{"id":381,"date":"2017-01-25T16:44:46","date_gmt":"2017-01-25T15:44:46","guid":{"rendered":"https:\/\/memo.xtranet.info\/?p=381"},"modified":"2017-01-25T16:44:46","modified_gmt":"2017-01-25T15:44:46","slug":"munin-portsentry","status":"publish","type":"post","link":"https:\/\/memo.xtranet.info\/?p=381","title":{"rendered":"Munin PortSentry"},"content":{"rendered":"

Munin PortSentry<\/span><\/h1>\n

 <\/p>\n

portsentry_tcp :<\/span><\/h2>\n

#!\/usr\/bin\/perl -w
\n#
\n# Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
\n#
\n# This program is free software; you can redistribute it and\/or
\n# modify it under the terms of the GNU General Public License
\n# as published by the Free Software Foundation; version 2 dated June,
\n# 1991.
\n#
\n# This program is distributed in the hope that it will be useful,
\n# but WITHOUT ANY WARRANTY; without even the implied warranty of
\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u00a0 See the
\n# GNU General Public License for more details.
\n#
\n# You should have received a copy of the GNU General Public License
\n# along with this program; if not, write to the Free Software
\n# Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA\u00a0 02111-1307, USA.
\n#
\n# If you improve this script please send your version to my email address
\n# with the copyright notice upgrade with your name.
\n#
\n# Plugin to monitor number of tcp ports attack detected by portsentry
\n#
\n# $Log$
\n# Revision 1.1\u00a0 2006\/03\/28 21:04:01\u00a0 rodo
\n# Created by Rodolphe Quiedeville
\n#
\n# Add following lines to etc\/munin\/plugin-conf.d\/munin-node file
\n#
\n# [portsentry*]
\n#\u00a0\u00a0 user root
\n#
\n#%# family=network
\n#%# capabilities=autoconf<\/p>\n

use strict;<\/p>\n

my ($port,$number,$name);
\nmy (%ports, %names);
\nmy $a = \u00ab\u00a0<\/var\/lib\/portsentry\/portsentry.blocked.tcp\u00a0\u00bb;
\nmy $line = undef;<\/p>\n

if ($ARGV[0] and $ARGV[0] eq \u00ab\u00a0config\u00a0\u00bb)
\n{
\nprint \u00ab\u00a0graph_title Portsentry TCP Attacks Detected\\n\u00a0\u00bb;
\nprint \u00ab\u00a0graph_args –base 1000 -l 0\\n\u00a0\u00bb;
\nprint \u00ab\u00a0graph_category network\\n\u00a0\u00bb;
\nprint \u00ab\u00a0graph_vlabel attacks blocked\\n\u00a0\u00bb;
\nprint \u00ab\u00a0graph_total total\\n\u00a0\u00bb;<\/p>\n

open(PTCP,$a) || die \u00ab\u00a0cannot open $a: $!\u00a0\u00bb;
\nwhile ($line = <PTCP>)
\n{
\n$ports{$1}++ if $line =~ \/.*Port: ([0-9]+) TCP Blocked$\/;
\n}
\nclose(PTCP);<\/p>\n

my @np = (keys(%ports));
\nforeach my $x (@np) {
\n$names{$x} = \u00ab\u00a0inconnu\u00a0\u00bb;
\nopen(PETC,\u00a0\u00bbgrep $x\/tcp \/etc\/services|\u00a0\u00bb) || die \u00ab\u00a0cannot open \/etc\/services : $!\u00a0\u00bb;
\nwhile ($line = <PETC>){
\n$names{$x} = $1 if $line =~ \/^(\\w*)\\s*$x\\\/tcp.*\/;
\n}
\nclose(PETC);
\n}<\/p>\n

while (($port,$number) = each(%ports))
\n{
\nprint \u00ab\u00a0port_$port.label Port $port\\n\u00a0\u00bb;
\nprint \u00ab\u00a0port_$port.info $names{$port}\\n\u00a0\u00bb;
\n}<\/p>\n

exit 0;
\n}<\/p>\n

open(PTCP,$a) || die \u00ab\u00a0cannot open $a: $!\u00a0\u00bb;
\nwhile ($line = <PTCP>)
\n{
\n$ports{$1}++ if $line =~ \/.*Port: ([0-9]+) TCP Blocked$\/;
\n}
\nclose(PTCP);<\/p>\n

while (($port,$number) = each(%ports))
\n{
\nprint \u00ab\u00a0port_$port.value $number\\n\u00a0\u00bb;
\n}<\/p>\n

