Nagios Plugin for IPTABLES Monitoring
Thilakraj.Shanmugam
Thilakraj.Shanmugam at canberra.edu.au
Thu May 30 01:38:05 CEST 2013
Please find the details
Sudoers Definition:-
nagios zurich= NOPASSWD: /sbin/iptables, /usr/local/nagios/libexec/check_iptables.sh, /usr/local/nagios/libexec/check_nrpe
/var/log/secure:
su: pam_unix(su:session): session opened for user nagios by root(uid=0)
su: pam_unix(su:session): session closed for user nagios
-----Original Message-----
From: C. Bensend [mailto:benny at bennyvision.com]
Sent: Wednesday, 29 May 2013 7:59 PM
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to run any commands via sudo?
And what does /var/log/secure (or equivalent) think about the nagios user trying to run sudo?
> I have tested with nagios user as well.. still no luck with that.
> Could you some one update if you have any solution on this case.
>
> Kind Regards,
> Thilak
>
> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
> Sent: Tuesday, 14 May 2013 7:30 PM
> To: Nagios Users List
> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
> Ok - if I look at your output, manually, when the plugin is run as
> the "root" user it produces the correct result.
>
> But, you haven't said what the nrpe user is that is running on the
> remote node and whether the same manual run of the check produces the
> same output.
> For example, I run remote plugins through nrpe as the "nagios" user so
> if I want to manually test a plugin on the remote node, I would first
> login as the nagios user to ensure I've got the same environment that
> would be used when running via nrpe. It might be that the variables
> you have set in the script only work as the root user. It's never a
> good idea to test as the root user but only as the same user as that used by nagios or nrpe.
>
> Regards,
> Deborah
>
> From: Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
> Sent: 14 May 2013 09:58
> To: Nagios Users List
> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
> Hi Deborah, Thanks for the response.. please find the details below.
>
>
> [root at abc libexec]# pwd
> /usr/local/nagios/libexec
> [root at abc libexec]# ./check_iptables.sh
> <----- Executing manually script
> + IPT=/sbin/iptables
> + GREP=/bin/grep
> + AWK=/bin/awk
> + EXPR=/usr/bin/expr
> + WC=/usr/bin/wc
> + A=/usr/bin/sudo
> + E_SUCCESS=0
> + E_CRITICAL=2
> + E_UNKNOWN=3
> ++ /usr/bin/sudo /sbin/iptables -nvL
> ++ /bin/grep Chain
> ++ /bin/awk '{ print $2 }'
> ++ /bin/grep Cid
> ++ /usr/bin/wc -l
> + CHAINS=5
> + '[' 5 -ne 0 ']'
> + echo 'Firewall is running!'
> Firewall is running!
> + exit 0
> <------ it shows firewall
> running ( correct output )
> [root at abc libexec]#
>
>
> Client - NRPE config file
>
> [root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
> iptable
> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
> [root at abc libexec]#
>
>
> [root at abc libexec]# ./check_nrpe -H localhost -c check_iptables
> Firewall is not running
> <----- executing via
> check_nrpe ( wrong output )
> [root at abc libexec]#
>
>
> NRPE Logs
> -------------
>
> May 14 18:52:28 abc nrpe[31158]: Added
> command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15%
> -c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added
> command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15%
> -c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added
> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All
> network traffic will be encrypted.
> May 14 18:52:28 abc nrpe[31158]: Handling the connection...
> May 14 18:52:28 abc nrpe[31158]: Host is asking for command
> 'check_iptables' to be run...
> May 14 18:52:28 abc nrpe[31158]: Running command:
> /usr/local/nagios/libexec/check_iptables.sh
> May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2
> and
> output: Firewall is not running
> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is
> not running
>
>
> Kind Regards,
> Thilak
>
>
> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
> Sent: Tuesday, 14 May 2013 6:44 PM
> To: Nagios Users List
> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
> Hi,
> What is the wrong output being returned ? This might give us all a
> clue as to the cause of the problem.
> When you run the check manually, are you doing this as the same user
> that check_nrpe will use ?
>
> Regards,
> Deborah
>
>
>
> From: Thilakraj.Shanmugam [mailto:Thilakraj.Shanmugam at canberra.edu.au]
> Sent: 14 May 2013 08:43
> To:
> nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcefor<mailto:nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcefor>
> ge.net>
> Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
> Greetings!
>
> Could someone send me nagios plugin which is tested and works well for
> monitoring IPTABLES in Linux.
>
> I have tested below script but it is not returning correct output to
> nagios server.
>
> If I execute script manually, it shows correct output...
>
> But if I execute via ./check_nrpe - H localhost -c check_iptables,
> it shows wrong output.
>
>
>
> Below is my plugin
> ------------------------------
>
> #!/bin/bash
> set -x
>
> IPT='/sbin/iptables'
> GREP='/bin/grep'
> AWK='/bin/awk'
> EXPR='/usr/bin/expr'
> WC='/usr/bin/wc'
> A='/usr/bin/sudo'
>
> E_SUCCESS="0"
> E_CRITICAL="2"
> E_UNKNOWN="3"
>
> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid
> | $WC -l`
>
> if [ $CHAINS -ne 0 ] ; then
> echo "Firewall is running!"
> exit ${E_SUCCESS}
>
> elif [ $CHAINS -eq 0 ] ; then
> echo "Firewall is not running"
> exit ${E_CRITICAL}
> fi
>
>
>
> This e-mail and any files transmitted with it are strictly
> confidential and intended solely for the use of the individual or
> entity to whom they are addressed. If you are not the intended
> recipient, please delete this e-mail immediately. Any unauthorised
> distribution or copying is strictly prohibited.
>
> Whilst Kognitio endeavours to prevent the transmission of viruses via
> e-mail, we cannot guarantee that any e-mail or attachment is free from
> computer viruses and you are strongly advised to undertake your own
> anti-virus precautions. Kognitio grants no warranties regarding
> performance, use or quality of any e-mail or attachment and undertakes
> no liability for loss or damage, howsoever caused.
>
>
> This e-mail and any files transmitted with it are strictly
> confidential and intended solely for the use of the individual or
> entity to whom they are addressed. If you are not the intended
> recipient, please delete this e-mail immediately. Any unauthorised
> distribution or copying is strictly prohibited.
>
> Whilst Kognitio endeavours to prevent the transmission of viruses via
> e-mail, we cannot guarantee that any e-mail or attachment is free from
> computer viruses and you are strongly advised to undertake your own
> anti-virus precautions. Kognitio grants no warranties regarding
> performance, use or quality of any e-mail or attachment and undertakes
> no liability for loss or damage, howsoever caused.
> ----------------------------------------------------------------------
> -------- Introducing AppDynamics Lite, a free troubleshooting tool for
> Java/.NET Get 100% visibility into your production application - at no
> cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1____________________________________
> ___________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
--
"The very existence of flamethrowers proves that sometime, somewhere, someone said to themselves, 'You know, I want to set those people over there on fire, but I'm just not close enough to get the job
done.'" -- George Carlin
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130529/d4a57aad/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list