Monitoring Open Ports
Kevin Keane
subscription at kkeane.com
Wed Sep 30 03:09:25 CEST 2009
Not sure if my response will help you since I take a slightly different
approach to monitoring basically the same thing. I am monitoring both
the ports actually being listened on, and the iptables configuration.
I'm using netstat -ltunp on the monitored server. Below is the plugin
script I am using. Actually, it really looks for CHANGES in open ports.
The first time it runs, it creates a file /var/run/checkPorts that
contains a list of all currently-open ports. Any time a port opens or
stops listening, the script generates an alert. If you expect a change
in the list of open ports, simply delete the file /var/run/checkPorts.
I also have a similar script that compares the actual iptables filter
tables with the ones specified, to see if the firewall may have opened
some port unexpectedly. That, too, has to run on the monitored machine.
If you want to check from the outside - such as from the nagios server -
you probably need to use nmap or the like, or you may be able to use an
SNMP query or similar to your firewall. Be aware that your firewall may
actually detect that type of probing as an intrusion attempt.
#!/bin/bash
result=0
# the PID in the output of netstat can legitimately change, so
# let's remove it. We also sort to be sure that the ordering
# doesn't cause any headaches later
netstat -ltunp | sed 's;[0-9]*/.*;;' | sort > /tmp/$$.checkPorts
if [ ! -f /var/run/checkPorts ]
then
cp /tmp/$$.checkPorts /var/run/checkPorts
echo -n "Created new compare file"
else
out=$(diff --ignore-all-space /tmp/$$.checkPorts /var/run/checkPorts)
if [ $? -ne 0 ]
then
result=1
echo "$out" | grep '[<>]' | awk '{ print $1, $5, $8; }' | sed -e
:a -e '$!N; s/\n/; /; ta'
else
echo -n "Only expected ports are open"
fi
fi
rm -f /tmp/$$.checkPorts
exit $result
Matt Baer wrote:
> Is there a way that Nagios can monitor open ports, even if there isn't
> anything listening on the destination? I'd like to monitor my open
> ports on my firewall JUST to make sure they're open. I would just
> specify the port with the normal Nagios command and point it at my
> public IP address, but obviously, the check will fail unless something
> is listening on the other end. Basically I want to port scan specific
> ports. Any ideas?
--
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About
Office: 866-642-7116
http://www.4nettech.com
This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list