nmap

[Hari Sekhon]

Robin-David Hammond%KB3IEN wrote:
> Has anyone used nagios to track changes in the open ports on remote hosts?
>
> I'm thinking that if the output of nmap changes one hour to the next that 
> something ought to be investigated.
>
> Sure it might be nothing, but might be a "OOh a root-kit! How Nice!" 
> moment.
>
>
> Robin-David Hammond     KB3IEN
> +1 347 350 34 00
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
>
>   

I have been thinking about this too. You could write a quick shell 
script to do this I guess, just take hourly reading and then diff them 
and warn if the port status has changed. Problem with this is that you 
can't really get the output cos nagios plugins are constrained to one 
line. Is there a good way to still get the output other than squashing 
it into one line? Would "stuff\nmorestuff" get around this if it's not 
immediately evaluated, but evaluated on the notify command? Or perhaps 
you could just output the whole thing normally and the web interface 
will take only the first line but the mail will show all lines?

Let me know what you come up with on this as I would also be very 
interested in doing this. Perhaps if we have an ongoing rolling 
discussion we could make this pretty good. I invite everyone to throw in 
their opinions and ideas on this....


Hari

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null