Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hello All,
I have found the helpful fix after much of struggle, it might be useful someone
want to configure and monitor Iptables status.
After write your own plugin, then keep it in /usr/local/nagios/libexec dir.
1. open /etc/sudoers file and comment line as like below
#Defaultsrequiretty
2. End of /etc/sudoers file mention the line as below
nagios servername= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_nrpe
Note: Do remember to mention your own server name
Now you can test your plugin via check_NRPE and it will give you expected
results.
Good Luck!
Kind Regards,
Thilakraj Shanmugam
From: Thilakraj.Shanmugam
Sent: Wednesday, 29 May 2013 3:39 PM
To: Nagios Users List
Subject: RE: Nagios Plugin for IPTABLES Monitoring
Hi Deborah et al,
I have tested with nagios user as well.. still no luck with that. Could you
some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as the root
user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the remote node
and whether the same manual run of the check produces the same output.
For example, I run remote plugins through nrpe as the nagios user so if I
want to manually test a plugin on the remote node, I would first login as the
nagios user to ensure I've got the same environment that would be used when
running via nrpe. It might be that the variables you have set in the script
only work as the root user. It's never a good idea to test as the root user
but only as the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall running
( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via check_nrpe
( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic
will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to
be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a clue as to
the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hello All,
Just to add on, I have done some readings and tested other option is
1. open /etc/sudoers file and entry a line as like below
Defaults:nagios !requiretty
Note: It means only nagios user not require a tty, but rest of others have. I
recommend, this is better option
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: Thursday, 25 July 2013 5:37 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hello All,
I have found the helpful fix after much of struggle, it might be useful someone
want to configure and monitor Iptables status.
After write your own plugin, then keep it in /usr/local/nagios/libexec dir.
1. open /etc/sudoers file and comment line as like below
#Defaultsrequiretty
2. End of /etc/sudoers file mention the line as below
nagios servername= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_nrpe
Note: Do remember to mention your own server name
Now you can test your plugin via check_NRPE and it will give you expected
results.
Good Luck!
Kind Regards,
Thilakraj Shanmugam
From: Thilakraj.Shanmugam
Sent: Wednesday, 29 May 2013 3:39 PM
To: Nagios Users List
Subject: RE: Nagios Plugin for IPTABLES Monitoring
Hi Deborah et al,
I have tested with nagios user as well.. still no luck with that. Could you
some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as the root
user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the remote node
and whether the same manual run of the check produces the same output.
For example, I run remote plugins through nrpe as the nagios user so if I
want to manually test a plugin on the remote node, I would first login as the
nagios user to ensure I've got the same environment that would be used when
running via nrpe. It might be that the variables you have set in the script
only work as the root user. It's never a good idea to test as the root user
but only as the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall running
( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via check_nrpe
( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic
will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to
be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
adjust your awk statement. I bet you the output is shifted one field to
the left or right.
Cheers.
-Percy
On 5/14/2013 4:43 AM, Deborah Martin wrote:
Hi,
What is the wrong output being returned ? This might give us all a
clue as to the cause of the problem.
When you run the check manually, are you doing this as the same user
that check_nrpe will use ?
Regards,
Deborah
*From:*Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
*Sent:* 14 May 2013 08:43
*To:* nagios-users@lists.sourceforge.net
*Subject:* [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to
nagios server.
If I execute script manually, it shows correct output...
But if I execute via ./check_nrpe -- H localhost --c check_iptables,
it shows wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid
| $WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0 ] ; then
echo Firewall is not running
exit ${E_CRITICAL}
fi
Untitled Document
This e-mail and any files transmitted with it are strictly
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you are not the intended
recipient, please delete this e-mail immediately. Any unauthorised
distribution or copying is strictly prohibited.
Whilst Kognitio endeavours to prevent the transmission of viruses via
e-mail, we cannot guarantee that any e-mail or attachment is free from
computer viruses and you are strongly advised to undertake your own
anti-virus precautions. Kognitio grants no warranties regarding
performance, use or quality of any e-mail or attachment and undertakes
no liability for loss or damage, howsoever caused.
