#!/usr/bin/env python3
# -*- coding: utf-8; py-indent-offset: 4 -*-
#
# Author:  Linuxfabrik GmbH, Zurich, Switzerland
# Contact: info (at) linuxfabrik (dot) ch
#          https://www.linuxfabrik.ch/
# License: The Unlicense, see LICENSE file.

# https://github.com/Linuxfabrik/monitoring-plugins/blob/main/CONTRIBUTING.md

"""See the check's README for more details.
"""

import argparse  # pylint: disable=C0413
import sys  # pylint: disable=C0413

import lib.args  # pylint: disable=C0413
import lib.base  # pylint: disable=C0413
import lib.shell  # pylint: disable=C0413
import lib.lftest  # pylint: disable=C0413
import lib.txt  # pylint: disable=C0413
from lib.globals import (STATE_CRIT, STATE_OK,  # pylint: disable=C0413
                          STATE_UNKNOWN, STATE_WARN)

__author__ = 'Linuxfabrik GmbH, Zurich/Switzerland'
__version__ = '2025032401'

DESCRIPTION = 'In fail2ban, checks the amount of banned IP addresses per jail.'

DEFAULT_CRIT = 10000
DEFAULT_WARN = 2500


def parse_args():
    """Parse command line arguments using argparse.
    """
    parser = argparse.ArgumentParser(description=DESCRIPTION)

    parser.add_argument(
        '-V', '--version',
        action='version',
        version='%(prog)s: v{} by {}'.format(__version__, __author__)
    )

    parser.add_argument(
        '--always-ok',
        help='Always returns OK.',
        dest='ALWAYS_OK',
        action='store_true',
        default=False,
    )

    parser.add_argument(
        '-c', '--critical',
        help='Set the critical threshold for banned IPs per jail. Default: %(default)s',
        dest='CRIT',
        type=int,
        default=DEFAULT_CRIT,
    )

    parser.add_argument(
        '--test',
        help='For unit tests. Needs "path-to-stdout-file,path-to-stderr-file,expected-retc".',
        dest='TEST',
        type=lib.args.csv,
    )

    parser.add_argument(
        '-w', '--warning',
        help='Set the warning threshold for banned IPs per jail. Default: %(default)s',
        dest='WARN',
        type=int,
        default=DEFAULT_WARN,
    )

    return parser.parse_args()


def main():
    """The main function. Hier spielt die Musik.
    """

    # parse the command line, exit with UNKNOWN if it fails
    try:
        args = parse_args()
    except SystemExit:
        sys.exit(STATE_UNKNOWN)

    # fetch data
    # fail2ban-client ping
    if args.TEST is None:
        stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec('fail2ban-client ping'))
    else:
        # do not call the command, put in test data
        stdout, stderr, retc = lib.lftest.test([args.TEST[0] + '-ping', args.TEST[1], args.TEST[2]])
    if retc != 0:
        lib.base.cu('Problem while testing if the fail2ban server is alive.')

    # fail2ban-client status
    if args.TEST is None:
        stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec('fail2ban-client status'))
    else:
        # do not call the command, put in test data
        stdout, stderr, retc = lib.lftest.test([args.TEST[0] + '-status', args.TEST[1], args.TEST[2]])
    if retc != 0:
        lib.base.cu('Problem while testing the status of the fail2ban server.')

    # extract the jail list
    jail_list = lib.txt.extract_str(stdout, 'Jail list:', '\n').strip()
    if not jail_list:
        lib.base.cu('No jails found.')
    jail_list = jail_list.split(', ')

    # init some vars
    msg = ''
    perfdata = ''
    state = STATE_OK
    count = 0

    # analyze data
    #     for each jail_name:
    #         get status of jail_name
    for jail in jail_list:
        if args.TEST is None:
            stdout, stderr, retc = lib.base.coe(
                lib.shell.shell_exec('fail2ban-client status {}'.format(jail))
            )
        else:
            # do not call the command, put in test data
            stdout, stderr, retc = lib.lftest.test(
                [args.TEST[0] + '-status-{}'.format(jail),
                args.TEST[1],
                args.TEST[2]],
            )
        if retc != 0:
            lib.base.oao(
                'Problem while testing the status of the jail "{}" on the fail2ban server.'.format(
                    jail
                ),
                STATE_UNKNOWN,
            )

        f2b_currently_banned = lib.txt.extract_str(stdout, 'Currently banned:\t', '\n')
        # important to convert the result to an integer for the comparison later on
        if f2b_currently_banned:
            f2b_currently_banned = int(f2b_currently_banned)
            count += f2b_currently_banned
        else:
            f2b_currently_banned = 0
        jail_state = lib.base.get_state(f2b_currently_banned, args.WARN, args.CRIT)
        state = lib.base.get_worst(state, jail_state)

        msg += '* {} in jail "{}"{}\n'.format(
            f2b_currently_banned,
            jail,
            lib.base.state2str(state, prefix=' '),
        )
        perfdata += lib.base.get_perfdata(jail, f2b_currently_banned, None, args.WARN, args.CRIT, 0, None) # pylint: disable=C0301

    # over and out
    msg = '{} {} banned\n{}'.format(
        count,
        lib.txt.pluralize('IP', count),
        msg,
    )
    lib.base.oao(msg, state, perfdata, always_ok=args.ALWAYS_OK)


if __name__ == '__main__':
    try:
        main()
    except Exception:   # pylint: disable=W0703
        lib.base.cu()
