Nmap checks

[Daniel maher]

Write a script in your language of choice with the following properties:

An array of "OK" ports
A system call that runs Nmap
A way to inhale the Nmap output and parse the second output column (ports)
A comparison between the inhaled ports and the "OK" array
If the two don't match up, return a warning or critical value, as you like

Then have Nagios run it as a plugin.. done and done. :)


Daniel Maher
System Engineer
ACE TECHNOLOGY INC.
 
 

-----Original Message-----
From: Andrew Cruse [mailto:andrew at profitability.net] 
Sent: April 1, 2005 2:52 PM
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] Nmap checks

This might be a better question for the plugins list, but here goes.
I'm trying to figure out if there is any way to use any of the existing
plugins to do the following:

1.  Port scan a host
2.  Compare open ports to a list of "expected" ports passed via the
commandline
3.  Alert if any ports other than the "expected" ports are open.

My goal here is to be able to monitor systems for rogue ports opening
up, as an indication that the system may have been compromised.  It
seems like it would be fairly trivial to do a local check on each system
by parsing the output of netstat, but the reliability of that method is
predicated on the trustworthiness of the netstat binary which is an
assumption I'm not willing to make when I'm looking to sniff out
intrustions.  Therefore it seems best to try to do the detection from
another system.  Looking at the check_nmap plugin it seems like it is
only able to check that certain ports *are* open, whereas I'm looking to
do the opposite.

Any suggestions/pointers are greatly appreciated.

Thanks,

Andrew



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.0 - Release Date: 31/03/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.0 - Release Date: 31/03/2005
 


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null