# vim:syntax=perl<\/p>\n

 <\/p>\n

portsentry_udp :<\/span><\/h2>\n

#!\/usr\/bin\/perl -w
\n#
\n# Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
\n#
\n# This program is free software; you can redistribute it and\/or
\n# modify it under the terms of the GNU General Public License
\n# as published by the Free Software Foundation; version 2 dated June,
\n# 1991.
\n#
\n# This program is distributed in the hope that it will be useful,
\n# but WITHOUT ANY WARRANTY; without even the implied warranty of
\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u00a0 See the
\n# GNU General Public License for more details.
\n#
\n# You should have received a copy of the GNU General Public License
\n# along with this program; if not, write to the Free Software
\n# Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA\u00a0 02111-1307, USA.
\n#
\n# If you improve this script please send your version to my email address
\n# with the copyright notice upgrade with your name.
\n#
\n# Plugin to monitor number of tcp ports attack detected by portsentry
\n#
\n# $Log$
\n# Revision 1.1\u00a0 2006\/03\/28 21:04:01\u00a0 rodo
\n# Created by Rodolphe Quiedeville
\n#
\n#%# family=network
\n#%# capabilities=autoconf<\/p>\n

use strict;<\/p>\n

my ($port,$number);
\nmy %ports;
\nmy $a = \u00ab\u00a0\/var\/lib\/portsentry\/portsentry.blocked.udp\u00a0\u00bb;
\nmy $line = undef;<\/p>\n

if ($ARGV[0] and $ARGV[0] eq \u00ab\u00a0config\u00a0\u00bb)
\n{
\nprint \u00ab\u00a0graph_title Portsentry UDP Attacks Detected\\n\u00a0\u00bb;
\nprint \u00ab\u00a0graph_args –base 1000 -l 0\\n\u00a0\u00bb;
\nprint \u00ab\u00a0graph_category network\\n\u00a0\u00bb;
\nprint \u00ab\u00a0graph_vlabel attacks blocked\\n\u00a0\u00bb;<\/p>\n

open(PUDP,$a) || die \u00ab\u00a0cannot open $a: $!\u00a0\u00bb;
\nwhile ($line = <PUDP>)
\n{
\n$ports{$1}++ if $line =~ \/.*Port: ([0-9]+) UDP Blocked$\/;
\n}
\nclose(PUDP);<\/p>\n

while (($port,$number) = each(%ports))
\n{
\nprint \u00ab\u00a0port_$port.label Port $port\\n\u00a0\u00bb;
\nprint \u00ab\u00a0port_$port.info Port UDP $port\\n\u00a0\u00bb;
\n}<\/p>\n

exit 0;
\n}<\/p>\n

open(PUDP,$a) || die \u00ab\u00a0cannot open $a: $!\u00a0\u00bb;
\nwhile ($line = <PUDP>)
\n{
\n$ports{$1}++ if $line =~ \/.*Port: ([0-9]+) UDP Blocked$\/;
\n}
\nclose(PUDP);<\/p>\n

while (($port,$number) = each(%ports))
\n{
\nprint \u00ab\u00a0port_$port.value $number\\n\u00a0\u00bb;
\n}<\/p>\n

# vim:syntax=perl<\/p>\n","protected":false},"excerpt":{"rendered":"

Munin PortSentry   portsentry_tcp : #!\/usr\/bin\/perl -w # # Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org> # # This program is free software; you can redistribute it and\/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; version 2 dated June, # 1991. # #… Continue reading Munin PortSentry<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,4,38],"tags":[52],"class_list":["post-381","post","type-post","status-publish","format-standard","hentry","category-administration","category-linux","category-munin","tag-munin"],"_links":{"self":[{"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=\/wp\/v2\/posts\/381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=381"}],"version-history":[{"count":1,"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=\/wp\/v2\/posts\/381\/revisions"}],"predecessor-version":[{"id":382,"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=\/wp\/v2\/posts\/381\/revisions\/382"}],"wp:attachment":[{"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/memo.xtranet.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}