Nagios Plugin for IPTABLES Monitoring
C. Bensend
benny at bennyvision.com
Fri May 31 14:36:17 CEST 2013
OK. So, what differs when you try that first command when iptables
*is* running?
> Please find the details..
>
> [nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain'
> | /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l
> 0
> [nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep Cid |
> /usr/bin/wc -l
> 0
> [nagios at server ~]$
> [nagios at server ~]$ echo $?
> 0
> [nagios at servef ~]$
>
> Yes, Server = zurich
> -----Original Message-----
> From: C. Bensend [mailto:benny at bennyvision.com]
> Sent: Friday, 31 May 2013 8:05 PM
> To: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
>
>> Ran as nagios user and please find the details below. ( iptables
>> Stopped)
>>
>>
>> [nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep
>> 'Chain' | /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo
>> $?
>> 0
>
> That 'echo $?' was supposed to be on the next line, not a continuation of
> the command. Can you run that again, but as two separate commands, one
> right after the other? I want to see the result of your first command
> (the iptables one).
>
>> [nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL Chain INPUT
>> (policy ACCEPT 9089 packets, 3303K bytes)
>> pkts bytes target prot opt in out source
>> destination
>>
>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>> pkts bytes target prot opt in out source
>> destination
>>
>> Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)
>> pkts bytes target prot opt in out source
>> destination
>> [nagios at server ~]$
>
> I'm assuming "server" == "zurich", right?
>
> I wonder if you can cut out the first grep and awk, and just look for
> 'Cid' ?
>
>
>> -----Original Message-----
>> From: C. Bensend [mailto:benny at bennyvision.com]
>> Sent: Thursday, 30 May 2013 8:44 PM
>> To: nagios-users at lists.sourceforge.net
>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>
>>
>> I'm assuming that this check is running *on* the host 'zurich'?
>>
>> /var/log/secure should be listing an entry, if sudo is being run.
>>
>> Manually, *as the nagios user*, what happens when you do the following?
>>
>> /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
>> /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?
>>
>>
>> How about just (again, as the nagios user):
>>
>> /usr/bin/sudo /sbin/iptables -nvL
>>
>>
>>> Please find the details
>>>
>>> Sudoers Definition:-
>>>
>>> nagios zurich= NOPASSWD: /sbin/iptables,
>>> /usr/local/nagios/libexec/check_iptables.sh,
>>> /usr/local/nagios/libexec/check_nrpe
>>>
>>> /var/log/secure:
>>>
>>> su: pam_unix(su:session): session opened for user nagios by
>>> root(uid=0)
>>> su: pam_unix(su:session): session closed for user nagios
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: C. Bensend [mailto:benny at bennyvision.com]
>>> Sent: Wednesday, 29 May 2013 7:59 PM
>>> To:
>>> nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcefo
>>> rge.net>
>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>
>>>
>>> Where's your sudoers definition that allows the nagios user to run
>>> any commands via sudo?
>>>
>>> And what does /var/log/secure (or equivalent) think about the nagios
>>> user trying to run sudo?
>>>
>>>
>>>> I have tested with nagios user as well.. still no luck with that.
>>>> Could you some one update if you have any solution on this case.
>>>>
>>>> Kind Regards,
>>>> Thilak
>>>>
>>>> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
>>>> Sent: Tuesday, 14 May 2013 7:30 PM
>>>> To: Nagios Users List
>>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>>
>>>> Ok - if I look at your output, manually, when the plugin is run as
>>>> the "root" user it produces the correct result.
>>>>
>>>> But, you haven't said what the nrpe user is that is running on the
>>>> remote node and whether the same manual run of the check produces
>>>> the same output.
>>>> For example, I run remote plugins through nrpe as the "nagios" user
>>>> so if I want to manually test a plugin on the remote node, I would
>>>> first login as the nagios user to ensure I've got the same
>>>> environment that would be used when running via nrpe. It might be
>>>> that the variables you have set in the script only work as the root
>>>> user. It's never a good idea to test as the root user but only as
>>>> the same user as that used by nagios or nrpe.
>>>>
>>>> Regards,
>>>> Deborah
>>>>
>>>> From: Thilakraj.Shanmugam
>>>> [mailto:Thilakraj.Shanmugam at canberra.edu.au]
>>>> Sent: 14 May 2013 09:58
>>>> To: Nagios Users List
>>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>>
>>>> Hi Deborah, Thanks for the response.. please find the details below.
