Fail2ban

Overview

The fail2ban plugin gathers the count of failed and banned ip addresses using fail2ban.

This plugin runs the fail2ban-client command which generally requires root access. Acquiring the required permissions can be done using several methods:

  • Use sudo run fail2ban-client.
  • Run agent as root. (not recommended)

Configuration

# Read metrics from fail2ban.
[[inputs.fail2ban]]
  ## Use sudo to run fail2ban-client
  use_sudo = false

Using sudo

Make sure to set use_sudo = true in your configuration file.

You will also need to update your sudoers file. It is recommended to modify a file in the /etc/sudoers.d directory using visudo:

$ sudo visudo -f /etc/sudoers.d/circonus-unified-agent

Add the following lines to the file, these commands allow the cua user to call fail2ban-client without needing to provide a password and disables logging of the call in the auth.log. Consult man 8 visudo and man 5 sudoers for details.

Cmnd_Alias FAIL2BAN = /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
cua  ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
Defaults!FAIL2BAN !logfile, !syslog, !pam_session