Nagios Plugin for IPTABLES Monitoring
Thilakraj.Shanmugam
Thilakraj.Shanmugam at canberra.edu.au
Fri May 31 03:45:16 CEST 2013
Ran as nagios user and please find the details below. ( iptables Stopped)
[nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo $?
0
[nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL
Chain INPUT (policy ACCEPT 9089 packets, 3303K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)
pkts bytes target prot opt in out source destination
[nagios at server ~]$
-----Original Message-----
From: C. Bensend [mailto:benny at bennyvision.com]
Sent: Thursday, 30 May 2013 8:44 PM
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
I'm assuming that this check is running *on* the host 'zurich'?
/var/log/secure should be listing an entry, if sudo is being run.
Manually, *as the nagios user*, what happens when you do the following?
/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?
How about just (again, as the nagios user):
/usr/bin/sudo /sbin/iptables -nvL
> Please find the details
>
> Sudoers Definition:-
>
> nagios zurich= NOPASSWD: /sbin/iptables,
> /usr/local/nagios/libexec/check_iptables.sh,
> /usr/local/nagios/libexec/check_nrpe
>
> /var/log/secure:
>
> su: pam_unix(su:session): session opened for user nagios by
> root(uid=0)
> su: pam_unix(su:session): session closed for user nagios
>
>
>
> -----Original Message-----
> From: C. Bensend [mailto:benny at bennyvision.com]
> Sent: Wednesday, 29 May 2013 7:59 PM
> To: nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourceforge.net>
> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
>
> Where's your sudoers definition that allows the nagios user to run any
> commands via sudo?
>
> And what does /var/log/secure (or equivalent) think about the nagios
> user trying to run sudo?
>
>
>> I have tested with nagios user as well.. still no luck with that.
>> Could you some one update if you have any solution on this case.
>>
>> Kind Regards,
>> Thilak
>>
>> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
>> Sent: Tuesday, 14 May 2013 7:30 PM
>> To: Nagios Users List
>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>
>> Ok - if I look at your output, manually, when the plugin is run as
>> the "root" user it produces the correct result.
>>
>> But, you haven't said what the nrpe user is that is running on the
>> remote node and whether the same manual run of the check produces
>> the same output.
>> For example, I run remote plugins through nrpe as the "nagios" user
>> so if I want to manually test a plugin on the remote node, I would
>> first login as the nagios user to ensure I've got the same
>> environment that would be used when running via nrpe. It might be
>> that the variables you have set in the script only work as the root
>> user. It's never a good idea to test as the root user but only as
>> the same user as that used by nagios or nrpe.
>>
>> Regards,
>> Deborah
>>
>> From: Thilakraj.Shanmugam
>> [mailto:Thilakraj.Shanmugam at canberra.edu.au]
>> Sent: 14 May 2013 09:58
>> To: Nagios Users List
>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>
>> Hi Deborah, Thanks for the response.. please find the details below.
>>
>>
>> [root at abc libexec]# pwd
>> /usr/local/nagios/libexec
>> [root at abc libexec]# ./check_iptables.sh
>> <----- Executing manually script
>> + IPT=/sbin/iptables
>> + GREP=/bin/grep
>> + AWK=/bin/awk
>> + EXPR=/usr/bin/expr
>> + WC=/usr/bin/wc
>> + A=/usr/bin/sudo
>> + E_SUCCESS=0
>> + E_CRITICAL=2
>> + E_UNKNOWN=3
>> ++ /usr/bin/sudo /sbin/iptables -nvL
>> ++ /bin/grep Chain
>> ++ /bin/awk '{ print $2 }'
>> ++ /bin/grep Cid
>> ++ /usr/bin/wc -l
>> + CHAINS=5
>> + '[' 5 -ne 0 ']'
>> + echo 'Firewall is running!'
>> Firewall is running!
>> + exit 0
>> <------ it shows
>> firewall
>> running ( correct output )
>> [root at abc libexec]#
>>
>>
>> Client - NRPE config file
>>
>> [root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
>> iptable
>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
>> [root at abc libexec]#
>>
>>
>> [root at abc libexec]# ./check_nrpe -H localhost -c check_iptables
>> Firewall is not running
>> <----- executing
>> via
>> check_nrpe ( wrong output )
>> [root at abc libexec]#
>>
>>
>> NRPE Logs
>> -------------
>>
>> May 14 18:52:28 abc nrpe[31158]: Added
>> command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15%
>> -c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added
>> command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w
>> 15% -c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added
>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
>> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All
>> network traffic will be encrypted.
>> May 14 18:52:28 abc nrpe[31158]: Handling the connection...
>> May 14 18:52:28 abc nrpe[31158]: Host is asking for command
>> 'check_iptables' to be run...
