class ScrubPausedAlertSource(ThreadedAlertSource):
schedule = CrontabSchedule(hour=3)
async def check(self):
alerts = []
for pool in await self.middleware.call("zfs.pool.pools_with_paused_scrubs"):
alerts.append(Alert(ScrubPausedAlertClass, pool.name))
return alerts
class SSHLoginFailuresAlertSource(ThreadedAlertSource):
schedule = CrontabSchedule(hour=0)
def check_sync(self):
login_failures = get_login_failures(datetime.now(), catmsgs())
if login_failures:
return Alert(SSHLoginFailuresAlertClass, {
"count": len(login_failures),
"failures": b"".join(login_failures).decode("utf-8", "ignore")
})
class ScrubPausedAlertSource(ThreadedAlertSource):
schedule = CrontabSchedule(hour=3)
def check_sync(self):
alerts = []
with libzfs.ZFS() as zfs:
for pool in zfs.pools:
if pool.scrub.pause is not None:
alerts.append(Alert(ScrubPausedAlertClass, pool.name))
return alerts
class ActiveDirectoryDomainHealthAlertSource(AlertSource):
schedule = CrontabSchedule(hour=1)
async def check(self):
if await self.middleware.call('activedirectory.get_state'
) == 'DISABLED':
return
try:
await self.middleware.call("activedirectory.validate_domain")
except Exception as e:
return Alert(ActiveDirectoryDomainHealthAlertClass,
{'verrs': str(e)},
key=None)
class ScrubPausedAlertSource(ThreadedAlertSource):
level = AlertLevel.WARNING
title = "Scrub is paused"
schedule = CrontabSchedule(hour=3)
def check_sync(self):
alerts = []
with libzfs.ZFS() as zfs:
for pool in zfs.pools:
if pool.scrub.pause is not None:
alerts.append(
Alert(title="Scrub for pool %r is paused",
args=pool.name,
key=[pool.name]))
return alerts
class SSHLoginFailuresAlertSource(ThreadedAlertSource):
schedule = CrontabSchedule(hour=0)
def check_sync(self):
login_failures = get_login_failures(datetime.now(), catmsgs())
if login_failures:
return Alert(
SSHLoginFailuresAlertClass, {
"count":
len(login_failures),
"failures":
"".join(login_failures if len(login_failures) <= 5 else
login_failures[:2] +
[f"... {len(login_failures) - 4} more ...\n"] +
login_failures[-2:])
})
class ActiveDirectoryDomainHealthAlertSource(AlertSource):
schedule = CrontabSchedule(hour=1)
run_on_backup_node = False
async def check(self):
if await self.middleware.call('activedirectory.get_state'
) == 'DISABLED':
return
try:
await self.middleware.call("activedirectory.validate_domain")
except Exception as e:
await self.middleware.call("activedirectory.set_state",
DSStatus['FAULTED'].name)
return Alert(ActiveDirectoryDomainHealthAlertClass,
{'verrs': str(e)},
key=None)
class SMBLegacyProtocolAlertSource(AlertSource):
schedule = CrontabSchedule(hour=1) # every 24 hours
run_on_backup_node = False
async def check(self):
if not await self.middleware.call('service.started', 'cifs'):
return
now = time.time()
auth_log = await self.middleware.call('smb.status', 'AUTH_LOG', [
["timestamp_tval.tv_sec", ">", now - 86400],
["Authentication.serviceDescription", "=", "SMB"],
])
if not auth_log:
return
return Alert(SMBLegacyProtocolAlertClass,
{'err': ', '.join(generate_alert_text(auth_log))},
key=None)
class SnapshotCountAlertSource(AlertSource):
schedule = CrontabSchedule(hour=1)
run_on_backup_node = False
async def check(self):
max = await self.middleware.call("pool.snapshottask.max_count")
max_total = await self.middleware.call(
"pool.snapshottask.max_total_count")
total = 0
datasets = defaultdict(lambda: 0)
for snapshot in await self.middleware.call("zfs.snapshot.query", [],
{"select": ["name"]}):
total += 1
datasets[snapshot["name"].split("@")[0]] += 1
if total > max_total:
return Alert(
SnapshotTotalCountAlertClass,
{
