Nagios Plugin for IPTABLES Monitoring

Sunil Sankar sunil at sunil.cc
Tue May 14 12:41:52 CEST 2013
Previous message: Nagios Plugin for IPTABLES Monitoring
Next message: Nagios Plugin for IPTABLES Monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
try setting the suid for this script


On Tue, May 14, 2013 at 2:59 PM, Deborah Martin <Deborah.Martin at kognitio.com
> wrote:

>  Ok – if I look at your output, manually,  when the plugin is run as the
> “root” user it produces the correct result. ****
>
> ** **
>
> But, you haven’t said what the nrpe user is that is running on the remote
> node  and whether the same manual run of the check produces the same
> output. ****
>
> For example, I run remote plugins through nrpe as the “nagios” user so if
> I want to manually test a plugin on the remote node, I would first login as
> the nagios user to ensure I’ve got the same environment that would be used
> when running via nrpe. It might be that the variables you have set in the
> script only work as the root user. It’s never a good idea to test as the
> root  user but only as the same user as that used by nagios or nrpe. ****
>
> ** **
>
> Regards,****
>
> Deborah ****
>
> ** **
>
> *From:* Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
> *Sent:* 14 May 2013 09:58
>
> *To:* Nagios Users List
> *Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring****
>
>  ** **
>
> Hi Deborah,  Thanks for the response..  please find the details below.****
>
> ** **
>
> ** **
>
> [root at abc libexec]# pwd****
>
> /usr/local/nagios/libexec****
>
> [root at abc libexec]# ./check_iptables.sh
>
> <-----  Executing manually script****
>
> + IPT=/sbin/iptables****
>
> + GREP=/bin/grep****
>
> + AWK=/bin/awk****
>
> + EXPR=/usr/bin/expr****
>
> + WC=/usr/bin/wc****
>
> + A=/usr/bin/sudo****
>
> + E_SUCCESS=0****
>
> + E_CRITICAL=2****
>
> + E_UNKNOWN=3****
>
> ++ /usr/bin/sudo /sbin/iptables -nvL****
>
> ++ /bin/grep Chain****
>
> ++ /bin/awk '{ print $2 }'****
>
> ++ /bin/grep Cid****
>
> ++ /usr/bin/wc -l****
>
> + CHAINS=5****
>
> + '[' 5 -ne 0 ']'****
>
> + echo 'Firewall is running!'****
>
> Firewall is running!****
>
> + exit 0
> <------  it shows firewall running   ( correct output )****
>
> [root at abc libexec]#****
>
> ** **
>
> ** **
>
> *Client - NRPE config file*
>
> ** **
>
> [root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable***
> *
>
> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh****
>
> [root at abc libexec]#****
>
> ** **
>
> ** **
>
> [root at abc libexec]# ./check_nrpe -H localhost -c check_iptables****
>
> Firewall is not running
> <-----  executing via check_nrpe   (  wrong output )****
>
> [root at abc libexec]#****
>
> ** **
>
> ** **
>
> NRPE Logs****
>
> -------------****
>
> ** **
>
> May 14 18:52:28 abc nrpe[31158]: Added
> command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5%
> -p /db****
>
> May 14 18:52:28 abc nrpe[31158]: Added
> command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c
> 5% -p /app****
>
> May 14 18:52:28 abc nrpe[31158]: Added
> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh****
>
> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network
> traffic will be encrypted.****
>
> May 14 18:52:28 abc nrpe[31158]: Handling the connection...****
>
> May 14 18:52:28 abc nrpe[31158]: Host is asking for command
> 'check_iptables' to be run...****
>
> May 14 18:52:28 abc nrpe[31158]: Running command:
> /usr/local/nagios/libexec/check_iptables.sh****
>
> May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
> output: Firewall is not running****
>
> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not
> running****
>
> ** **
>
> ** **
>
> Kind Regards,****
>
> Thilak****
>
> ** **
>
> ** **
>
> *From:* Deborah Martin [mailto:Deborah.Martin at kognitio.com<Deborah.Martin at kognitio.com>]
>
> *Sent:* Tuesday, 14 May 2013 6:44 PM
> *To:* Nagios Users List
> *Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring****
>
> ** **
>
> Hi, ****
>
> What is the wrong output being returned ? This might give us all a clue as
> to the cause of the problem. ****
>
> When you run the check manually, are you doing this as the same user that
> check_nrpe will use ? ****
>
> ** **
>
> Regards,****
>
> Deborah ****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au<Thilakraj.Shanmugam at canberra.edu.au>]
>
> *Sent:* 14 May 2013 08:43
> *To:* nagios-users at lists.sourceforge.net
> *Subject:* [Nagios-users] Nagios Plugin for IPTABLES Monitoring****
>
> ** **
>
> Greetings!****
>
> ** **
>
> Could someone send me nagios plugin which is tested and works well for
> monitoring IPTABLES in Linux.****
>
> ** **
>
> I have tested below script but it is not returning correct output to
> nagios server.****
>
> ** **
>
> If I execute script manually, it shows correct output…****
>
> ** **
>
> But if I execute via  ./check_nrpe – H localhost –c check_iptables,  it
> shows wrong output.****
>
> ** **
>
> ** **
>
> ** **
>
> Below is my plugin****
>
> ------------------------------****
>
> ** **
>
> #!/bin/bash****
>
> set -x****
>
> ** **
>
> IPT='/sbin/iptables'****
>
> GREP='/bin/grep'****
>
> AWK='/bin/awk'****
>
> EXPR='/usr/bin/expr'****
>
> WC='/usr/bin/wc'****
>
> A='/usr/bin/sudo'****
>
> ** **
>
> E_SUCCESS="0"****
>
> E_CRITICAL="2"****
>
> E_UNKNOWN="3"****
>
> ** **
>
> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid |
> $WC -l`****
>
> ** **
>
>                 if [ $CHAINS -ne 0 ] ; then****
>
>                         echo "Firewall is running!"****
>
>                         exit ${E_SUCCESS}****
>
> ** **
>
>                 elif [ $CHAINS -eq 0 ] ; then****
>
>                         echo "Firewall is not running"****
>
>                         exit ${E_CRITICAL}****
>
>                 fi****
>
> ** **
>
>
> ****
>
> This e-mail and any files transmitted with it are strictly confidential
> and intended solely for the use of the individual or entity to whom they
> are addressed. If you are not the intended recipient, please delete this
> e-mail immediately. Any unauthorised distribution or copying is strictly
> prohibited.
>
> Whilst Kognitio endeavours to prevent the transmission of viruses via
> e-mail, we cannot guarantee that any e-mail or attachment is free from
> computer viruses and you are strongly advised to undertake your own
> anti-virus precautions. Kognitio grants no warranties regarding
> performance, use or quality of any e-mail or attachment and undertakes no
> liability for loss or damage, howsoever caused.****
>
> **
>
> This e-mail and any files transmitted with it are strictly confidential
> and intended solely for the use of the individual or entity to whom they
> are addressed. If you are not the intended recipient, please delete this
> e-mail immediately. Any unauthorised distribution or copying is strictly
> prohibited.
>
> Whilst Kognitio endeavours to prevent the transmission of viruses via
> e-mail, we cannot guarantee that any e-mail or attachment is free from
> computer viruses and you are strongly advised to undertake your own
> anti-virus precautions. Kognitio grants no warranties regarding
> performance, use or quality of any e-mail or attachment and undertakes no
> liability for loss or damage, howsoever caused.
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>



-- 
Regards
Sunil Sankar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130514/73d7a898/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Nagios Plugin for IPTABLES Monitoring
Next message: Nagios Plugin for IPTABLES Monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list