ZABBIX custom monitoring items

Some time ago, I need to write by myself zabbix Custom monitor , Script ,, Simply write a few , Share with you .

#!/bin/bash
# monitor cpu Load rate 

function avage ( ){
    fir=`uptime | awk -F ':'  '{print $NF }' | awk "{print $load}" | tr ',' ' '`

    sleep 3
    fir1=`uptime | awk -F ':'  '{print $NF }' | awk "{print $load}" | tr ',' ' '`

    avage=`echo  "($fir1 - $fir)*100" | bc -l`
    echo $avage
}


load=$1
#  According to this parameter , Determine the value of which column 
avage $load
############
#  Monitor the status of the firewall ()
#iptables
#!/bin/bash
#  Judge the status of firewall rules , If there are no rules , The default is not enabled , Start alarm .
function Status ( ) {
    rules=`iptables -nvL| grep -vE "Chain|target" | grep -v '^$'| wc -l`
    if [[ $rules = 0 ]]
    then
        echo 1
        # 1 Indicates that the firewall is off , Or there are no rules for exceptions ;
    else
        echo 0
    fi
}
#  Judge whether the firewall is updated 
function Edit ( ) {
    #  By comparison id value 
    first1=`iptables -L -n|md5sum | awk '{print $1}'` > ./first1.txt
    sleep 5s
    first2=`iptables -L -n|md5sum | awk '{print $1}'` > ./first2.txt
    num=`diff -c ./first1.txt ./first2.txt | wc -l`
    if [[ $num = 0 ]]
    then
        echo 1 
        

    else
        echo 0
        # The firewall has been modified , Start alarm 
    fi
}
# To obtain parameters 

case $1 in 
Edit)
        Edit
        ;;
Status)
        Status
        ;;
*)
        echo "fail"
        ;;
esac

# monitor messages journal :

num=`tail -n  100  /var/log/messages |grep -i 'error' |wc -l`
echo $num 


## monitor http process 

# Monitoring process status 
function Status ( ){
    num=`netstat -anlp | grep 80|grep  httpd |wc -l `
    if [[  $num = 0 ]]
    then
        echo 0 
        # Indicates that there is no alarm in the process 

    else
        echo 1
    fi

}
# monitor http In the log GET Number of visits 
function GET_num( ) {

        num=`cat /var/log/httpd/access_log | grep GET | wc -l`
        echo $num
}

# monitor http Error log 


# Monitor individual ip Number of visits 
function ip_num ( ){
    num=`cat   /var/log/httpd/access_log | awk '{print $1}' | sort -n  | uniq -c| awk '{print $1}' | sort -n | tail -n 1 `
    echo $num

}
case $1 in 
Status)
        Status
        ;;
GET_num)
        GET_num
        ;;
ip_num )
        ip_num 
;;
*)
        echo "fail"
        ;;
esac





####################################
# Monitor individual ip link ssh frequency , Greater than 10 I'll give you a warning every time 
    
    link_num=$(tail -n 100  /var/log/secure | grep 'Failed password'|  awk '{print $11}' | sort -n | uniq -c | awk '{print $1}' | sort -n | tail -n 1 )  
   if [ $link_num  -gt 10 ]
   then
        echo 1  #d but 
    else
        echo 0 
   fi
# Brute force 10 Next time , Just trigger the script , Through firewall , take ip Ban 
#  Optimize scripts 


    link_ip=$(cat /var/log/secure | grep 'Failed password'|  awk '{print $11}' | sort -n | uniq -c | awk '{print $2}')
     for i in $link_ip
    do
        # echo  "$i"
        # Filter out ip The corresponding number of times 
        ssh_num=`cat /var/log/secure | grep 'Failed password'|  awk '{print $11}' | sort -n | uniq -c  | grep "$i" |  awk '{print $1}'`
        if [ $ssh_num  -gt  10 ]
        then
                # exceed 10 Time , Direct alarm , And then execute the command , take ip Pull black , Join in ssh Blacklist , Here you can set the script to trigger once , The script only triggers once , And then ip write in 
                echo  1
                deny=`cat   /etc/hosts.deny | grep $i| wc -l`
                if [[  $deny = 0 ]]
                then
                    
                        echo "sshd:$i:deny" >> /etc/hosts.deny
                        systemctl restart sshd

                fi
            

        fi




    done

## Detect disk cpu in io Waiting rate 
#!/bin/bash
num=`iostat -c 5 1   | grep -v "avg-cpu" | awk -F '  ' '{print $12}' |grep -v '^$'`
# if [[ $num > 0.05  ]] 
then
    echo 1

else
    num1=`iostat -c 5 1   | grep -v "avg-cpu" | awk -F '  ' '{print $12}' |grep -v '^$'`
    cha=`echo "$num1-$num" | bc `
    # if [[  $cha > 0.03  ]]
    then
        echo  1

