| Server IP : 78.140.185.180 / Your IP : 18.119.0.207 Web Server : LiteSpeed System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64 User : builderbox ( 1072) PHP Version : 7.3.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /lib64/nagios/plugins/extra/ |
Upload File : |
#!/usr/bin/env perl
use extreme;
use File::Slurp;
use YAML::XS qw(LoadFile Dump);
use Getopt::Long;
my ($warn, $crit, $limits, @w_incidents, @c_incidents );
sub help {
print <<EOT;
$0 [-w/--warn 1,20 -c/--crit 4,50]
Plugin accepts two value for warn and crit to check delta (difference between current statisctic and cache) for access logs:
first param: limit for line count delta
second param: limit for size log delta in KBytes
Default values:
warn: 5000,2500
crit: 30000,12500
Allowed formats:
--warn 1
--crit 1,2
Whitelist path:
/etc/icinga2/plinc/ddos_crit_wl for critical incidents
/etc/icinga2/plinc/ddos_warn_wl for warnings
Format for whitelist:
/path/to/file0.log
/path/to/file1.log
For any unspecified params, corresponding default will be used
EOT
exit 3;
}
sub parse_args {
GetOptions(
'h|help' => \&help,
'w|warn=s' => \$warn,
'c|crit=s' => \$crit
);
help() if $warn && $warn !~ /\d+,?/;
help() if $crit && $crit !~ /\d+,?/;
$warn //= '';
$crit //= '';
( $limits->{w}{lines}, $limits->{w}{bytes} )
= ( $1, $2 )
if $warn =~ /(\d+),?(\d+)?/;
( $limits->{c}{lines}, $limits->{c}{bytes} )
= ( $1, $2 )
if $crit =~ /(\d+),?(\d+)?/;
$limits->{w}{lines} //= 5000;
$limits->{w}{bytes} //= 2500;
$limits->{c}{lines} //= 30000;
$limits->{c}{bytes} //= 12500;
# convert kbytes to bytes
for my $t ( keys %$limits) {
$limits->{$t}->{'bytes'} *= 1024;
}
}
parse_args();
# whitelist
my @wl_crit = read_file('/etc/icinga2/plinc/ddos_crit_wl') if -f '/etc/icinga2/plinc/ddos_crit_wl';
my @wl_warn = read_file('/etc/icinga2/plinc/ddos_warn_wl') if -f '/etc/icinga2/plinc/ddos_warn_wl';
chomp @wl_crit;
chomp @wl_warn;
# manage cache
my $cache_eflag = 1;
my $cache_file = '/var/tmp/check-ddos-cache';
if (!-f $cache_file) {
$cache_eflag = 0;
open ( my $fh, '>', $cache_file );
}
my $cache = LoadFile $cache_file;
my $logstat;
# cpanel
if ( -d '/var/cpanel/users' ) {
my $path = '/etc/apache2/logs/domlogs/';
my @dirs = read_dir ($path, prefix => 1);
for my $dir (@dirs) {
for my $file (<$dir/*>) {
chomp ( $logstat->{$file}->{'lines'} = `wc -l < $file` );
$logstat->{$file}->{'bytes'} = (stat $file)[7];
}
}
}
# ispmanager
if ( -f '/usr/local/mgr5/sbin/mgrctl' ) {
my $path = '/var/www/httpd-logs/';
my @files = read_dir($path, prefix => 1);
for my $file (@files) {
if ( -f $file && $file =~ /access\.log$/ ) {
chomp ( $logstat->{$file}->{'lines'} = `wc -l < $file` );
$logstat->{$file}->{'bytes'} = (stat $file)[7];
}
}
}
# directadmin
if ( -d '/usr/local/directadmin' ) {
my $path = '/var/log/httpd/domains/';
my @files = read_dir($path, prefix => 1);
for my $file (@files) {
if ( -f $file && $file =~ /\.log$/ && $file !~ /\.error\./ ) {
chomp ( $logstat->{$file}->{'lines'} = `wc -l < $file` );
$logstat->{$file}->{'bytes'} = (stat $file)[7];
}
}
}
if ($cache_eflag) {
for my $file (keys $logstat->%* ) {
next if !$cache->{$file};
for my $limit (keys $logstat->{$file}->%* ) {
if ( $cache->{$file}->{$limit} < $logstat->{$file}->{$limit} )
{
my $delta = $logstat->{$file}->{$limit} - $cache->{$file}->{$limit};
my $msg = "Since last check log $file has increased by $delta $limit";
push @c_incidents, $msg
if $limits->{c}{$limit} <= $delta
&& !( $file ~~ @wl_crit );
push @w_incidents, $msg
if $limits->{w}{$limit} <= $delta
&& !(( $file ~~ @wl_warn )
|| ( $file ~~ @wl_crit ));
}
}
}
}
$cache=$logstat;
write_file( $cache_file, Dump $cache );
if (@c_incidents) {
say join( "\n", @c_incidents );
exit 2;
}
if (@w_incidents) {
say join( "\n", @w_incidents );
exit 1;
}
say "OK";