Linuxfabrik
diff --git a/‎CHANGELOG.md‎
Lines changed: 7 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎assets/icingaweb2-module-director/all-the-rest.json‎
Lines changed: 58 additions & 0 deletions b/‎assets/icingaweb2-module-director/all-the-rest.json‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎check-plugins/virustotal-scan-url/README.md‎
Lines changed: 97 additions & 0 deletions b/‎check-plugins/virustotal-scan-url/README.md‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎check-plugins/virustotal-scan-url/grafana/example.yml‎
Lines changed: 187 additions & 0 deletions b/‎check-plugins/virustotal-scan-url/grafana/example.yml‎
Lines changed: 187 additions & 0 deletions
@@ -7,6 +7,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ## [Unreleased]
 
+### Added ("feat")
+
+Monitoring Plugins:
+
+* virustotal-scan-url: analyses URLs to detect malware and other breaches using VirusTotal
+
+
 ### Fixed ("fix")
 
 Assets:
 
@@ -197,6 +197,7 @@ See some of our check plugins at a glance on an Icinga server:
 <img alt="uptime" src="https://download.linuxfabrik.ch/monitoring-plugins/assets/screenshots/uptime.png" width="30%"/> &nbsp;
 <img alt="uptimerobot" src="https://download.linuxfabrik.ch/monitoring-plugins/assets/screenshots/uptimerobot.png" width="30%"/> &nbsp;
 <img alt="users" src="https://download.linuxfabrik.ch/monitoring-plugins/assets/screenshots/users.png" width="30%"/> &nbsp;
+<img alt="virustotal-scan-url" src="https://download.linuxfabrik.ch/monitoring-plugins/assets/screenshots/virustotal-scan-url.png" width="30%"/> &nbsp;
 <img alt="whmcs-status" src="https://download.linuxfabrik.ch/monitoring-plugins/assets/screenshots/whmcs-status.png" width="30%"/> &nbsp;
 <img alt="wildfly-deployment-status" src="https://download.linuxfabrik.ch/monitoring-plugins/assets/screenshots/wildfly-deployment-status.png" width="30%"/> &nbsp;
 <img alt="wildfly-gc-status" src="https://download.linuxfabrik.ch/monitoring-plugins/assets/screenshots/wildfly-gc-status.png" width="30%"/> &nbsp;
 
@@ -1563,6 +1563,12 @@
                     "entry_value": "Veeam Backup & Replication (Windows)",
                     "format": "string"
                 },
+                {
+                    "allowed_roles": null,
+                    "entry_name": "virustotal",
+                    "entry_value": "VirusTotal",
+                    "format": "string"
+                },
                 {
                     "allowed_roles": null,
                     "entry_name": "vsftpd",
@@ -43152,6 +43158,58 @@
             },
             "uuid": "4e41e4c7-81be-453b-a932-c66e301b3eff"
         },
+        "VirusTotal Service Set": {
+            "assign_filter": "\"virustotal-scan-url\"=host.vars.tags",
+            "description": null,
+            "object_name": "VirusTotal Service Set",
+            "object_type": "template",
+            "services": {
+                "VirusTotal Scan URL": {
+                    "action_url": null,
+                    "apply_for": null,
+                    "assign_filter": null,
+                    "check_command": null,
+                    "check_interval": null,
+                    "check_period": null,
+                    "check_timeout": null,
+                    "command_endpoint": null,
+                    "disabled": false,
+                    "display_name": null,
+                    "enable_active_checks": null,
+                    "enable_event_handler": null,
+                    "enable_flapping": null,
+                    "enable_notifications": null,
+                    "enable_passive_checks": null,
+                    "enable_perfdata": null,
+                    "event_command": null,
+                    "fields": [],
+                    "flapping_threshold_high": null,
+                    "flapping_threshold_low": null,
+                    "groups": [],
+                    "host": null,
+                    "icon_image": null,
+                    "icon_image_alt": null,
+                    "imports": [
+                        "tpl-service-virustotal-scan-url"
+                    ],
+                    "max_check_attempts": null,
+                    "notes": null,
+                    "notes_url": null,
+                    "object_name": "VirusTotal Scan URL",
+                    "object_type": "object",
+                    "retry_interval": null,
+                    "service_set": null,
+                    "template_choice": null,
+                    "use_agent": null,
+                    "use_var_overrides": null,
+                    "uuid": "f86f2dc8-968d-4161-86c9-a72e84ea58fa",
+                    "vars": {},
+                    "volatile": null,
+                    "zone": null
+                }
+            },
+            "uuid": "93934306-2b58-4c35-a128-9fc12ad0e2e6"
+        },
         "vsftpd Service Set": {
             "assign_filter": "\"vsftpd\"=host.vars.tags",
             "description": null,
 
