<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <meta name="Generator" content="Microsoft Exchange Server">  <style></style> </head> <body> <font face="Calibri" size="2"><span style="font-size:11pt;"> <div>Ran as nagios user and please find the details below. ( iptables Stopped)</div> <div> </div> <div> </div> <div><font size="2"><span style="font-size:10pt;">[nagios@server ~]$ <span style="background-color:yellow;">/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo $?</span></span></font></div> <div><font size="2"><span style="font-size:10pt;">0</span></font></div> <div><font size="2"><span style="font-size:10pt;">[nagios@server ~]$ <span style="background-color:yellow;">/usr/bin/sudo /sbin/iptables -nvL</span></span></font></div> <div><font size="2"><span style="font-size:10pt;">Chain INPUT (policy ACCEPT 9089 packets, 3303K bytes)</span></font></div> <div><font size="2"><span style="font-size:10pt;"> pkts bytes target prot opt in out source destination</span></font></div> <div><font size="2"><span style="font-size:10pt;"> </span></font></div> <div><font size="2"><span style="font-size:10pt;">Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)</span></font></div> <div><font size="2"><span style="font-size:10pt;"> pkts bytes target prot opt in out source destination</span></font></div> <div><font size="2"><span style="font-size:10pt;"> </span></font></div> <div><font size="2"><span style="font-size:10pt;">Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)</span></font></div> <div><font size="2"><span style="font-size:10pt;"> pkts bytes target prot opt in out source destination</span></font></div> <div><font size="2"><span style="font-size:10pt;">[nagios@server ~]$</span></font></div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div> <div>-----Original Message-----<br> From: C. Bensend [<a href="mailto:benny@bennyvision.com">mailto:benny@bennyvision.com</a>] <br> Sent: Thursday, 30 May 2013 8:44 PM<br> To: nagios-users@lists.sourceforge.net<br> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring</div> <div> </div> <div> </div> <div>I'm assuming that this check is running *on* the host 'zurich'?</div> <div> </div> <div>/var/log/secure should be listing an entry, if sudo is being run.</div> <div> </div> <div>Manually, *as the nagios user*, what happens when you do the following?</div> <div> </div> <div>/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \</div> <div> /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?</div> <div> </div> <div> </div> <div>How about just (again, as the nagios user):</div> <div> </div> <div>/usr/bin/sudo /sbin/iptables -nvL</div> <div> </div> <div> </div> <div>> Please find the details</div> <div>></div> <div>> Sudoers Definition:-</div> <div>></div> <div>> nagios zurich= NOPASSWD: /sbin/iptables, </div> <div>> /usr/local/nagios/libexec/check_iptables.sh,</div> <div>> /usr/local/nagios/libexec/check_nrpe</div> <div>></div> <div>> /var/log/secure:</div> <div>></div> <div>> su: pam_unix(su:session): session opened for user nagios by </div> <div>> root(uid=0)</div> <div>> su: pam_unix(su:session): session closed for user nagios</div> <div>></div> <div>></div> <div>></div> <div>> -----Original Message-----</div> <div>> From: C. Bensend [<a href="mailto:benny@bennyvision.com">mailto:benny@bennyvision.com</a>]</div> <div>> Sent: Wednesday, 29 May 2013 7:59 PM</div> <div>> To: <a href="mailto:nagios-users@lists.sourceforge.net">nagios-users@lists.sourceforge.net</a></div> <div>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring</div> <div>></div> <div>></div> <div>> Where's your sudoers definition that allows the nagios user to run any </div> <div>> commands via sudo?</div> <div>></div> <div>> And what does /var/log/secure (or equivalent) think about the nagios </div> <div>> user trying to run sudo?</div> <div>></div> <div>></div> <div>>> I have tested with nagios user as well.. still no luck with that.</div> <div>>> Could you some one update if you have any solution on this case.</div> <div>>></div> <div>>> Kind Regards,</div> <div>>> Thilak</div> <div>>></div> <div>>> From: Deborah Martin [<a href="mailto:Deborah.Martin@kognitio.com">mailto:Deborah.Martin@kognitio.com</a>]</div> <div>>> Sent: Tuesday, 14 May 2013 7:30 PM</div> <div>>> To: Nagios Users List</div> <div>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring</div> <div>>></div> <div>>> Ok - if I look at your output, manually, when the plugin is run as </div> <div>>> the "root" user it produces the correct result.