>>>>
>>>>
>>>> [root at abc libexec]# pwd
>>>> /usr/local/nagios/libexec
>>>> [root at abc libexec]# ./check_iptables.sh
>>>> <----- Executing manually script
>>>> + IPT=/sbin/iptables
>>>> + GREP=/bin/grep
>>>> + AWK=/bin/awk
>>>> + EXPR=/usr/bin/expr
>>>> + WC=/usr/bin/wc
>>>> + A=/usr/bin/sudo
>>>> + E_SUCCESS=0
>>>> + E_CRITICAL=2
>>>> + E_UNKNOWN=3
>>>> ++ /usr/bin/sudo /sbin/iptables -nvL /bin/grep Chain /bin/awk '{
>>>> ++ print $2 }'
>>>> ++ /bin/grep Cid
>>>> ++ /usr/bin/wc -l
>>>> + CHAINS=5
>>>> + '[' 5 -ne 0 ']'
>>>> + echo 'Firewall is running!'
>>>> Firewall is running!
>>>> + exit 0
>>>> <------ it shows
>>>> firewall
>>>> running ( correct output )
>>>> [root at abc libexec]#
>>>>
>>>>
>>>> Client - NRPE config file
>>>>
>>>> [root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
>>>> iptable
>>>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
>>>> [root at abc libexec]#
>>>>
>>>>
>>>> [root at abc libexec]# ./check_nrpe -H localhost -c check_iptables
>>>> Firewall is not running
>>>> <-----
>>>> executing via
>>>> check_nrpe ( wrong output )
>>>> [root at abc libexec]#
>>>>
>>>>
>>>> NRPE Logs
>>>> -------------
>>>>
>>>> May 14 18:52:28 abc nrpe[31158]: Added
>>>> command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w
>>>> 15% -c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added
>>>> command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w
>>>> 15% -c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added
>>>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
>>>> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All
>>>> network traffic will be encrypted.
>>>> May 14 18:52:28 abc nrpe[31158]: Handling the connection...
>>>> May 14 18:52:28 abc nrpe[31158]: Host is asking for command
>>>> 'check_iptables' to be run...
>>>> May 14 18:52:28 abc nrpe[31158]: Running command:
>>>> /usr/local/nagios/libexec/check_iptables.sh
>>>> May 14 18:52:28 abc nrpe[31158]: Command completed with return code
>>>> 2 and
>>>> output: Firewall is not running
>>>> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is
>>>> not running
>>>>
>>>>
>>>> Kind Regards,
>>>> Thilak
>>>>
>>>>
>>>> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
>>>> Sent: Tuesday, 14 May 2013 6:44 PM
>>>> To: Nagios Users List
>>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>>
>>>> Hi,
>>>> What is the wrong output being returned ? This might give us all a
>>>> clue as to the cause of the problem.
>>>> When you run the check manually, are you doing this as the same user
>>>> that check_nrpe will use ?
>>>>
>>>> Regards,
>>>> Deborah
>>>>
>>>>
>>>>
>>>> From: Thilakraj.Shanmugam
>>>> [mailto:Thilakraj.Shanmugam at canberra.edu.au]
>>>> Sent: 14 May 2013 08:43
>>>> To:
>>>> nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcef
>>>> o<mailto:nagios-users at lists.sourceforge.net<mailto:nagios-users at list
>>>> s.sourcefo>
>>>> r<mailto:nagios-users at lists.sourceforge.net<mailto:nagios-users at list
>>>> s
>>>> .sourcefor>
>>>> ge.net>
>>>> Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>>
>>>> Greetings!
>>>>
>>>> Could someone send me nagios plugin which is tested and works well
>>>> for monitoring IPTABLES in Linux.
>>>>
>>>> I have tested below script but it is not returning correct output to
>>>> nagios server.
>>>>
>>>> If I execute script manually, it shows correct output...
>>>>
>>>> But if I execute via ./check_nrpe - H localhost -c check_iptables,
>>>> it shows wrong output.
>>>>
>>>>
>>>>
>>>> Below is my plugin
>>>> ------------------------------
>>>>
>>>> #!/bin/bash
>>>> set -x
>>>>
>>>> IPT='/sbin/iptables'
>>>> GREP='/bin/grep'
>>>> AWK='/bin/awk'
>>>> EXPR='/usr/bin/expr'
>>>> WC='/usr/bin/wc'
>>>> A='/usr/bin/sudo'
>>>>
>>>> E_SUCCESS="0"
>>>> E_CRITICAL="2"
>>>> E_UNKNOWN="3"
>>>>
>>>> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP
>>>> Cid
>>>> | $WC -l`
>>>>
>>>> if [ $CHAINS -ne 0 ] ; then
>>>> echo "Firewall is running!"
>>>> exit ${E_SUCCESS}
>>>>
>>>> elif [ $CHAINS -eq 0 ] ; then
>>>> echo "Firewall is not running"
>>>> exit ${E_CRITICAL}
>>>> fi
>>>>
>>>>
>>>>
>>>> This e-mail and any files transmitted with it are strictly
>>>> confidential and intended solely for the use of the individual or
>>>> entity to whom they are addressed. If you are not the intended
>>>> recipient, please delete this e-mail immediately. Any unauthorised
>>>> distribution or copying is strictly prohibited.