@@ -0,0 +1,97 @@
+# Check virustotal-scan-url
+
+## Overview
+
+Analyses URLs to detect malware and other breaches using [VirusTotal](https://www.virustotal.com/).
+
+Hints:
+
+* In order to use this plugin, you will need to create a VirusTotal account.
+* This plugin uses the [VirusTotal API v3](https://docs.virustotal.com/reference/overview). See the [documentation](https://docs.virustotal.com/reference/public-vs-premium-api) on any constraints and restrictions, especially for commercial use.
+
+
+## Fact Sheet
+
+| Fact | Value |
+|----|----|
+| Check Plugin Download                 | <https://github.com/Linuxfabrik/monitoring-plugins/tree/main/check-plugins/virustotal-scan-url> |
+| Check Interval Recommendation         | Once an hour |
+| Can be called without parameters      | No |
+| Requirements                          | VirusTotal account, VirusTotal API key and Premium API if this plugin is used in business workflows that do not contribute new files or in commercial products/services. |
+
+
+## Help
+
+```text
+usage: virustotal-scan-url [-h] [-V] [--always-ok] [--insecure] [--no-proxy]
+                           [--severity {warn,crit}] [--test TEST]
+                           [--timeout TIMEOUT] --token TOKEN --url URL
+
+Analyses URLs to detect malware and other breaches using VirusTotal.
+
+options:
+  -h, --help            show this help message and exit
+  -V, --version         show program's version number and exit
+  --always-ok           Always returns OK.
+  --insecure            This option explicitly allows to perform "insecure"
+                        SSL connections. Default: False
+  --no-proxy            Do not use a proxy. Default: False
+  --severity {warn,crit}
+                        Severity for alerting. Default: warn
+  --test TEST           For unit tests. Needs "path-to-stdout-file,path-to-
+                        stderr-file,expected-retc".
+  --timeout TIMEOUT     Network timeout in seconds. Default: 8 (seconds)
+  --token TOKEN         VirusTotal API token
+  --url URL             URL to scan.
+```
+
+
+## Usage Examples
+
+```bash
+./virustotal-scan-url --token b480bd43 --url https://secure.eicar.org/eicar.com
+```
+
+Output:
+
+```text
+9/97 security vendors flagged https://secure.eicar.org/eicar.com as malicious.
+
+Engine      ! Result     ! Method    ! Category           
+------------+------------+-----------+--------------------
+Antiy-AVL   ! malicious  ! blacklist ! malicious [WARNING]
+AutoShun    ! malicious  ! blacklist ! malicious [WARNING]
+BitDefender ! malware    ! blacklist ! malicious [WARNING]
+CRDF        ! malicious  ! blacklist ! malicious [WARNING]
+Fortinet    ! malware    ! blacklist ! malicious [WARNING]
+G-Data      ! malware    ! blacklist ! malicious [WARNING]
+Lionic      ! malware    ! blacklist ! malicious [WARNING]
+Sophos      ! malware    ! blacklist ! malicious [WARNING]
+URLQuery    ! suspicious ! blacklist ! suspicious         
+VIPRE       ! malware    ! blacklist ! malicious [WARNING]
+```
+
+
+## States
+
+* Alerts according to the given severity level (default: WARN due to the many false positives on VT) if the scanner's result falls into the "malicious" category.
+
+
+## Perfdata / Metrics
+
+According to <https://docs.virustotal.com/reference/analyses-object>:
+
+| Name | Type | Description |
+|----|----|----|
+| harmless | Number | Number of reports saying that is harmless. |
+| malicious | Number | Number of reports saying that is malicious. |
+| suspicious | Number | Number of reports saying that is suspicious. |
+| timeout | Number | Number of timeouts when analysing this URL. |
+| undetected | Number | Number of reports saying that is undetected. |
+| vendors | Number | Number of scan vendors used. |
+
+
+## Credits, License
+
+* Authors: [Linuxfabrik GmbH, Zurich](https://www.linuxfabrik.ch)
+* License: The Unlicense, see [LICENSE file](https://unlicense.org/).
@@ -0,0 +1,187 @@