--
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
--
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ran as nagios user and please find the details below. ( iptables Stopped)
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' |
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo $?
0
That 'echo $?' was supposed to be on the next line, not a continuation
of the command. Can you run that again, but as two separate commands,
one right after the other? I want to see the result of your first
command (the iptables one).
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL
Chain INPUT (policy ACCEPT 9089 packets, 3303K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)
pkts bytes target prot opt in out source
destination
[nagios@server ~]$
I'm assuming server == zurich, right?
I wonder if you can cut out the first grep and awk, and just look
for 'Cid' ?
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Thursday, 30 May 2013 8:44 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
I'm assuming that this check is running *on* the host 'zurich'?
/var/log/secure should be listing an entry, if sudo is being run.
Manually, *as the nagios user*, what happens when you do the following?
/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?
How about just (again, as the nagios user):
/usr/bin/sudo /sbin/iptables -nvL
Please find the details
Sudoers Definition:-
nagios zurich= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_iptables.sh,
/usr/local/nagios/libexec/check_nrpe
/var/log/secure:
su: pam_unix(su:session): session opened for user nagios by
root(uid=0)
su: pam_unix(su:session): session closed for user nagios
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Wednesday, 29 May 2013 7:59 PM
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to run any
commands via sudo?
And what does /var/log/secure (or equivalent) think about the nagios
user trying to run sudo?
I have tested with nagios user as well.. still no luck with that.
Could you some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as
the root user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the
remote node and whether the same manual run of the check produces
the same output.
For example, I run remote plugins through nrpe as the nagios user
so if I want to manually test a plugin on the remote node, I would
first login as the nagios user to ensure I've got the same
environment that would be used when running via nrpe. It might be
that the variables you have set in the script only work as the root
user. It's never a good idea to test as the root user but only as
the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam
[mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows
firewall
running ( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing
via
check_nrpe ( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Please find the details..
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' |
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l
0
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep Cid |
/usr/bin/wc -l
0
[nagios@server ~]$
[nagios@server ~]$ echo $?
0
[nagios@servef ~]$
Yes, Server = zurich
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Friday, 31 May 2013 8:05 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ran as nagios user and please find the details below. ( iptables
Stopped)
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep
'Chain' | /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo $?
0
That 'echo $?' was supposed to be on the next line, not a continuation of the
command. Can you run that again, but as two separate commands, one right after
the other? I want to see the result of your first command (the iptables one).
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL Chain INPUT
(policy ACCEPT 9089 packets, 3303K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)
pkts bytes target prot opt in out source
destination
[nagios@server ~]$
I'm assuming server == zurich, right?
I wonder if you can cut out the first grep and awk, and just look for 'Cid' ?
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Thursday, 30 May 2013 8:44 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
I'm assuming that this check is running *on* the host 'zurich'?
/var/log/secure should be listing an entry, if sudo is being run.
Manually, *as the nagios user*, what happens when you do the following?
/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?
How about just (again, as the nagios user):
/usr/bin/sudo /sbin/iptables -nvL
Please find the details
Sudoers Definition:-
nagios zurich= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_iptables.sh,
/usr/local/nagios/libexec/check_nrpe
/var/log/secure:
su: pam_unix(su:session): session opened for user nagios by
root(uid=0)
su: pam_unix(su:session): session closed for user nagios
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Wednesday, 29 May 2013 7:59 PM
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourcefo
rge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to run
any commands via sudo?
And what does /var/log/secure (or equivalent) think about the nagios
user trying to run sudo?
I have tested with nagios user as well.. still no luck with that.
Could you some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as
the root user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the
remote node and whether the same manual run of the check produces
the same output.
