crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
scripts/munin/iptables_
Antoine Durand-Gasselin 4a68475e34 [wiki-lenny] suppression de static/ 
darcs-hash:20090314092631-bd074-b01256aeaf71e935851b3ecdbd623eaae8c9e8a1.gz
2009-03-14 10:26:31 +01:00

65 lines
2.5 KiB
Python
Raw Blame History

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Compteur des règles iptables
import sys,commands,string
# On prend l'argument pour définir la table à analyser
TABLE = sys.argv[0].split('_')[1]
if TABLE :
IPTABLES = "iptables -n -t %s -L " % TABLE
else :
IPTABLES = "iptables -n -L "
try :
arg = sys.argv[1]
except :
arg = ''
CHAINS = commands.getoutput('%s | grep Chain | awk \'{print $2}\'' % IPTABLES).split('\n')
if arg == "config" :
print 'graph_title Firewall %s' % string.lower(TABLE)
print 'graph_args --base 1000 --lower-limit 0'
print 'graph_category network'
print "graph_vlabel nb de regles"
for chain in CHAINS :
nom = string.lower(chain.replace('_', '').replace('-', '').replace('.','').replace('/', ''))
label = chain.replace('_', '-').replace('.','-').replace('/','-')
if label != "TEST-MAC-IP" :
print "%s.label %s" % (nom, label)
if CHAINS.index(chain) == 0 :
print "%s.draw AREA" % nom
else :
print "%s.draw STACK" % nom
else :
print "%sadm.label %s-adm" % (nom, label)
print "%sadm.draw STACK" % nom
for subnet in range(136,152):
print "%s%s.label %s-%s" % (nom, subnet, label, subnet)
print "%s%s.draw STACK" % (nom, subnet)
print "%s.label %s" % (nom, label)
print "%s.warning 100:2500" % nom
print "%s.critical 1:3000" % nom
else :
for chain in CHAINS :
nom = string.lower(chain.replace('_', '').replace('-', '').replace('.','').replace('/', ''))
label = chain.replace('_', '-').replace('.','-').replace('/','-')
if label == "TEST-MAC-IP" :
data = commands.getoutput("%s %s | uniq | awk '{print $4}' | grep 231 | awk -F '.' '{print $1$2$3}' | sort | uniq -c | grep 231" % (IPTABLES, chain)).split('\n')
total = 0
for line in data :
value, subnet = line.split()
total += int(value)
if subnet[:8] == "10231136":
print "%sadm.value %s" % (nom, value)
for x in range(136,152):
if subnet[:9] == ("138231%d" % x):
print "%s%d.value %s" % (nom, x, value)
print "%s.value %d" % (nom, total)
else :
value = int(commands.getoutput('%s %s | uniq | wc -l' % (IPTABLES, chain))) - 2
print "%s.value %d" % (nom, value)
Reference in a new issue View git blame Copy permalink