    else
        echo 0
        
    fi


fi


# Monitor disk remaining 
#!/bin/bash
size=`df -h | awk '{print $5}'| tail -n 7 | tr '%' ' '| sort -n  | tail -n 1`
if [[  $size  > 80  ]]
then
        echo 1
else
        echo  0 
fi
#
# monitoring CPU、 Memory 、 Virtual memory usage exceeds 80% Call the police  ration.sh
#/bin/bash
cpu=`iostat -c 5 1   | grep -v "avg-cpu" | awk -F '  ' '{print $6}' |grep -v '^$' `
cpu_use= `echo  "$cpu * 100" | bc`
use=`free -m | grep  Mem | awk '{print $3}'| tr 'M' ' '`
total=`free -m | grep  Mem | awk '{print $2}'| tr 'M' ' ' `
ratio=`awk 'BEGIN{printf "%.2f\n",('$use'/'$total')}'`
mem=`echo "$ratio*100" | bc` 
Total=`cat /proc/meminfo | grep -i "VmallocTotal" | awk '{print $2}'`
Use=`cat /proc/meminfo | grep -i "VmallocUsed" | awk '{print $2}' `
ratio1=`awk 'BEGIN{printf "%.4f\n",('$Use'/'$Total')}'`
vmal=`echo "$ratio1*100" |bc`
if [[  $cpu_use > 80   $vmal  > 80 -o   $mem  > 80 ]]
then
    echo 1
else
    echo 0
fi
######### monitor 	crontab Service monitoring , Whether it is executed normally 
#/bin/bash
last_mofidy_timestamps="$(stat -c %Y /var/log/cron)"
echo $last_mofidy_timestamps
sleep 3600
current_timestamps="$(stat -c %Y /var/log/cron)"
echo $current_timestamps

if (($current_timestamps - $last_mofidy_timestamps > 3600)); then
    echo 1 # If the time difference is greater than 1 Hours , On the alert 
else
    echo 0
fi

########

### monitor home Partition , Reading and writing 
mkdir -p /home/test
echo "text" >> /home/test
if [[ $? = 0  ]]
then
    echo 0
else
    echo 1 

fi

###### The server SSH New services 222 Listening port 
num=`netstat -anltp | grep 222 | wc -l `
if [[  $num >0  ]]
then
    echo 0
else
    echo 1
fi

######ssh The client and ssh Server side , Connectivity monitoring 
#!/bin/bash
num=`telnet  192.168.136.3 22 | grep  -o "Escape character" | wc -l`
if [[  $num != 1 ]]
then
    echo 1 # The alarm 
fi

#  disk io monitor , When the disk IOPS Greater than 1000 Call the police 

#  Network card traffic monitoring , When the network card traffic exceeds 100M/s Call the police ;
#!/bin/bash
RX=`cat /sys/class/net/ens33/statistics/rx_bytes`  # Received packet data 
TX=`cat /sys/class/net/ens33/statistics/tx_bytes `   # Number of packets transmitted 
RMBPS=` echo "$RX/1048576" | bc `
TMBPS=` echo "$TX/1048576" | bc`
if [[  $RMBPS -ge 100 || $TMBPS -ge 100 ]]
then
    echo 1
else
    echo 0

fi
# sar Use , Every 5 Every second , Catch 5 Time , disk IO and CPU Usage alarm 
#!/bin/bash
cpu=`sar -p 5 5   | awk '{print $4}'| tail -n  +5 | sort -n | tail -n 1 `
io=`sar -d 5 5   | awk '{print $4}'| tail -n  +5 | sort -n | tail -n 1`
cpu_status=`awk 'BEGIN{printf($cpu * 100)}' `
io_status=`awk 'BEGIN{printf($io * 100)}' `
if [[  $cpu_status -ge 80 || $io_status -ge 80  ]]
then
    echo 1
else
    echo 0
fi
# iostat, Every 5 Every second , Catch 5 Time , disk IO and CPU Usage alarm 
#!/bin/bash
cpu=`iostat -c 5 5   | grep -v "avg-cpu"  | awk '{print $1}' | grep '[0-9]' |sort -n |tail -n 1 `
io=`iostat -d 5 5  | grep sda | awk '{print $2}' | sort -n |tail -n 1`
cpu_status=`awk 'BEGIN{printf($cpu * 100)}' `
io_status=`awk 'BEGIN{printf($io * 100)}' `
if [[  $cpu_status -ge 80 || $io_status -ge 80  ]]
then
    echo 1
else
    echo 0
fi
# vmstat, Every 5 Every second , Catch 5 Time , disk IO and CPU Usage alarm 
io=`vmstat 5 5  |awk '{print $10}'| grep [0-9]|sort -n| tail -n 1`
cpu=`vmstat 5 5  |awk '{print $13}'| grep [0-9]|sort -n| tail -n 1 `
cpu_status=`awk 'BEGIN{printf($cpu * 100)}' `
io_status=`awk 'BEGIN{printf($io * 100)}' `
if [[  $cpu_status -ge 80 || $io_status -ge 80  ]]
then
    echo 1
    else
    echo 0
fi

# Monitor the network card traffic graph 
#!/bin/bash
RX=`cat /sys/class/net/ens33/statistics/rx_bytes`  # Received packet data 
RMBPS=` echo "$RX/1048576" | bc `
echo $RMBPS

TX=`cat /sys/class/net/ens33/statistics/tx_bytes `   # Number of packets transmitted 
TMBPS=` echo "$TX/1048576" | bc`
echo  $TMBPS


### Monitoring failed login times are greater than 5 I'll give you a warning every time 
#!/bin/bash
num=`lastb | awk '{print $3}' | sort -n  | uniq -c |awk '{print $1}'`
for i in $num
do 
    if [[  $i  -gt 5 ]]
    then
        ip=`lastb | awk '{print $3}' | sort -n  | uniq -c |grep  -w  "$i" | awk '{print $2}'`
        cat /etc/hosts.allow | grep -q $ip
        if [[  $? -eq 0 ]]
        then
            echo 0
        else
            echo 1
        fi
    fi


done