For example, I run remote plugins through nrpe as the nagios user
so if I want to manually test a plugin on the remote node, I would
first login as the nagios user to ensure I've got the same
environment that would be used when running via nrpe. It might be
that the variables you have set in the script only work as the root
user. It's never a good idea to test as the root user but only as
the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam
[mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL /bin/grep Chain /bin/awk '{
++ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows
firewall
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
OK. So, what differs when you try that first command when iptables
*is* running?
Please find the details..
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain'
| /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l
0
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep Cid |
/usr/bin/wc -l
0
[nagios@server ~]$
[nagios@server ~]$ echo $?
0
[nagios@servef ~]$
Yes, Server = zurich
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Friday, 31 May 2013 8:05 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ran as nagios user and please find the details below. ( iptables
Stopped)
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep
'Chain' | /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo
$?
0
That 'echo $?' was supposed to be on the next line, not a continuation of
the command. Can you run that again, but as two separate commands, one
right after the other? I want to see the result of your first command
(the iptables one).
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL Chain INPUT
(policy ACCEPT 9089 packets, 3303K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)
pkts bytes target prot opt in out source
destination
[nagios@server ~]$
I'm assuming server == zurich, right?
I wonder if you can cut out the first grep and awk, and just look for
'Cid' ?
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Thursday, 30 May 2013 8:44 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
I'm assuming that this check is running *on* the host 'zurich'?
/var/log/secure should be listing an entry, if sudo is being run.
Manually, *as the nagios user*, what happens when you do the following?
/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?
How about just (again, as the nagios user):
/usr/bin/sudo /sbin/iptables -nvL
Please find the details
Sudoers Definition:-
nagios zurich= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_iptables.sh,
/usr/local/nagios/libexec/check_nrpe
/var/log/secure:
su: pam_unix(su:session): session opened for user nagios by
root(uid=0)
su: pam_unix(su:session): session closed for user nagios
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Wednesday, 29 May 2013 7:59 PM
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourcefo
rge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to run
any commands via sudo?
And what does /var/log/secure (or equivalent) think about the nagios
user trying to run sudo?
I have tested with nagios user as well.. still no luck with that.
Could you some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as
the root user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the
remote node and whether the same manual run of the check produces
the same output.
For example, I run remote plugins through nrpe as the nagios user
so if I want to manually test a plugin on the remote node, I would
first login as the nagios user to ensure I've got the same
environment that would be used when running via nrpe. It might be
that the variables you have set in the script only work as the root
user. It's never a good idea to test as the root user but only as
the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam
[mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL /bin/grep Chain /bin/awk '{
++ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
I'm assuming that this check is running *on* the host 'zurich'?
/var/log/secure should be listing an entry, if sudo is being run.
Manually, *as the nagios user*, what happens when you do the following?
/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l
echo $?
How about just (again, as the nagios user):
/usr/bin/sudo /sbin/iptables -nvL
Please find the details
Sudoers Definition:-
nagios zurich= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_iptables.sh,
/usr/local/nagios/libexec/check_nrpe
/var/log/secure:
su: pam_unix(su:session): session opened for user nagios by root(uid=0)
su: pam_unix(su:session): session closed for user nagios
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Wednesday, 29 May 2013 7:59 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to run any
commands via sudo?
And what does /var/log/secure (or equivalent) think about the nagios user
trying to run sudo?
I have tested with nagios user as well.. still no luck with that.
Could you some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as
the root user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the
remote node and whether the same manual run of the check produces the
same output.
For example, I run remote plugins through nrpe as the nagios user so
if I want to manually test a plugin on the remote node, I would first
login as the nagios user to ensure I've got the same environment that
would be used when running via nrpe. It might be that the variables
you have set in the script only work as the root user. It's never a
good idea to test as the root user but only as the same user as that
used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows
firewall
running ( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing
via
check_nrpe ( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15%
-c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15%
-c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All
network traffic will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command
'check_iptables' to be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2
and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is
not running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a
clue as to the cause of the problem.
When you run the check manually, are you doing this as the same user
that check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Or instead use a specific REJECT rule on specific port that otherwise
will work and test it via a small script that will return if ok or not..
can work like this:
echo server startup on upper ports threaded.
test a client on it.
get result and close both server and client.
can be very simple to do in ruby.