>>>>
>>>> Whilst Kognitio endeavours to prevent the transmission of viruses
>>>> via e-mail, we cannot guarantee that any e-mail or attachment is
>>>> free from computer viruses and you are strongly advised to undertake
>>>> your own anti-virus precautions. Kognitio grants no warranties
>>>> regarding performance, use or quality of any e-mail or attachment
>>>> and undertakes no liability for loss or damage, howsoever caused.
>>>>
>>>>
>>>> This e-mail and any files transmitted with it are strictly
>>>> confidential and intended solely for the use of the individual or
>>>> entity to whom they are addressed. If you are not the intended
>>>> recipient, please delete this e-mail immediately. Any unauthorised
>>>> distribution or copying is strictly prohibited.
>>>>
>>>> Whilst Kognitio endeavours to prevent the transmission of viruses
>>>> via e-mail, we cannot guarantee that any e-mail or attachment is
>>>> free from computer viruses and you are strongly advised to undertake
>>>> your own anti-virus precautions. Kognitio grants no warranties
>>>> regarding performance, use or quality of any e-mail or attachment
>>>> and undertakes no liability for loss or damage, howsoever caused.
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> -------- Introducing AppDynamics Lite, a free troubleshooting tool
>>>> for Java/.NET Get 100% visibility into your production application -
>>>> at no cost.
>>>> Code-level diagnostics for performance bottlenecks with <2% overhead
>>>> Download for free and get started troubleshooting in minutes.
>>>> http://p.sf.net/sfu/appdyn_d2d_ap1__________________________________
>>>> _
>>>> _
>>>> ___________
>>>> Nagios-users mailing list
>>>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcef
>>>> o<mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at list
>>>> s.sourcefo> rge.net>
>>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>>> reporting any issue.
>>>> ::: Messages without supporting info will risk being sent to
>>>> /dev/null
>>>
>>>
>>> --
>>> "The very existence of flamethrowers proves that sometime, somewhere,
>>> someone said to themselves, 'You know, I want to set those people
>>> over there on fire, but I'm just not close enough to get the job
>>> done.'" -- George Carlin
>>>
>>>
>>> ---------------------------------------------------------------------
>>> -
>>> -------- Introducing AppDynamics Lite, a free troubleshooting tool
>>> for Java/.NET Get 100% visibility into your production application -
>>> at no cost.
>>> Code-level diagnostics for performance bottlenecks with <2% overhead
>>> Download for free and get started troubleshooting in minutes.
>>> http://p.sf.net/sfu/appdyn_d2d_ap1
>>> _______________________________________________
>>> Nagios-users mailing list
>>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefo
>>> r<mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists
>>> .sourcefor> ge.net>
>>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>> reporting any issue.
>>> ::: Messages without supporting info will risk being sent to
>>> /dev/null
>>>
>>> ---------------------------------------------------------------------
>>> -
>>> -------- Introducing AppDynamics Lite, a free troubleshooting tool
>>> for Java/.NET Get 100% visibility into your production application -
>>> at no cost.
>>> Code-level diagnostics for performance bottlenecks with <2% overhead
>>> Download for free and get started troubleshooting in minutes.
>>> http://p.sf.net/sfu/appdyn_d2d_ap1___________________________________
>>> _
>>> ___________
>>> Nagios-users mailing list
>>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefo
>>> rge.net> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>> reporting any issue.
>>> ::: Messages without supporting info will risk being sent to
>>> /dev/null
>>
>>
>> --
>> "The very existence of flamethrowers proves that sometime, somewhere,
>> someone said to themselves, 'You know, I want to set those people over
>> there on fire, but I'm just not close enough to get the job
>> done.'" -- George Carlin
>>
>>
>> ----------------------------------------------------------------------
>> -------- Introducing AppDynamics Lite, a free troubleshooting tool for
>> Java/.NET Get 100% visibility into your production application - at no
>> cost.
>> Code-level diagnostics for performance bottlenecks with <2% overhead
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap1
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefor
>> ge.net> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
>> ----------------------------------------------------------------------
>> -------- Get 100% visibility into Java/.NET code with AppDynamics Lite
>> It's a free troubleshooting tool designed for production Get down to
>> code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap2____________________________________
>> ___________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>
>
> --
> "The very existence of flamethrowers proves that sometime, somewhere,
> someone said to themselves, 'You know, I want to set those people over
> there on fire, but I'm just not close enough to get the job
> done.'" -- George Carlin
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
--
"The very existence of flamethrowers proves that sometime, somewhere,
someone said to themselves, 'You know, I want to set those people
over there on fire, but I'm just not close enough to get the job
done.'" -- George Carlin
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list