</div> <div>>></div> <div>>> But, you haven't said what the nrpe user is that is running on the </div> <div>>> remote node and whether the same manual run of the check produces </div> <div>>> the same output.</div> <div>>> For example, I run remote plugins through nrpe as the "nagios" user </div> <div>>> so if I want to manually test a plugin on the remote node, I would </div> <div>>> first login as the nagios user to ensure I've got the same </div> <div>>> environment that would be used when running via nrpe. It might be </div> <div>>> that the variables you have set in the script only work as the root </div> <div>>> user. It's never a good idea to test as the root user but only as </div> <div>>> the same user as that used by nagios or nrpe.</div> <div>>></div> <div>>> Regards,</div> <div>>> Deborah</div> <div>>></div> <div>>> From: Thilakraj.Shanmugam </div> <div>>> [<a href="mailto:Thilakraj.Shanmugam@canberra.edu.au">mailto:Thilakraj.Shanmugam@canberra.edu.au</a>]</div> <div>>> Sent: 14 May 2013 09:58</div> <div>>> To: Nagios Users List</div> <div>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring</div> <div>>></div> <div>>> Hi Deborah, Thanks for the response.. please find the details below.</div> <div>>></div> <div>>></div> <div>>> [root@abc libexec]# pwd</div> <div>>> /usr/local/nagios/libexec</div> <div>>> [root@abc libexec]# ./check_iptables.sh</div> <div>>> <----- Executing manually script</div> <div>>> + IPT=/sbin/iptables</div> <div>>> + GREP=/bin/grep</div> <div>>> + AWK=/bin/awk</div> <div>>> + EXPR=/usr/bin/expr</div> <div>>> + WC=/usr/bin/wc</div> <div>>> + A=/usr/bin/sudo</div> <div>>> + E_SUCCESS=0</div> <div>>> + E_CRITICAL=2</div> <div>>> + E_UNKNOWN=3</div> <div>>> ++ /usr/bin/sudo /sbin/iptables -nvL</div> <div>>> ++ /bin/grep Chain</div> <div>>> ++ /bin/awk '{ print $2 }'</div> <div>>> ++ /bin/grep Cid</div> <div>>> ++ /usr/bin/wc -l</div> <div>>> + CHAINS=5</div> <div>>> + '[' 5 -ne 0 ']'</div> <div>>> + echo 'Firewall is running!'</div> <div>>> Firewall is running!</div> <div>>> + exit 0</div> <div>>> <------ it shows </div> <div>>> firewall</div> <div>>> running ( correct output )</div> <div>>> [root@abc libexec]#</div> <div>>></div> <div>>></div> <div>>> Client - NRPE config file</div> <div>>></div> <div>>> [root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i </div> <div>>> iptable </div> <div>>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh</div> <div>>> [root@abc libexec]#</div> <div>>></div> <div>>></div> <div>>> [root@abc libexec]# ./check_nrpe -H localhost -c check_iptables </div> <div>>> Firewall is not running</div> <div>>> <----- executing </div> <div>>> via</div> <div>>> check_nrpe ( wrong output )</div> <div>>> [root@abc libexec]#</div> <div>>></div> <div>>></div> <div>>> NRPE Logs</div> <div>>> -------------</div> <div>>></div> <div>>> May 14 18:52:28 abc nrpe[31158]: Added </div> <div>>> command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% </div> <div>>> -c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added </div> <div>>> command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w </div> <div>>> 15% -c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added </div> <div>>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh</div> <div>>> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All </div> <div>>> network traffic will be encrypted.</div> <div>>> May 14 18:52:28 abc nrpe[31158]: Handling the connection...</div> <div>>> May 14 18:52:28 abc nrpe[31158]: Host is asking for command </div> <div>>> 'check_iptables' to be run...</div> <div>>> May 14 18:52:28 abc nrpe[31158]: Running command:</div> <div>>> /usr/local/nagios/libexec/check_iptables.sh</div> <div>>> May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 </div> <div>>> and</div> <div>>> output: Firewall is not running</div> <div>>> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is </div> <div>>> not running</div> <div>>></div> <div>>></div> <div>>> Kind Regards,</div> <div>>> Thilak</div> <div>>></div> <div>>></div> <div>>> From: Deborah Martin [<a href="mailto:Deborah.Martin@kognitio.com">mailto:Deborah.Martin@kognitio.com</a>]</div> <div>>> Sent: Tuesday, 14 May 2013 6:44 PM</div> <div>>> To: Nagios Users List</div> <div>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring</div> <div>>></div> <div>>> Hi,</div> <div>>> What is the wrong output being returned ? This might give us all a </div> <div>>> clue as to the cause of the problem.</div> <div>>> When you run the check manually, are you doing this as the same user </div> <div>>> that check_nrpe will use ?