Eliezer
On 5/14/2013 10:42 AM, Thilakraj.Shanmugam wrote:
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to
nagios server.
If I execute script manually, it shows correct output…
But if I execute via ./check_nrpe – H localhost –c check_iptables, it
shows wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid |
$WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0 ] ; then
echo Firewall is not running
exit ${E_CRITICAL}
fi
--
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
--
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with 2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ran as nagios user and please find the details below. ( iptables Stopped)
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' |
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo $?
0
[nagios@server ~]$ /usr/bin/sudo /sbin/iptables -nvL
Chain INPUT (policy ACCEPT 9089 packets, 3303K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)
pkts bytes target prot opt in out source destination
[nagios@server ~]$
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Thursday, 30 May 2013 8:44 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
I'm assuming that this check is running *on* the host 'zurich'?
/var/log/secure should be listing an entry, if sudo is being run.
Manually, *as the nagios user*, what happens when you do the following?
/usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
/bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?
How about just (again, as the nagios user):
/usr/bin/sudo /sbin/iptables -nvL
Please find the details
Sudoers Definition:-
nagios zurich= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_iptables.sh,
/usr/local/nagios/libexec/check_nrpe
/var/log/secure:
su: pam_unix(su:session): session opened for user nagios by
root(uid=0)
su: pam_unix(su:session): session closed for user nagios
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Wednesday, 29 May 2013 7:59 PM
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to run any
commands via sudo?
And what does /var/log/secure (or equivalent) think about the nagios
user trying to run sudo?
I have tested with nagios user as well.. still no luck with that.
Could you some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as
the root user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the
remote node and whether the same manual run of the check produces
the same output.
For example, I run remote plugins through nrpe as the nagios user
so if I want to manually test a plugin on the remote node, I would
first login as the nagios user to ensure I've got the same
environment that would be used when running via nrpe. It might be
that the variables you have set in the script only work as the root
user. It's never a good idea to test as the root user but only as
the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam
[mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows
firewall
running ( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing
via
check_nrpe ( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15%
-c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w
15% -c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to
run any commands via sudo?
And what does /var/log/secure (or equivalent) think about the
nagios user trying to run sudo?
I have tested with nagios user as well.. still no luck with that. Could
you some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as the
root user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the remote
node and whether the same manual run of the check produces the same
output.
For example, I run remote plugins through nrpe as the nagios user so if
I want to manually test a plugin on the remote node, I would first login
as the nagios user to ensure I've got the same environment that would be
used when running via nrpe. It might be that the variables you have set in
the script only work as the root user. It's never a good idea to test as
the root user but only as the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall
running ( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via
check_nrpe ( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c
5% -p /db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c
5% -p /app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network
traffic will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command
'check_iptables' to be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not
running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a clue as
to the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to
nagios server.
If I execute script manually, it shows correct output...
But if I execute via ./check_nrpe - H localhost -c check_iptables, it
shows wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid |
$WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Please find the details
Sudoers Definition:-
nagios zurich= NOPASSWD: /sbin/iptables,
/usr/local/nagios/libexec/check_iptables.sh,
/usr/local/nagios/libexec/check_nrpe
/var/log/secure:
su: pam_unix(su:session): session opened for user nagios by root(uid=0)
su: pam_unix(su:session): session closed for user nagios
-Original Message-
From: C. Bensend [mailto:be...@bennyvision.com]
Sent: Wednesday, 29 May 2013 7:59 PM
To: nagios-users@lists.sourceforge.net
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Where's your sudoers definition that allows the nagios user to run any commands
via sudo?
And what does /var/log/secure (or equivalent) think about the nagios user
trying to run sudo?
I have tested with nagios user as well.. still no luck with that.
Could you some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as
the root user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the
remote node and whether the same manual run of the check produces the
same output.
