Nmap checks

[Andrew Cruse]

This might be a better question for the plugins list, but here goes.
I'm trying to figure out if there is any way to use any of the existing
plugins to do the following:

1.  Port scan a host
2.  Compare open ports to a list of "expected" ports passed via the
commandline
3.  Alert if any ports other than the "expected" ports are open.

My goal here is to be able to monitor systems for rogue ports opening
up, as an indication that the system may have been compromised.  It
seems like it would be fairly trivial to do a local check on each system
by parsing the output of netstat, but the reliability of that method is
predicated on the trustworthiness of the netstat binary which is an
assumption I'm not willing to make when I'm looking to sniff out
intrustions.  Therefore it seems best to try to do the detection from
another system.  Looking at the check_nmap plugin it seems like it is
only able to check that certain ports *are* open, whereas I'm looking to
do the opposite.

Any suggestions/pointers are greatly appreciated.

Thanks,

Andrew



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null