   cd ispconfig3_install/install/
 
-8.2) Installation from SVN
+9.2) Installation from SVN
 
   apt-get install subversion
   cd /tmp
   svn export svn://svn.ispconfig.org/ispconfig3/trunk/
   cd trunk/install
 
 
-8.1+8.2) Now proceed with the ISPConfig installation.
+9.1+9.2) Now proceed with the ISPConfig installation.
 
 Now start the installation process by executing:
 
@@ -205,5 +210,4 @@ done
 Optional packages recommended:
 
 denyhosts - a utility to help sys admins thwart ssh crackers
-fail2ban - Preventing Brute Force Attacks - http://www.howtoforge.com/fail2ban_debian_etch
 rsync - fast remote file copy program (for backup)

INSTALL_DEBIAN_LENNY.txt

@@ -232,29 +232,45 @@ update-rc.d mydns defaults
 
 apt-get install vlogger webalizer
 
+7) Install Jailkit (optional, only needed if you want to use chrroting for SSH users)
 
-7) Install ISPConfig 3
+apt-get install build-essential autoconf automake1.9 libtool flex bison
+cd /tmp
+wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
+tar xvfz jailkit-2.5.tar.gz
+cd jailkit-2.5
+./configure
+make
+make install
+rm -rf jailkit-2.5*
+
+8) Install fail2ban (optional but recomended, because the monitor tries to show the log)
+More info at: http://www.howtoforge.com/fail2ban_debian_etch
+
+apt-get install fail2ban
+
+9) Install ISPConfig 3
 
 # There are two possile scenarios, but not both:
-7.1) Install the latest released version 
-7.2) Install directly from SVN
+9.1) Install the latest released version 
+9.2) Install directly from SVN
 
-7.1) Installation of last version from tar.gz
+9.1) Installation of last version from tar.gz
 
   cd /tmp
   wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.8-rc1.tar.gz
   tar xvfz ISPConfig-3.0.0.8-rc1.tar.gz
   cd ispconfig3_install/install/
 
-7.2) Installation from SVN
+9.2) Installation from SVN
 
   apt-get install subversion
   cd /tmp
   svn export svn://svn.ispconfig.org/ispconfig3/trunk/
   cd trunk/install
 
 
-7.1+7.2) Now proceed with the ISPConfig installation.
+9.1+9.2) Now proceed with the ISPConfig installation.
 
 # Now start the installation process by executing:
 
@@ -304,21 +320,8 @@ done
 
 ----------------------------------------------------------------------------------------------------------
 
-Installing Jailkit:
-
-apt-get install build-essential autoconf automake1.9 libtool flex bison
-cd /tmp
-wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
-tar xvfz jailkit-2.5.tar.gz
-cd jailkit-2.5
-./configure
-make
-make install
-rm -rf jailkit-2.5*
-----------------------------------------------------------------------------------------------------------
 
 Optional recommended packages:
 
 denyhosts - a utility to help sys admins thwart ssh crackers
-fail2ban - Like denyhosts but updates firewall rules to reject/drop the IP address and supports many more apps
 rsync - fast remote file copy program (for backup)

interface/web/monitor/lib/module.conf.php

@@ -150,6 +150,10 @@
                   'target' 	=> 'content',
                   'link'	=> 'monitor/show_data.php?type=rkhunter');
 
+$items[] = array( 'title' 	=> "Show fail2ban-Log",
+                  'target' 	=> 'content',
+                  'link'	=> 'monitor/show_data.php?type=fail2ban');
+
 $module["nav"][] = array(	'title'	=> 'Logfiles',
                             'open' 	=> 1,
                             'items'	=> $items);

interface/web/monitor/show_data.php

@@ -110,6 +110,13 @@
         $title = $app->lng("monitor_title_rkhunterlog_txt"). ' ('. $monTransSrv .' : ' . $_SESSION['monitor']['server_name'] . ')';
         $description = '';
         break;
+    case 'fail2ban':
+        $template = 'templates/show_data.htm';
+        $output .= showFail2ban();
+        $time = getDataTime('fail2ban');
+        $title = 'fail2ban - Log (' . $monTransSrv . ' : ' . $_SESSION['monitor']['server_name'] . ')';
+        $description = '';
+        break;
     default:
         $template = '';
         break;

interface/web/monitor/tools.inc.php

@@ -374,7 +374,7 @@ function showRKHunter()
 
         /*
          * First, we have to detect, if there is any monitoring-data.
-         * If not (because the destribution is not supported) show this.
+         * If not (because rkhunter is not installed) show this.
          */
         $data = unserialize($record['data']);
         if ($data['output'] == ''){
@@ -392,6 +392,42 @@ function showRKHunter()
     return $html;
 }
 