For example, I run remote plugins through nrpe as the nagios user so
if I want to manually test a plugin on the remote node, I would first
login as the nagios user to ensure I've got the same environment that
would be used when running via nrpe. It might be that the variables
you have set in the script only work as the root user. It's never a
good idea to test as the root user but only as the same user as that used by
nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall
running ( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via
check_nrpe ( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15%
-c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15%
-c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All
network traffic will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command
'check_iptables' to be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2
and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is
not running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a
clue as to the cause of the problem.
When you run the check manually, are you doing this as the same user
that check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceformailto:nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourcefor
ge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah et al,
I have tested with nagios user as well.. still no luck with that. Could you
some one update if you have any solution on this case.
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as the root
user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the remote node
and whether the same manual run of the check produces the same output.
For example, I run remote plugins through nrpe as the nagios user so if I
want to manually test a plugin on the remote node, I would first login as the
nagios user to ensure I've got the same environment that would be used when
running via nrpe. It might be that the variables you have set in the script
only work as the root user. It's never a good idea to test as the root user
but only as the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall running
( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via check_nrpe
( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic
will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to
be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a clue as to
the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to nagios
server.
If I execute script manually, it shows correct output...
But if I execute via ./check_nrpe - H localhost -c check_iptables, it shows
wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0
[Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to nagios
server.
If I execute script manually, it shows correct output...
But if I execute via ./check_nrpe - H localhost -c check_iptables, it shows
wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0 ] ; then
echo Firewall is not running
exit ${E_CRITICAL}
fi
--
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a clue as to
the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To: nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to nagios
server.
If I execute script manually, it shows correct output...
But if I execute via ./check_nrpe - H localhost -c check_iptables, it shows
wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0 ] ; then
echo Firewall is not running
exit ${E_CRITICAL}
fi
This e-mail and any files transmitted with it are strictly confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended recipient, please delete this e-mail
immediately. Any unauthorised distribution or copying is strictly prohibited.
Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail,
we cannot guarantee that any e-mail or attachment is free from computer viruses
and you are strongly advised to undertake your own anti-virus precautions.
Kognitio grants no warranties regarding performance, use or quality of any
e-mail or attachment and undertakes no liability for loss or damage, howsoever
caused.
--
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall running
( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via check_nrpe
( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic
will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to
be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a clue as to
the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to nagios
server.
If I execute script manually, it shows correct output...
But if I execute via ./check_nrpe - H localhost -c check_iptables, it shows
wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0 ] ; then
echo Firewall is not running
exit ${E_CRITICAL}
fi
This e-mail and any files transmitted with it are strictly confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended recipient, please delete this e-mail
immediately. Any unauthorised distribution or copying is strictly prohibited.
Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail,
we cannot guarantee that any e-mail or attachment is free from computer viruses
and you are strongly advised to undertake your own anti-virus precautions.
Kognitio grants no warranties regarding performance, use or quality of any
e-mail or attachment and undertakes no liability for loss or damage, howsoever
caused.
--
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d___
Nagios-users
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Never test as root!
Joerg
Am 14.05.2013 um 10:58 schrieb Thilakraj.Shanmugam
thilakraj.shanmu...@canberra.edu.au:
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall
running ( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via
check_nrpe ( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5%
-p /db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5%
-p /app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network
traffic will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables'
to be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not
running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a clue as to
the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To: nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to nagios
server.
If I execute script manually, it shows correct output…
But if I execute via ./check_nrpe – H localhost –c check_iptables, it shows
wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC
-l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0 ] ; then
echo Firewall is not running
exit ${E_CRITICAL}
fi
This e-mail and any files transmitted with it are strictly confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended recipient, please delete this e-mail
immediately. Any unauthorised distribution or copying is strictly prohibited.
Whilst Kognitio endeavours to prevent the transmission of viruses via e-mail,
we cannot guarantee that any e-mail or attachment is free from computer
viruses and you are strongly advised to undertake your own anti-virus
precautions. Kognitio grants no warranties regarding performance, use or
quality of any e-mail or attachment and undertakes no liability for loss or
damage, howsoever caused.