>> May 14 18:52:28 abc nrpe[31158]: Running command:
>> /usr/local/nagios/libexec/check_iptables.sh
>> May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2
>> and
>> output: Firewall is not running
>> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is
>> not running
>>
>>
>> Kind Regards,
>> Thilak
>>
>>
>> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
>> Sent: Tuesday, 14 May 2013 6:44 PM
>> To: Nagios Users List
>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>
>> Hi,
>> What is the wrong output being returned ? This might give us all a
>> clue as to the cause of the problem.
>> When you run the check manually, are you doing this as the same user
>> that check_nrpe will use ?
>>
>> Regards,
>> Deborah
>>
>>
>>
>> From: Thilakraj.Shanmugam
>> [mailto:Thilakraj.Shanmugam at canberra.edu.au]
>> Sent: 14 May 2013 08:43
>> To:
>> nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcefo<mailto:nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcefo>
>> r<mailto:nagios-users at lists.sourceforge.net<mailto:nagios-users at lists
>> .sourcefor>
>> ge.net>
>> Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>
>> Greetings!
>>
>> Could someone send me nagios plugin which is tested and works well
>> for monitoring IPTABLES in Linux.
>>
>> I have tested below script but it is not returning correct output to
>> nagios server.
>>
>> If I execute script manually, it shows correct output...
>>
>> But if I execute via ./check_nrpe - H localhost -c check_iptables,
>> it shows wrong output.
>>
>>
>>
>> Below is my plugin
>> ------------------------------
>>
>> #!/bin/bash
>> set -x
>>
>> IPT='/sbin/iptables'
>> GREP='/bin/grep'
>> AWK='/bin/awk'
>> EXPR='/usr/bin/expr'
>> WC='/usr/bin/wc'
>> A='/usr/bin/sudo'
>>
>> E_SUCCESS="0"
>> E_CRITICAL="2"
>> E_UNKNOWN="3"
>>
>> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid
>> | $WC -l`
>>
>> if [ $CHAINS -ne 0 ] ; then
>> echo "Firewall is running!"
>> exit ${E_SUCCESS}
>>
>> elif [ $CHAINS -eq 0 ] ; then
>> echo "Firewall is not running"
>> exit ${E_CRITICAL}
>> fi
>>
>>
>>
>> This e-mail and any files transmitted with it are strictly
>> confidential and intended solely for the use of the individual or
>> entity to whom they are addressed. If you are not the intended
>> recipient, please delete this e-mail immediately. Any unauthorised
>> distribution or copying is strictly prohibited.
>>
>> Whilst Kognitio endeavours to prevent the transmission of viruses via
>> e-mail, we cannot guarantee that any e-mail or attachment is free
>> from computer viruses and you are strongly advised to undertake your
>> own anti-virus precautions. Kognitio grants no warranties regarding
>> performance, use or quality of any e-mail or attachment and
>> undertakes no liability for loss or damage, howsoever caused.
>>
>>
>> This e-mail and any files transmitted with it are strictly
>> confidential and intended solely for the use of the individual or
>> entity to whom they are addressed. If you are not the intended
>> recipient, please delete this e-mail immediately. Any unauthorised
>> distribution or copying is strictly prohibited.
>>
>> Whilst Kognitio endeavours to prevent the transmission of viruses via
>> e-mail, we cannot guarantee that any e-mail or attachment is free
>> from computer viruses and you are strongly advised to undertake your
>> own anti-virus precautions. Kognitio grants no warranties regarding
>> performance, use or quality of any e-mail or attachment and
>> undertakes no liability for loss or damage, howsoever caused.
>> ---------------------------------------------------------------------
>> -
>> -------- Introducing AppDynamics Lite, a free troubleshooting tool
>> for Java/.NET Get 100% visibility into your production application -
>> at no cost.
>> Code-level diagnostics for performance bottlenecks with <2% overhead
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap1___________________________________
>> _
>> ___________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefo<mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefo>
>> rge.net> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to
>> /dev/null
>
>
> --
> "The very existence of flamethrowers proves that sometime, somewhere,
> someone said to themselves, 'You know, I want to set those people over
> there on fire, but I'm just not close enough to get the job
> done.'" -- George Carlin
>
>
> ----------------------------------------------------------------------
> -------- Introducing AppDynamics Lite, a free troubleshooting tool for
> Java/.NET Get 100% visibility into your production application - at no
> cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefor<mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefor>
> ge.net> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
> ----------------------------------------------------------------------
> -------- Introducing AppDynamics Lite, a free troubleshooting tool for
> Java/.NET Get 100% visibility into your production application - at no
> cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1____________________________________
> ___________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
--
"The very existence of flamethrowers proves that sometime, somewhere, someone said to themselves, 'You know, I want to set those people over there on fire, but I'm just not close enough to get the job
done.'" -- George Carlin
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130531/fbcbc113/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list