+function showFail2ban()
+{
+    global $app;
+
+    /* fetch the Data from the DB */
+    $record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+
+    if(isset($record['data'])) {
+        $html =
+           '<div class="systemmonitor-state state-'.$record['state'].'">
+            <div class="systemmonitor-content icons32 ico-'.$record['state'].'">';
+
+        /*
+         * First, we have to detect, if there is any monitoring-data.
+         * If not (because fail2ban is not installed) show this.
+         */
+        $data = unserialize($record['data']);
+        if ($data == ''){
+            $html .= '<p>'.
+			'fail2ban is not installed at this server.<br />' .
+			'See more (for debian) <a href="http://www.howtoforge.net/fail2ban_debian_etch" target="htf">here...</a>'.
+			'</p>';
+        }
+        else {
+            $html .= nl2br($data);
+        }
+        $html .= '</div></div>';
+
+    } else {
+        $html = '<p>There is no data available at the moment.</p>';
+    }
+
+    return $html;
+}
+
+
 function showMailq()
 {
     global $app;

server/mods-available/monitor_core_module.inc.php

@@ -121,6 +121,7 @@ function doMonitor()
         $this->monitorMailQueue();
         $this->monitorRaid();
         $this->monitorRkHunter();
+		$this->monitorFail2ban();
         $this->monitorSysLog();
     }
 
@@ -748,6 +749,58 @@ function monitorRkHunter(){
         $this->_delOldRecords($type, 0, 2);
     }
 
+    function monitorFail2ban(){
+        global $app;
+        global $conf;
+
+        /* the id of the server as int */
+        $server_id = intval($conf["server_id"]);
+
+        /** The type of the data */
+        $type = 'log_fail2ban';
+
+        /* This monitoring is only available if fail2ban is installed */
+        $location = shell_exec('which fail2ban-client');
+        if($location != ''){
+			/*  Get the data of the log */
+			$data = $this->_getLogData($type);
+
+            /*
+             * At this moment, there is no state (maybe later)
+             */
+            $state = 'no_state';
+        }
+        else {
+            /*
+             * fail2ban is not installed, so there is no data and no state
+             *
+             * no_state, NOT unknown, because "unknown" is shown as state
+             * inside the GUI. no_state is hidden.
+             *
+             * We have to write NO DATA inside the DB, because the GUI
+             * could not know, if there is any dat, or not...
+             */
+            $state = 'no_state';
+            $data = '';
+        }
+
+        /*
+         * Insert the data into the database
+         */
+        $sql = "INSERT INTO monitor_data (server_id, type, created, data, state) " .
+            "VALUES (".
+        $server_id . ", " .
+            "'" . $app->dbmaster->quote($type) . "', " .
+        time() . ", " .
+            "'" . $app->dbmaster->quote(serialize($data)) . "', " .
+            "'" . $state . "'" .
+            ")";
+        $app->dbmaster->query($sql);
+
+        /* The new data is written, now we can delete the old one */
+        $this->_delOldRecords($type, 10);
+    }
+
     function monitorSysLog(){
         global $app;
         global $conf;
@@ -758,19 +811,19 @@ function monitorSysLog(){
         /** The type of the data */
         $type = 'sys_log';
 
-	/*
-	 * is there any warning or error for this server?
-	 */
-	$state = 'ok';
+		/*
+		 * is there any warning or error for this server?
+		 */
+		$state = 'ok';
         $dbData = $app->dbmaster->queryAllRecords("SELECT loglevel FROM sys_log WHERE server_id = " . $server_id . " AND loglevel > 0");
-	if (is_array($dbData)) {
-	    foreach($dbData as $item){
-		if ($item['loglevel'] == 1) $state = $this->_setState($state, 'warning');
-		if ($item['loglevel'] == 2) $state = $this->_setState($state, 'error');
-	    }
-	}
-
-	/** There is no monitor-data because the data is in the sys_log table */
+		if (is_array($dbData)) {
+		    foreach($dbData as $item){
+			if ($item['loglevel'] == 1) $state = $this->_setState($state, 'warning');
+			if ($item['loglevel'] == 2) $state = $this->_setState($state, 'error');
+		    }
+		}
+
+		/** There is no monitor-data because the data is in the sys_log table */
         $data['output']= '';
 
         /*
@@ -790,7 +843,7 @@ function monitorSysLog(){
         $this->_delOldRecords($type, 10);
     }
 
-function monitorMailLog()
+	function monitorMailLog()
     {
         global $app;
         global $conf;
@@ -1140,6 +1193,9 @@ function _getLogData($log){
             case 'log_clamav':
                 $logfile = '/var/log/clamav/clamav.log';
                 break;
+            case 'log_fail2ban':
+                $logfile = '/var/log/fail2ban.log';
+                break;
             case 'log_ispconfig':
                 $logfile = '/var/log/ispconfig/ispconfig.log';
                 break;