<div dir="ltr">try setting the suid for this script</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 14, 2013 at 2:59 PM, Deborah Martin <span dir="ltr"><<a href="mailto:Deborah.Martin@kognitio.com" target="_blank">Deborah.Martin@kognitio.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-GB" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="color:#1f497d">Ok – if I look at your output, manually, when the plugin is run as the “root” user it produces the correct result.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">But, you haven’t said what the nrpe user is that is running on the remote node and whether the same manual run of the check produces the same output.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">For example, I run remote plugins through nrpe as the “nagios” user so if I want to manually test a plugin on the remote node, I would first login as the nagios user to ensure I’ve got the same environment that
would be used when running via nrpe. It might be that the variables you have set in the script only work as the root user. It’s never a good idea to test as the root user but only as the same user as that used by nagios or nrpe.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">Regards,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">Deborah <u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Thilakraj.Shanmugam
[mailto:<a href="mailto:Thilakraj.Shanmugam@canberra.edu.au" target="_blank">Thilakraj.Shanmugam@canberra.edu.au</a>] <br>
<b>Sent:</b> 14 May 2013 09:58</span></p><div><div class="h5"><br>
<b>To:</b> Nagios Users List<br>
<b>Subject:</b> Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring<u></u><u></u></div></div><p></p>
</div>
</div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d">Hi Deborah, Thanks for the response.. please find the details below.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">[root@abc libexec]# pwd<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">/usr/local/nagios/libexec<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">[root@abc libexec]# ./check_iptables.sh <----- Executing manually script<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ IPT=/sbin/iptables<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ GREP=/bin/grep<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ AWK=/bin/awk<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ EXPR=/usr/bin/expr<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ WC=/usr/bin/wc<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ A=/usr/bin/sudo<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ E_SUCCESS=0<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ E_CRITICAL=2<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ E_UNKNOWN=3<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">++ /usr/bin/sudo /sbin/iptables -nvL<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">++ /bin/grep Chain<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">++ /bin/awk '{ print $2 }'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">++ /bin/grep Cid<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">++ /usr/bin/wc -l<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ CHAINS=5<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ '[' 5 -ne 0 ']'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">+ echo 'Firewall is running!'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt;background:yellow">Firewall is running!<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt;background:yellow">+ exit 0</span><span lang="EN-AU" style="font-size:10.0pt">
<------ it shows firewall running ( correct output )<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">[root@abc libexec]#<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><u><span lang="EN-AU" style="font-size:10.0pt">Client - NRPE config file<u></u><u></u></span></u></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">[root@abc libexec]#<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt;background:yellow">Firewall is not running</span><span lang="EN-AU" style="font-size:10.0pt">
<----- executing via check_nrpe ( wrong output )<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">[root@abc libexec]#<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">NRPE Logs<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">-------------<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Added command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p /db<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Added command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p /app<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Added command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic will be encrypted.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Handling the connection...<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to be run...<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Running command: /usr/local/nagios/libexec/check_iptables.sh<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Command completed with
<span style="background:yellow">return code 2 and output: Firewall is not running</span><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt">May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d">Kind Regards,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d">Thilak<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Deborah
Martin [<a href="mailto:Deborah.Martin@kognitio.com" target="_blank">mailto:Deborah.Martin@kognitio.com</a>]
<br>
<b>Sent:</b> Tuesday, 14 May 2013 6:44 PM<br>
<b>To:</b> Nagios Users List<br>
<b>Subject:</b> Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">Hi, <u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">What is the wrong output being returned ? This might give us all a clue as to the cause of the problem.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">When you run the check manually, are you doing this as the same user that check_nrpe will use ?
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">Regards,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">Deborah <u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Thilakraj.Shanmugam
[<a href="mailto:Thilakraj.Shanmugam@canberra.edu.au" target="_blank">mailto:Thilakraj.Shanmugam@canberra.edu.au</a>]
<br>
<b>Sent:</b> 14 May 2013 08:43<br>
<b>To:</b> <a href="mailto:nagios-users@lists.sourceforge.net" target="_blank">nagios-users@lists.sourceforge.net</a><br>
<b>Subject:</b> [Nagios-users] Nagios Plugin for IPTABLES Monitoring<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-AU">Greetings!<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">Could someone send me nagios plugin which is tested and works well for monitoring IPTABLES in Linux.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">I have tested below script but it is not returning correct output to nagios server.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">If I execute script manually, it shows correct output…<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">But if I execute via ./check_nrpe – H localhost –c check_iptables, it shows wrong output.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">Below is my plugin<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">------------------------------<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt;font-family:"Book Antiqua","serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">#!/bin/bash<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">set -x<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">IPT='/sbin/iptables'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">GREP='/bin/grep'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">AWK='/bin/awk'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">EXPR='/usr/bin/expr'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">WC='/usr/bin/wc'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">A='/usr/bin/sudo'<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">E_SUCCESS="0"<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">E_CRITICAL="2"<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">E_UNKNOWN="3"<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU">CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"> if [ $CHAINS -ne 0 ] ; then<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"> echo "Firewall is running!"<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"> exit ${E_SUCCESS}<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"> elif [ $CHAINS -eq 0 ] ; then<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"> echo "Firewall is not running"<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"> exit ${E_CRITICAL}<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU"> fi<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-AU" style="font-size:10.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><br clear="all">
<u></u><u></u></span></p>
<p><span><span style="font-size:9.0pt">This e-mail and any files transmitted with it are strictly confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please
delete this e-mail immediately. Any unauthorised distribution or copying is strictly prohibited.</span></span><span style="font-size:9.0pt;font-family:"Arial","sans-serif""><br>
<br>
<span>Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail, we cannot guarantee that any e-mail or attachment is free from computer viruses and you are strongly advised to undertake your own anti-virus precautions. Kognitio
grants no warranties regarding performance, use or quality of any e-mail or attachment and undertakes no liability for loss or damage, howsoever caused.</span></span><u></u><u></u></p>
</div></div></div><div><div class="h5">
<br clear="all"> <u></u>
<div>
<p> <span>This e-mail and any files transmitted with it are strictly confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please delete this e-mail immediately. Any unauthorised distribution or copying is strictly prohibited.<br>
<br>
Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail, we cannot guarantee that any e-mail or attachment is free from computer viruses and you are strongly advised to undertake your own anti-virus precautions. Kognitio grants no warranties regarding performance, use or quality of any e-mail or attachment and undertakes no liability for loss or damage, howsoever caused.</span><br>
</p>
</div>
</div></div></div>
<br>------------------------------------------------------------------------------<br>
AlienVault Unified Security Management (USM) platform delivers complete<br>
security visibility with the essential security capabilities. Easily and<br>
efficiently configure, manage, and operate all of your security controls<br>
from a single console and one unified framework. Download a free trial.<br>
<a href="http://p.sf.net/sfu/alienvault_d2d" target="_blank">http://p.sf.net/sfu/alienvault_d2d</a><br>_______________________________________________<br>
Nagios-users mailing list<br>
<a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a><br>
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.<br>
::: Messages without supporting info will risk being sent to /dev/null<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Regards<br>Sunil Sankar
</div>