Nagios Plugin for IPTABLES Monitoring
Joerg Linge
pitchfork at ederdrom.de
Tue May 14 11:23:50 CEST 2013
Never test as root!
Joerg
Am 14.05.2013 um 10:58 schrieb Thilakraj.Shanmugam <Thilakraj.Shanmugam at canberra.edu.au>:
> Hi Deborah, Thanks for the response.. please find the details below.
>
>
> [root at abc libexec]# pwd
> /usr/local/nagios/libexec
> [root at abc libexec]# ./check_iptables.sh <----- Executing manually script
> + IPT=/sbin/iptables
> + GREP=/bin/grep
> + AWK=/bin/awk
> + EXPR=/usr/bin/expr
> + WC=/usr/bin/wc
> + A=/usr/bin/sudo
> + E_SUCCESS=0
> + E_CRITICAL=2
> + E_UNKNOWN=3
> ++ /usr/bin/sudo /sbin/iptables -nvL
> ++ /bin/grep Chain
> ++ /bin/awk '{ print $2 }'
> ++ /bin/grep Cid
> ++ /usr/bin/wc -l
> + CHAINS=5
> + '[' 5 -ne 0 ']'
> + echo 'Firewall is running!'
> Firewall is running!
> + exit 0 <------ it shows firewall running ( correct output )
> [root at abc libexec]#
>
>
> Client - NRPE config file
>
> [root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
> [root at abc libexec]#
>
>
> [root at abc libexec]# ./check_nrpe -H localhost -c check_iptables
> Firewall is not running <----- executing via check_nrpe ( wrong output )
> [root at abc libexec]#
>
>
> NRPE Logs
> -------------
>
> May 14 18:52:28 abc nrpe[31158]: Added command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p /db
> May 14 18:52:28 abc nrpe[31158]: Added command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p /app
> May 14 18:52:28 abc nrpe[31158]: Added command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
> May 14 18:52:28 abc nrpe[31158]: Handling the connection...
> May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to be run...
> May 14 18:52:28 abc nrpe[31158]: Running command: /usr/local/nagios/libexec/check_iptables.sh
> May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and output: Firewall is not running
> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running
>
>
> Kind Regards,
> Thilak
>
>
> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
> Sent: Tuesday, 14 May 2013 6:44 PM
> To: Nagios Users List
> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
> Hi,
> What is the wrong output being returned ? This might give us all a clue as to the cause of the problem.
> When you run the check manually, are you doing this as the same user that check_nrpe will use ?
>
> Regards,
> Deborah
>
>
>
> From: Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
> Sent: 14 May 2013 08:43
> To: nagios-users at lists.sourceforge.net
> Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
> Greetings!
>
> Could someone send me nagios plugin which is tested and works well for monitoring IPTABLES in Linux.
>
> I have tested below script but it is not returning correct output to nagios server.
>
> If I execute script manually, it shows correct output…
>
> But if I execute via ./check_nrpe – H localhost –c check_iptables, it shows wrong output.
>
>
>
> Below is my plugin
> ------------------------------
>
> #!/bin/bash
> set -x
>
> IPT='/sbin/iptables'
> GREP='/bin/grep'
> AWK='/bin/awk'
> EXPR='/usr/bin/expr'
> WC='/usr/bin/wc'
> A='/usr/bin/sudo'
>
> E_SUCCESS="0"
> E_CRITICAL="2"
> E_UNKNOWN="3"
>
> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`
>
> if [ $CHAINS -ne 0 ] ; then
> echo "Firewall is running!"
> exit ${E_SUCCESS}
>
> elif [ $CHAINS -eq 0 ] ; then
> echo "Firewall is not running"
> exit ${E_CRITICAL}
> fi
>
>
> This e-mail and any files transmitted with it are strictly confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please delete this e-mail immediately. Any unauthorised distribution or copying is strictly prohibited.
>
> Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail, we cannot guarantee that any e-mail or attachment is free from computer viruses and you are strongly advised to undertake your own anti-virus precautions. Kognitio grants no warranties regarding performance, use or quality of any e-mail or attachment and undertakes no liability for loss or damage, howsoever caused.
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d_______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list