</div> <div>>></div> <div>>> Regards,</div> <div>>> Deborah</div> <div>>></div> <div>>></div> <div>>></div> <div>>> From: Thilakraj.Shanmugam </div> <div>>> [<a href="mailto:Thilakraj.Shanmugam@canberra.edu.au">mailto:Thilakraj.Shanmugam@canberra.edu.au</a>]</div> <div>>> Sent: 14 May 2013 08:43</div> <div>>> To:</div> <div>>> <a href="mailto:nagios-users@lists.sourceforge.net<mailto:nagios-users@lists.sourcefo">nagios-users@lists.sourceforge.net<mailto:nagios-users@lists.sourcefo</a></div> <div>>> r<<a href=""></a>mailto:nagios-users@lists.sourceforge.net<mailto:nagios-users@lists</div> <div>>> .sourcefor></div> <div>>> ge.net></div> <div>>> Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring</div> <div>>></div> <div>>> Greetings!</div> <div>>></div> <div>>> Could someone send me nagios plugin which is tested and works well </div> <div>>> for monitoring IPTABLES in Linux.</div> <div>>></div> <div>>> I have tested below script but it is not returning correct output to </div> <div>>> nagios server.</div> <div>>></div> <div>>> If I execute script manually, it shows correct output...</div> <div>>></div> <div>>> But if I execute via ./check_nrpe - H localhost -c check_iptables, </div> <div>>> it shows wrong output.</div> <div>>></div> <div>>></div> <div>>></div> <div>>> Below is my plugin</div> <div>>> ------------------------------</div> <div>>></div> <div>>> #!/bin/bash</div> <div>>> set -x</div> <div>>></div> <div>>> IPT='/sbin/iptables'</div> <div>>> GREP='/bin/grep'</div> <div>>> AWK='/bin/awk'</div> <div>>> EXPR='/usr/bin/expr'</div> <div>>> WC='/usr/bin/wc'</div> <div>>> A='/usr/bin/sudo'</div> <div>>></div> <div>>> E_SUCCESS="0"</div> <div>>> E_CRITICAL="2"</div> <div>>> E_UNKNOWN="3"</div> <div>>></div> <div>>> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid</div> <div>>> | $WC -l`</div> <div>>></div> <div>>> if [ $CHAINS -ne 0 ] ; then</div> <div>>> echo "Firewall is running!"</div> <div>>> exit ${E_SUCCESS}</div> <div>>></div> <div>>> elif [ $CHAINS -eq 0 ] ; then</div> <div>>> echo "Firewall is not running"</div> <div>>> exit ${E_CRITICAL}</div> <div>>> fi</div> <div>>></div> <div>>></div> <div>>></div> <div>>> This e-mail and any files transmitted with it are strictly </div> <div>>> confidential and intended solely for the use of the individual or </div> <div>>> entity to whom they are addressed. If you are not the intended </div> <div>>> recipient, please delete this e-mail immediately. Any unauthorised </div> <div>>> distribution or copying is strictly prohibited.</div> <div>>></div> <div>>> Whilst Kognitio endeavours to prevent the transmission of viruses via </div> <div>>> e-mail, we cannot guarantee that any e-mail or attachment is free </div> <div>>> from computer viruses and you are strongly advised to undertake your </div> <div>>> own anti-virus precautions. Kognitio grants no warranties regarding </div> <div>>> performance, use or quality of any e-mail or attachment and </div> <div>>> undertakes no liability for loss or damage, howsoever caused.</div> <div>>></div> <div>>></div> <div>>> This e-mail and any files transmitted with it are strictly </div> <div>>> confidential and intended solely for the use of the individual or </div> <div>>> entity to whom they are addressed. If you are not the intended </div> <div>>> recipient, please delete this e-mail immediately. Any unauthorised </div> <div>>> distribution or copying is strictly prohibited.</div> <div>>></div> <div>>> Whilst Kognitio endeavours to prevent the transmission of viruses via </div> <div>>> e-mail, we cannot guarantee that any e-mail or attachment is free </div> <div>>> from computer viruses and you are strongly advised to undertake your </div> <div>>> own anti-virus precautions. Kognitio grants no warranties regarding </div> <div>>> performance, use or quality of any e-mail or attachment and </div> <div>>> undertakes no liability for loss or damage, howsoever caused.</div> <div>>> ---------------------------------------------------------------------</div> <div>>> -</div> <div>>> -------- Introducing AppDynamics Lite, a free troubleshooting tool </div> <div>>> for Java/.NET Get 100% visibility into your production application - </div> <div>>> at no cost.</div> <div>>> Code-level diagnostics for performance bottlenecks with <2% overhead </div> <div>>> Download for free and get started troubleshooting in minutes.