Nagios Plugin for IPTABLES Monitoring

Thilakraj.Shanmugam Thilakraj.Shanmugam at canberra.edu.au
Fri Jul 26 01:25:39 CEST 2013
Previous message: Nagios Plugin for IPTABLES Monitoring
Next message: LDAP authentication for Nagios
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello All,

Just to add on, I have done some readings and tested other option is


1.       open /etc/sudoers file and entry a line as like below



Defaults:nagios !requiretty

Note:  It means only nagios user not require a tty, but rest of others have.  I recommend, this is better option

From: Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
Sent: Thursday, 25 July 2013 5:37 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hello All,

I have found the helpful fix after much of struggle, it might be useful someone want to configure and monitor Iptables status.

After write your own plugin, then keep it in /usr/local/nagios/libexec dir.


1.       open /etc/sudoers file and comment line as like below

#Defaults    requiretty


2.       End of /etc/sudoers file mention the line as below



nagios servername= NOPASSWD: /sbin/iptables, /usr/local/nagios/libexec/check_nrpe

                Note: Do remember to mention your own server name

Now you can test your plugin via check_NRPE and it will give you expected results.
Good Luck!

Kind Regards,
Thilakraj Shanmugam

From: Thilakraj.Shanmugam
Sent: Wednesday, 29 May 2013 3:39 PM
To: Nagios Users List
Subject: RE: Nagios Plugin for IPTABLES Monitoring

Hi Deborah et al,

I have tested with nagios user as well.. still no luck with that.  Could you some one update if you have any solution on this case.

Kind Regards,
Thilak

From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Ok - if I look at your output, manually,  when the plugin is run as the "root" user it produces the correct result.

But, you haven't said what the nrpe user is that is running on the remote node  and whether the same manual run of the check produces the same output.
For example, I run remote plugins through nrpe as the "nagios" user so if I want to manually test a plugin on the remote node, I would first login as the nagios user to ensure I've got the same environment that would be used when running via nrpe. It might be that the variables you have set in the script only work as the root user. It's never a good idea to test as the root  user but only as the same user as that used by nagios or nrpe.

Regards,
Deborah

From: Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hi Deborah,  Thanks for the response..  please find the details below.


[root at abc libexec]# pwd
/usr/local/nagios/libexec
[root at abc libexec]# ./check_iptables.sh                                                                       <-----  Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0                                                                                                                   <------  it shows firewall running   ( correct output )
[root at abc libexec]#


Client - NRPE config file

[root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root at abc libexec]#


[root at abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running                                                                                                        <-----  executing via check_nrpe   (  wrong output )
[root at abc libexec]#


NRPE Logs
-------------

May 14 18:52:28 abc nrpe[31158]: Added command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p /db
May 14 18:52:28 abc nrpe[31158]: Added command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p /app
May 14 18:52:28 abc nrpe[31158]: Added command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to be run...
May 14 18:52:28 abc nrpe[31158]: Running command: /usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running


Kind Regards,
Thilak


From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hi,
What is the wrong output being returned ? This might give us all a clue as to the cause of the problem.
When you run the check manually, are you doing this as the same user that check_nrpe will use ?

Regards,
Deborah



From: Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
Sent: 14 May 2013 08:43
To: nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourceforge.net>
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Greetings!

Could someone send me nagios plugin which is tested and works well for monitoring IPTABLES in Linux.

I have tested below script but it is not returning correct output to nagios server.

If I execute script manually, it shows correct output...

But if I execute via  ./check_nrpe - H localhost -c check_iptables,  it shows wrong output.



Below is my plugin
------------------------------

#!/bin/bash
set -x

IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'

E_SUCCESS="0"
E_CRITICAL="2"
E_UNKNOWN="3"

CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`

                if [ $CHAINS -ne 0 ] ; then
                        echo "Firewall is running!"
                        exit ${E_SUCCESS}

                elif [ $CHAINS -eq 0 ] ; then
                        echo "Firewall is not running"
                        exit ${E_CRITICAL}
                fi



This e-mail and any files transmitted with it are strictly confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please delete this e-mail immediately. Any unauthorised distribution or copying is strictly prohibited.

Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail, we cannot guarantee that any e-mail or attachment is free from computer viruses and you are strongly advised to undertake your own anti-virus precautions. Kognitio grants no warranties regarding performance, use or quality of any e-mail or attachment and undertakes no liability for loss or damage, howsoever caused.


This e-mail and any files transmitted with it are strictly confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please delete this e-mail immediately. Any unauthorised distribution or copying is strictly prohibited.

Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail, we cannot guarantee that any e-mail or attachment is free from computer viruses and you are strongly advised to undertake your own anti-virus precautions. Kognitio grants no warranties regarding performance, use or quality of any e-mail or attachment and undertakes no liability for loss or damage, howsoever caused.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130725/8c076fc2/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Nagios Plugin for IPTABLES Monitoring
Next message: LDAP authentication for Nagios
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list