From 58751fa4df5e090b4499a9328ad1dc18912db582 Mon Sep 17 00:00:00 2001
From: Daniel Nelson <daniel.nelson@influxdb.com>
Date: Fri, 25 Aug 2017 11:42:07 -0700
Subject: [PATCH] Update fail2ban documentation

---
 plugins/inputs/fail2ban/README.md   | 22 +++++++++-------------
 plugins/inputs/fail2ban/fail2ban.go |  8 +++-----
 2 files changed, 12 insertions(+), 18 deletions(-)

diff --git a/plugins/inputs/fail2ban/README.md b/plugins/inputs/fail2ban/README.md
index e785a0dd..b0f6666b 100644
--- a/plugins/inputs/fail2ban/README.md
+++ b/plugins/inputs/fail2ban/README.md
@@ -1,19 +1,19 @@
-# Fail2ban Plugin
+# Fail2ban Input Plugin
 
-The fail2ban plugin gathers counts of failed and banned ip addresses from fail2ban.
+The fail2ban plugin gathers the count of failed and banned ip addresses using [fail2ban](https://www.fail2ban.org).
 
-This plugin run fail2ban-client command, and fail2ban-client require root access.
-You have to grant telegraf to run fail2ban-client:
+This plugin runs the `fail2ban-client` command which generally requires root access.
+Acquiring the required permissions can be done using several methods:
 
-- Run telegraf as root. (deprecate)
-- Configure sudo to grant telegraf to fail2ban-client.
+- Use sudo run fail2ban-client.
+- Run telegraf as root. (not recommended)
 
 ### Using sudo
 
 You may edit your sudo configuration with the following:
 
 ``` sudo
-telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status *
+telegraf ALL=(root) NOEXEC: NOPASSWD: /usr/bin/fail2ban-client status, /usr/bin/fail2ban-client status *
 ```
 
 ### Configuration:
@@ -21,10 +21,7 @@ telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status *
 ``` toml
 # Read metrics from fail2ban.
 [[inputs.fail2ban]]
-  ## fail2ban-client require root access.
-  ## Setting 'use_sudo' to true will make use of sudo to run fail2ban-client.
-  ## Users must configure sudo to allow telegraf user to run fail2ban-client with no password.
-  ## This plugin run only "fail2ban-client status".
+  ## Use sudo to run fail2ban-client
   use_sudo = false
 ```
 
@@ -38,7 +35,7 @@ telegraf ALL=(root) NOPASSWD: /usr/bin/fail2ban-client status *
 
 - All measurements have the following tags:
   - jail
-  
+
 ### Example Output:
 
 ```
@@ -55,6 +52,5 @@ Status for the jail: sshd
 ```
 
 ```
-$ ./telegraf --config telegraf.conf --input-filter fail2ban --test
 fail2ban,jail=sshd failed=5i,banned=2i 1495868667000000000
 ```
diff --git a/plugins/inputs/fail2ban/fail2ban.go b/plugins/inputs/fail2ban/fail2ban.go
index 54655357..37afb87b 100644
--- a/plugins/inputs/fail2ban/fail2ban.go
+++ b/plugins/inputs/fail2ban/fail2ban.go
@@ -6,9 +6,10 @@ import (
 	"os/exec"
 	"strings"
 
+	"strconv"
+
 	"github.com/influxdata/telegraf"
 	"github.com/influxdata/telegraf/plugins/inputs"
-	"strconv"
 )
 
 var (
@@ -21,10 +22,7 @@ type Fail2ban struct {
 }
 
 var sampleConfig = `
-  ## fail2ban-client require root access.
-  ## Setting 'use_sudo' to true will make use of sudo to run fail2ban-client.
-  ## Users must configure sudo to allow telegraf user to run fail2ban-client with no password.
-  ## This plugin run only "fail2ban-client status".
+  ## Use sudo to run fail2ban-client
   use_sudo = false
 `
 
-- 
GitLab