</div> <div>>> <a href="http://p.sf.net/sfu/appdyn_d2d_ap1___________________________________">http://p.sf.net/sfu/appdyn_d2d_ap1___________________________________</a></div> <div>>> _</div> <div>>> ___________</div> <div>>> Nagios-users mailing list</div> <div>>> <a href="mailto:Nagios-users@lists.sourceforge.net<mailto:Nagios-users@lists.sourcefo">Nagios-users@lists.sourceforge.net<mailto:Nagios-users@lists.sourcefo</a></div> <div>>> rge.net> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users">https://lists.sourceforge.net/lists/listinfo/nagios-users</a></div> <div>>> ::: Please include Nagios version, plugin version (-v) and OS when </div> <div>>> reporting any issue.</div> <div>>> ::: Messages without supporting info will risk being sent to </div> <div>>> /dev/null</div> <div>></div> <div>></div> <div>> --</div> <div>> "The very existence of flamethrowers proves that sometime, somewhere, </div> <div>> someone said to themselves, 'You know, I want to set those people over </div> <div>> there on fire, but I'm just not close enough to get the job</div> <div>> done.'" -- George Carlin</div> <div>></div> <div>></div> <div>> ----------------------------------------------------------------------</div> <div>> -------- Introducing AppDynamics Lite, a free troubleshooting tool for </div> <div>> Java/.NET Get 100% visibility into your production application - at no </div> <div>> cost.</div> <div>> Code-level diagnostics for performance bottlenecks with <2% overhead </div> <div>> Download for free and get started troubleshooting in minutes.</div> <div>> <a href="http://p.sf.net/sfu/appdyn_d2d_ap1">http://p.sf.net/sfu/appdyn_d2d_ap1</a></div> <div>> _______________________________________________</div> <div>> Nagios-users mailing list</div> <div>> <a href="mailto:Nagios-users@lists.sourceforge.net<mailto:Nagios-users@lists.sourcefor">Nagios-users@lists.sourceforge.net<mailto:Nagios-users@lists.sourcefor</a></div> <div>> ge.net> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users">https://lists.sourceforge.net/lists/listinfo/nagios-users</a></div> <div>> ::: Please include Nagios version, plugin version (-v) and OS when </div> <div>> reporting any issue.</div> <div>> ::: Messages without supporting info will risk being sent to /dev/null</div> <div>></div> <div>> ----------------------------------------------------------------------</div> <div>> -------- Introducing AppDynamics Lite, a free troubleshooting tool for </div> <div>> Java/.NET Get 100% visibility into your production application - at no </div> <div>> cost.</div> <div>> Code-level diagnostics for performance bottlenecks with <2% overhead </div> <div>> Download for free and get started troubleshooting in minutes.</div> <div>> <a href="http://p.sf.net/sfu/appdyn_d2d_ap1____________________________________">http://p.sf.net/sfu/appdyn_d2d_ap1____________________________________</a></div> <div>> ___________</div> <div>> Nagios-users mailing list</div> <div>> <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a></div> <div>> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users">https://lists.sourceforge.net/lists/listinfo/nagios-users</a></div> <div>> ::: Please include Nagios version, plugin version (-v) and OS when </div> <div>> reporting any issue.</div> <div>> ::: Messages without supporting info will risk being sent to /dev/null</div> <div> </div> <div> </div> <div>--</div> <div>"The very existence of flamethrowers proves that sometime, somewhere, someone said to themselves, 'You know, I want to set those people over there on fire, but I'm just not close enough to get the job</div> <div>done.'" -- George Carlin</div> <div> </div> <div> </div> <div>------------------------------------------------------------------------------</div> <div>Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET</div> <div>Get 100% visibility into your production application - at no cost.</div> <div>Code-level diagnostics for performance bottlenecks with <2% overhead</div> <div>Download for free and get started troubleshooting in minutes.</div> <div><a href="http://p.sf.net/sfu/appdyn_d2d_ap1">http://p.sf.net/sfu/appdyn_d2d_ap1</a></div> <div>_______________________________________________</div> <div>Nagios-users mailing list</div> <div><a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a></div> <div><a href="https://lists.sourceforge.net/lists/listinfo/nagios-users">https://lists.sourceforge.net/lists/listinfo/nagios-users</a></div> <div>::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. </div> <div>::: Messages without supporting info will risk being sent to /dev/null</div> <div> </div> </span></font> </body> </html>