Nagios Plugin for IPTABLES Monitoring

Werner Flamme werner.flamme at ufz.de
Tue May 14 13:12:23 CEST 2013
Previous message: Nagios Plugin for IPTABLES Monitoring
Next message: Nagios Plugin for IPTABLES Monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sunil Sankar [14.05.2013 12:41]:
> try setting the suid for this script

Set a script suid? Which operating system supports that?

> 
> 
> On Tue, May 14, 2013 at 2:59 PM, Deborah Martin <Deborah.Martin at kognitio.com
>> wrote:
> 
>>  Ok – if I look at your output, manually,  when the plugin is run as the
>> “root” user it produces the correct result. ****
>>
>> ** **
>>
>> But, you haven’t said what the nrpe user is that is running on the remote
>> node  and whether the same manual run of the check produces the same
>> output. ****
>>
>> For example, I run remote plugins through nrpe as the “nagios” user so if
>> I want to manually test a plugin on the remote node, I would first login as
>> the nagios user to ensure I’ve got the same environment that would be used
>> when running via nrpe. It might be that the variables you have set in the
>> script only work as the root user. It’s never a good idea to test as the
>> root  user but only as the same user as that used by nagios or nrpe. ****
>>
>> ** **
>>
>> Regards,****
>>
>> Deborah ****
>>
>> ** **
>>
>> *From:* Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
>> *Sent:* 14 May 2013 09:58
>>
>> *To:* Nagios Users List
>> *Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring****
>>
>>  ** **
>>
>> Hi Deborah,  Thanks for the response..  please find the details below.****
>>
>> ** **
>>
>> ** **
>>
>> [root at abc libexec]# pwd****
>>
>> /usr/local/nagios/libexec****
>>
>> [root at abc libexec]# ./check_iptables.sh
>>
>> <-----  Executing manually script****
>>
>> + IPT=/sbin/iptables****
>>
>> + GREP=/bin/grep****
>>
>> + AWK=/bin/awk****
>>
>> + EXPR=/usr/bin/expr****
>>
>> + WC=/usr/bin/wc****
>>
>> + A=/usr/bin/sudo****
>>
>> + E_SUCCESS=0****
>>
>> + E_CRITICAL=2****
>>
>> + E_UNKNOWN=3****
>>
>> ++ /usr/bin/sudo /sbin/iptables -nvL****
>>
>> ++ /bin/grep Chain****
>>
>> ++ /bin/awk '{ print $2 }'****
>>
>> ++ /bin/grep Cid****
>>
>> ++ /usr/bin/wc -l****
>>
>> + CHAINS=5****
>>
>> + '[' 5 -ne 0 ']'****
>>
>> + echo 'Firewall is running!'****
>>
>> Firewall is running!****
>>
>> + exit 0
>> <------  it shows firewall running   ( correct output )****
>>
>> [root at abc libexec]#****
>>
>> ** **
>>
>> ** **
>>
>> *Client - NRPE config file*
>>
>> ** **
>>
>> [root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable***
>> *
>>
>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh****
>>
>> [root at abc libexec]#****
>>
>> ** **
>>
>> ** **
>>
>> [root at abc libexec]# ./check_nrpe -H localhost -c check_iptables****
>>
>> Firewall is not running
>> <-----  executing via check_nrpe   (  wrong output )****
>>
>> [root at abc libexec]#****
>>
>> ** **
>>
>> ** **
>>
>> NRPE Logs****
>>
>> -------------****
>>
>> ** **
>>
>> May 14 18:52:28 abc nrpe[31158]: Added
>> command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5%
>> -p /db****
>>
>> May 14 18:52:28 abc nrpe[31158]: Added
>> command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c
>> 5% -p /app****
>>
>> May 14 18:52:28 abc nrpe[31158]: Added
>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh****
>>
>> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network
>> traffic will be encrypted.****
>>
>> May 14 18:52:28 abc nrpe[31158]: Handling the connection...****
>>
>> May 14 18:52:28 abc nrpe[31158]: Host is asking for command
>> 'check_iptables' to be run...****
>>
>> May 14 18:52:28 abc nrpe[31158]: Running command:
>> /usr/local/nagios/libexec/check_iptables.sh****
>>
>> May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
>> output: Firewall is not running****
>>
>> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not
>> running****
>>
>> ** **
>>
>> ** **
>>
>> Kind Regards,****
>>
>> Thilak****
>>
>> ** **
>>
>> ** **
>>
>> *From:* Deborah Martin [mailto:Deborah.Martin at kognitio.com<Deborah.Martin at kognitio.com>]
>>
>> *Sent:* Tuesday, 14 May 2013 6:44 PM
>> *To:* Nagios Users List
>> *Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring****
>>
>> ** **
>>
>> Hi, ****
>>
>> What is the wrong output being returned ? This might give us all a clue as
>> to the cause of the problem. ****
>>
>> When you run the check manually, are you doing this as the same user that
>> check_nrpe will use ? ****
>>
>> ** **
>>
>> Regards,****
>>
>> Deborah ****
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> *From:* Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au<Thilakraj.Shanmugam at canberra.edu.au>]
>>
>> *Sent:* 14 May 2013 08:43
>> *To:* nagios-users at lists.sourceforge.net
>> *Subject:* [Nagios-users] Nagios Plugin for IPTABLES Monitoring****
>>
>> ** **
>>
>> Greetings!****
>>
>> ** **
>>
>> Could someone send me nagios plugin which is tested and works well for
>> monitoring IPTABLES in Linux.****
>>
>> ** **
>>
>> I have tested below script but it is not returning correct output to
>> nagios server.****
>>
>> ** **
>>
>> If I execute script manually, it shows correct output…****
>>
>> ** **
>>
>> But if I execute via  ./check_nrpe – H localhost –c check_iptables,  it
>> shows wrong output.****
>>
>> ** **
>>
>> ** **
>>
>> ** **
>>
>> Below is my plugin****
>>
>> ------------------------------****
>>
>> ** **
>>
>> #!/bin/bash****
>>
>> set -x****
>>
>> ** **
>>
>> IPT='/sbin/iptables'****
>>
>> GREP='/bin/grep'****
>>
>> AWK='/bin/awk'****
>>
>> EXPR='/usr/bin/expr'****
>>
>> WC='/usr/bin/wc'****
>>
>> A='/usr/bin/sudo'****
>>
>> ** **
>>
>> E_SUCCESS="0"****
>>
>> E_CRITICAL="2"****
>>
>> E_UNKNOWN="3"****
>>
>> ** **
>>
>> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid |
>> $WC -l`****
>>
>> ** **
>>
>>                 if [ $CHAINS -ne 0 ] ; then****
>>
>>                         echo "Firewall is running!"****
>>
>>                         exit ${E_SUCCESS}****
>>
>> ** **
>>
>>                 elif [ $CHAINS -eq 0 ] ; then****
>>
>>                         echo "Firewall is not running"****
>>
>>                         exit ${E_CRITICAL}****
>>
>>                 fi****
>>
>> ** **
>>
>>

-- 


------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Nagios Plugin for IPTABLES Monitoring
Next message: Nagios Plugin for IPTABLES Monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list