After an incident we have been tasked with detecting rogue DHCP servers on our
network. Looking at the check_dhcp plugin it looks like it does 99% of what we
need. My specific question relates to us making a change to the check_dhcp.c
file and if it would work. My co-worker and I are not familiar enough with the
language.
For the section:
if(valid_responses==0)
result=STATE_CRITICAL;
else if(requested_servers>0 && requested_responses==0)
result=STATE_CRITICAL;
else if(requested_responses<requested_servers)
result=STATE_WARNING;
else if(request_specific_address==TRUE &&
received_requested_address==FALSE)
result=STATE_WARNING;
If we were to add this after the first if
Else if (valid_responses>1)
Result=STATE_CRITICAL;
Then compile the plugin per the github instructions from there would that alert
if we had more than one DHCP response?
Regards,
[Aaron Webber]
Aaron Webber | Security Systems Engineer
aweb...@insidesales.com<mailto:aweb...@insidesales.com> | P: 877.210.0126 | F:
801.853.4089
LinkedIn<http://linkedin.com/company/82914> | Customer
Testimonials<http://www.insidesales.com/about-us/customers#/?a=sig111> |
Sales Rep Best Practices<https://www.youtube.com/user/officialinsidesales>