--
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Ok - if I look at your output, manually, when the plugin is run as the root
user it produces the correct result.
But, you haven't said what the nrpe user is that is running on the remote node
and whether the same manual run of the check produces the same output.
For example, I run remote plugins through nrpe as the nagios user so if I
want to manually test a plugin on the remote node, I would first login as the
nagios user to ensure I've got the same environment that would be used when
running via nrpe. It might be that the variables you have set in the script
only work as the root user. It's never a good idea to test as the root user
but only as the same user as that used by nagios or nrpe.
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi Deborah, Thanks for the response.. please find the details below.
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall running
( correct output )
[root@abc libexec]#
Client - NRPE config file
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via check_nrpe
( wrong output )
[root@abc libexec]#
NRPE Logs
-
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p
/app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic
will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to
be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running
Kind Regards,
Thilak
From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Hi,
What is the wrong output being returned ? This might give us all a clue as to
the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
Regards,
Deborah
From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To:
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Greetings!
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
I have tested below script but it is not returning correct output to nagios
server.
If I execute script manually, it shows correct output...
But if I execute via ./check_nrpe - H localhost -c check_iptables, it shows
wrong output.
Below is my plugin
--
#!/bin/bash
set -x
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid | $WC -l`
if [ $CHAINS -ne 0 ] ; then
echo Firewall is running!
exit ${E_SUCCESS}
elif [ $CHAINS -eq 0 ] ; then
echo Firewall is not running
exit ${E_CRITICAL}
fi
This e-mail and any files transmitted with it are strictly confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended recipient, please delete this e-mail
immediately. Any unauthorised
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
try setting the suid for this script
On Tue, May 14, 2013 at 2:59 PM, Deborah Martin deborah.mar...@kognitio.com
wrote:
Ok – if I look at your output, manually, when the plugin is run as the
“root” user it produces the correct result.
** **
But, you haven’t said what the nrpe user is that is running on the remote
node and whether the same manual run of the check produces the same
output.
For example, I run remote plugins through nrpe as the “nagios” user so if
I want to manually test a plugin on the remote node, I would first login as
the nagios user to ensure I’ve got the same environment that would be used
when running via nrpe. It might be that the variables you have set in the
script only work as the root user. It’s never a good idea to test as the
root user but only as the same user as that used by nagios or nrpe.
** **
Regards,
Deborah
** **
*From:* Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
*Sent:* 14 May 2013 09:58
*To:* Nagios Users List
*Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
** **
Hi Deborah, Thanks for the response.. please find the details below.
** **
** **
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall running ( correct output )
[root@abc libexec]#
** **
** **
*Client - NRPE config file*
** **
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable***
*
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
** **
** **
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via check_nrpe ( wrong output )
[root@abc libexec]#
** **
** **
NRPE Logs
-
** **
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5%
-p /db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c
5% -p /app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network
traffic will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command
'check_iptables' to be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not
running
** **
** **
Kind Regards,
Thilak
** **
** **
*From:* Deborah Martin
[mailto:deborah.mar...@kognitio.comdeborah.mar...@kognitio.com]
*Sent:* Tuesday, 14 May 2013 6:44 PM
*To:* Nagios Users List
*Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
** **
Hi,
What is the wrong output being returned ? This might give us all a clue as
to the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
** **
Regards,
Deborah
** **
** **
** **
*From:* Thilakraj.Shanmugam
[mailto:thilakraj.shanmu...@canberra.edu.authilakraj.shanmu...@canberra.edu.au]
*Sent:* 14 May 2013 08:43
*To:* nagios-users@lists.sourceforge.net
*Subject:* [Nagios-users] Nagios Plugin for IPTABLES Monitoring
** **
Greetings!
** **
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
** **
I have tested below script but it is not returning correct output to
nagios server.
** **
If I execute script manually, it shows correct output…
** **
But if I execute via ./check_nrpe – H localhost –c check_iptables, it
shows wrong output.