"count": total,
"max": max_total
},
key=None,
)
for dataset in sorted(datasets.keys()):
count = datasets[dataset]
if count > max:
return Alert(
SnapshotCountAlertClass,
{
"dataset": dataset,
"count": count,
"max": max
},
key=None,
)
class NTLMv1AuthenticationAlertSource(AlertSource):
schedule = CrontabSchedule(hour=0) # every 24 hours
run_on_backup_node = False
async def check(self):
if not await self.middleware.call('service.started', 'cifs'):
return
smb_conf = await self.middleware.call('smb.config')
if smb_conf['ntlmv1_auth']:
return
now = time.time()
auth_log = await self.middleware.call(
'smb.status', 'AUTH_LOG',
[["timestamp_tval.tv_sec", ">", now - 86400],
["Authentication.passwordType", "=", "NTLMv1"]])
if not auth_log:
return
return Alert(NTLMv1AuthenticationAlertClass,
{'err': ', '.join(generate_alert_text(auth_log))},
key=None)
class CertificateChecksAlertSource(AlertSource):
schedule = CrontabSchedule(hour=0) # every 24 hours
run_on_backup_node = False
async def _get_service_certs(self):
_type = 'certificate'
service_certs = [
{
'id':
(await
self.middleware.call('ftp.config'))['ssltls_certificate'],
'service':
'FTP',
'type':
_type,
},
{
'id': (await self.middleware.call('s3.config'))['certificate'],
'service': 'S3',
'type': _type,
},
{
'id': (await self.middleware.call('webdav.config'))['certssl'],
'service': 'Webdav',
'type': _type,
},
{
'id': (await self.middleware.call('openvpn.server.config')
)['server_certificate'],
'service':
'OpenVPN Server',
'type':
_type,
},
{
'id': (await self.middleware.call('openvpn.client.config')
)['client_certificate'],
'service':
'OpenVPN Client',
'type':
_type,
},
{
'id': (await self.middleware.call('system.general.config')
)['ui_certificate']['id'],
'service':
'Web UI',
'type':
_type,
},
{
'id': (await self.middleware.call('system.advanced.config')
)['syslog_tls_certificate'],
'service':
'Syslog',
'type':
_type,
},
]
return service_certs
async def _get_cas(self):
_type = 'root certificate authority'
ca_certs = [
{
'id':
(await
self.middleware.call('openvpn.server.config'))['root_ca'],
'service':
'Web UI',
'type':
_type,
},
{
'id':
(await
self.middleware.call('openvpn.client.config'))['root_ca'],
'service':
'Syslog',
'type':
_type,
},
]
return ca_certs
async def check(self):
alerts = []
# system certs/cas
certs = await self.middleware.call('certificate.query',
[['certificate', '!=', None]])
certs.extend(await self.middleware.call('certificateauthority.query'))
# service certs/cas
check_for_revocation = await self._get_service_certs()
check_for_revocation.extend(await self._get_cas())
parsed = {}
for cert in certs:
# make the sure certs have been parsed correctly
if not cert['parsed']:
alerts.append(
Alert(
CertificateParsingFailedAlertClass,
{
"type": cert["cert_type"].capitalize(),
"name": cert["name"]
},
))
else:
# check the parsed certificate(s) for expiration
if cert['cert_type'].capitalize() == 'CERTIFICATE':
diff = (datetime.strptime(cert['until'],
'%a %b %d %H:%M:%S %Y') -
datetime.utcnow()).days
if diff < 10:
if diff >= 0:
alerts.append(
Alert(
CertificateIsExpiringSoonAlertClass
if diff <= 2 else
CertificateIsExpiringAlertClass,
{
'name': cert['name'],
'days': diff
},
key=[cert['name']],
))
else:
alerts.append(
Alert(CertificateExpiredAlertClass,
{'name': cert['name']},
key=[cert['name']]))
parsed[cert['id']] = cert['revoked']
# check the parsed certificate(s) for revocation
for i in filter(lambda i: parsed.get(i['id']), check_for_revocation):
alerts.append(
Alert(CertificateRevokedAlertClass, {
'service': i['service'],
'type': i['type']
}))
return alerts