+apiVersion: grizzly.grafana.com/v1alpha1
+kind: Dashboard
+metadata:
+  folder: linuxfabrik-monitoring-plugins
+  name: example
+spec:
+  schemaVersion: 2024101801
+  tags:
+    - Linuxfabrik
+    - Grizzly
+    - static
+  time:
+    from: now-90d
+    to: now
+  timepicker:
+    hidden: false
+    refresh_intervals:
+    - 1m
+  timezone: browser
+  title: Example
+  uid: linuxfabrik-monitoring-plugins-example
+  editable: true
+  liveNow: true
+  refresh: 1m
+  templating:
+    list:
+    - label: Command
+      name: command
+      query: SHOW MEASUREMENTS WITH MEASUREMENT =~ /.*example.*/
+      current:
+        text: cmd-check-example
+        value: cmd-check-example
+      refresh: 1
+      sort: 1
+      type: query
+    - label: Hostname
+      name: hostname
+      query: SHOW TAG VALUES FROM "$command" WITH KEY = "hostname"
+      refresh: 1
+      sort: 1
+      type: query
+    - label: Service
+      name: service
+      query: SHOW TAG VALUES FROM "$command" WITH KEY = "service" WHERE hostname = '$hostname'
+      refresh: 1
+      sort: 1
+      type: query
+
+  panels:
+
+  - title: Example - Percentages
+    type: timeseries
+    gridPos:
+      h: 8
+      w: 12
+      x: 0
+      y: 0
+    fieldConfig:
+      defaults:
+        color:
+          mode: palette-classic
+        custom:
+          lineInterpolation: smooth
+          spanNulls: true
+        decimals: 0
+        max: 110
+        min: 0
+        unit: percent
+      overrides:
+      - __systemRef: hideSeriesFrom
+        matcher:
+          id: byNames
+          options:
+            mode: exclude
+            names:
+            - example
+            prefix: 'All except:'
+        properties:
+        - id: custom.hideFrom
+          value:
+            viz: true
+    options:
+      legend:
+        calcs:
+        - first
+        - min
+        - mean
+        - max
+        - last
+        displayMode: table
+        placement: bottom
+        showLegend: true
+      tooltip:
+        mode: multi
+        sort: none
+
+    targets:
+
+    - alias: example
+      refId: example
+      groupBy:
+      - params:
+        - $interval
+        type: time
+      measurement: $command
+      resultFormat: time_series
+      select:
+      - - params:
+          - value
+          type: field
+        - params: []
+          type: mean
+      tags:
+      - key: hostname
+        operator: '='
+        value: $hostname
+      - condition: AND
+        key: service
+        operator: '='
+        value: $service
+      - condition: AND
+        key: metric
+        operator: '='
+        value: example
+
+  - title: Example - Absolute Values
+    type: timeseries
+    gridPos:
+      h: 8
+      w: 12
+      x: 12
+      y: 0
+    fieldConfig:
+      defaults:
+        color:
+          mode: palette-classic
+        custom:
+          lineInterpolation: smooth
+          spanNulls: true
+        decimals: 0
+        min: 0
+        unit: short
+    options:
+      legend:
+        calcs:
+        - first
+        - min
+        - mean
+        - max
+        - last
+        displayMode: table
+        placement: bottom
+        showLegend: true
+      tooltip:
+        mode: multi
+        sort: none
+
+    targets:
+
+    - alias: example
+      refId: example
+      groupBy:
+      - params:
+        - $interval
+        type: time
+      measurement: $command
+      resultFormat: time_series
+      select:
+      - - params:
+          - value
+          type: field
+        - params: []
+          type: mean
+        - params: []
+          type: non_negative_difference # use to convert continues counters to absolute values
+      tags:
+      - key: hostname
+        operator: '='
+        value: $hostname
+      - condition: AND
+        key: service
+        operator: '='
+        value: $service
+      - condition: AND
+        key: metric
+        operator: '='
+        value: example