** **
** **
** **
Below is my plugin
--
** **
#!/bin/bash
set -x
** **
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo'
** **
E_SUCCESS=0
E_CRITICAL=2
E_UNKNOWN=3
** **
CHAINS=`$A $IPT -nvL | $GREP 'Chain
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
Sunil Sankar [14.05.2013 12:41]:
try setting the suid for this script
Set a script suid? Which operating system supports that?
On Tue, May 14, 2013 at 2:59 PM, Deborah Martin deborah.mar...@kognitio.com
wrote:
Ok – if I look at your output, manually, when the plugin is run as the
“root” user it produces the correct result.
** **
But, you haven’t said what the nrpe user is that is running on the remote
node and whether the same manual run of the check produces the same
output.
For example, I run remote plugins through nrpe as the “nagios” user so if
I want to manually test a plugin on the remote node, I would first login as
the nagios user to ensure I’ve got the same environment that would be used
when running via nrpe. It might be that the variables you have set in the
script only work as the root user. It’s never a good idea to test as the
root user but only as the same user as that used by nagios or nrpe.
** **
Regards,
Deborah
** **
*From:* Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
*Sent:* 14 May 2013 09:58
*To:* Nagios Users List
*Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
** **
Hi Deborah, Thanks for the response.. please find the details below.
** **
** **
[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh
- Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
-- it shows firewall running ( correct output )
[root@abc libexec]#
** **
** **
*Client - NRPE config file*
** **
[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable***
*
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#
** **
** **
[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running
- executing via check_nrpe ( wrong output )
[root@abc libexec]#
** **
** **
NRPE Logs
-
** **
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5%
-p /db
May 14 18:52:28 abc nrpe[31158]: Added
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c
5% -p /app
May 14 18:52:28 abc nrpe[31158]: Added
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network
traffic will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command
'check_iptables' to be run...
May 14 18:52:28 abc nrpe[31158]: Running command:
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not
running
** **
** **
Kind Regards,
Thilak
** **
** **
*From:* Deborah Martin
[mailto:deborah.mar...@kognitio.comdeborah.mar...@kognitio.com]
*Sent:* Tuesday, 14 May 2013 6:44 PM
*To:* Nagios Users List
*Subject:* Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
** **
Hi,
What is the wrong output being returned ? This might give us all a clue as
to the cause of the problem.
When you run the check manually, are you doing this as the same user that
check_nrpe will use ?
** **
Regards,
Deborah
** **
** **
** **
*From:* Thilakraj.Shanmugam
[mailto:thilakraj.shanmu...@canberra.edu.authilakraj.shanmu...@canberra.edu.au]
*Sent:* 14 May 2013 08:43
*To:* nagios-users@lists.sourceforge.net
*Subject:* [Nagios-users] Nagios Plugin for IPTABLES Monitoring
** **
Greetings!
** **
Could someone send me nagios plugin which is tested and works well for
monitoring IPTABLES in Linux.
** **
I have tested below script but it is not returning correct output to
nagios server.
** **
If I execute script manually, it shows correct output…
** **
But if I execute via ./check_nrpe – H localhost –c check_iptables, it
shows wrong output.
** **
** **
** **
Below is my plugin
--
** **
#!/bin/bash
set -x
** **
IPT='/sbin/iptables'
GREP='/bin/grep'
AWK='/bin/awk'
EXPR='/usr/bin/expr'
WC='/usr/bin/wc'
A='/usr/bin/sudo
Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
On Tue, May 14, 2013 at 01:12:23PM +0200, Werner Flamme wrote: Sunil Sankar [14.05.2013 12:41]: try setting the suid for this script Set a script suid? Which operating system supports that? Better would be to enable the NRPE user to run a specific iptables invocation via sudoers. -- AlienVault Unified Security Management (USM) platform delivers complete security visibility with the essential security capabilities. Easily and efficiently configure, manage, and operate all of your security controls from a single console and one unified framework. Download a free trial. http://p.sf.net/sfu/alienvault_d2d ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
