Nagios Plugin for IPTABLES Monitoring

C. Bensend benny at bennyvision.com
Fri May 31 12:04:43 CEST 2013


> Ran as nagios user and please find the details below.  ( iptables Stopped)
>
>
> [nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' |
> /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l| echo $?
> 0

That 'echo $?' was supposed to be on the next line, not a continuation
of the command.  Can you run that again, but as two separate commands,
one right after the other?  I want to see the result of your first
command (the iptables one).

> [nagios at server ~]$ /usr/bin/sudo /sbin/iptables -nvL
> Chain INPUT (policy ACCEPT 9089 packets, 3303K bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination
>
> Chain OUTPUT (policy ACCEPT 7812 packets, 3436K bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> [nagios at server ~]$

I'm assuming "server" == "zurich", right?

I wonder if you can cut out the first grep and awk, and just look
for 'Cid' ?


> -----Original Message-----
> From: C. Bensend [mailto:benny at bennyvision.com]
> Sent: Thursday, 30 May 2013 8:44 PM
> To: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>
>
> I'm assuming that this check is running *on* the host 'zurich'?
>
> /var/log/secure should be listing an entry, if sudo is being run.
>
> Manually, *as the nagios user*, what happens when you do the following?
>
> /usr/bin/sudo /sbin/iptables -nvL | /bin/grep 'Chain' | \
>    /bin/awk '{ print $2 }'| /bin/grep Cid | /usr/bin/wc -l echo $?
>
>
> How about just (again, as the nagios user):
>
> /usr/bin/sudo /sbin/iptables -nvL
>
>
>> Please find the details
>>
>> Sudoers Definition:-
>>
>> nagios zurich= NOPASSWD: /sbin/iptables,
>> /usr/local/nagios/libexec/check_iptables.sh,
>> /usr/local/nagios/libexec/check_nrpe
>>
>> /var/log/secure:
>>
>> su: pam_unix(su:session): session opened for user nagios by
>> root(uid=0)
>> su: pam_unix(su:session): session closed for user nagios
>>
>>
>>
>> -----Original Message-----
>> From: C. Bensend [mailto:benny at bennyvision.com]
>> Sent: Wednesday, 29 May 2013 7:59 PM
>> To:
>> nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourceforge.net>
>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>
>>
>> Where's your sudoers definition that allows the nagios user to run any
>> commands via sudo?
>>
>> And what does /var/log/secure (or equivalent) think about the nagios
>> user trying to run sudo?
>>
>>
>>> I have tested with nagios user as well.. still no luck with that.
>>> Could you some one update if you have any solution on this case.
>>>
>>> Kind Regards,
>>> Thilak
>>>
>>> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
>>> Sent: Tuesday, 14 May 2013 7:30 PM
>>> To: Nagios Users List
>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>
>>> Ok - if I look at your output, manually,  when the plugin is run as
>>> the "root" user it produces the correct result.
>>>
>>> But, you haven't said what the nrpe user is that is running on the
>>> remote node  and whether the same manual run of the check produces
>>> the same output.
>>> For example, I run remote plugins through nrpe as the "nagios" user
>>> so if I want to manually test a plugin on the remote node, I would
>>> first login as the nagios user to ensure I've got the same
>>> environment that would be used when running via nrpe. It might be
>>> that the variables you have set in the script only work as the root
>>> user. It's never a good idea to test as the root  user but only as
>>> the same user as that used by nagios or nrpe.
>>>
>>> Regards,
>>> Deborah
>>>
>>> From: Thilakraj.Shanmugam
>>> [mailto:Thilakraj.Shanmugam at canberra.edu.au]
>>> Sent: 14 May 2013 09:58
>>> To: Nagios Users List
>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>
>>> Hi Deborah,  Thanks for the response..  please find the details below.
>>>
>>>
>>> [root at abc libexec]# pwd
>>> /usr/local/nagios/libexec
>>> [root at abc libexec]# ./check_iptables.sh
>>>                                    <-----  Executing manually script
>>> + IPT=/sbin/iptables
>>> + GREP=/bin/grep
>>> + AWK=/bin/awk
>>> + EXPR=/usr/bin/expr
>>> + WC=/usr/bin/wc
>>> + A=/usr/bin/sudo
>>> + E_SUCCESS=0
>>> + E_CRITICAL=2
>>> + E_UNKNOWN=3
>>> ++ /usr/bin/sudo /sbin/iptables -nvL
>>> ++ /bin/grep Chain
>>> ++ /bin/awk '{ print $2 }'
>>> ++ /bin/grep Cid
>>> ++ /usr/bin/wc -l
>>> + CHAINS=5
>>> + '[' 5 -ne 0 ']'
>>> + echo 'Firewall is running!'
>>> Firewall is running!
>>> + exit 0
>>>                                                 <------  it shows
>>> firewall
>>> running   ( correct output )
>>> [root at abc libexec]#
>>>
>>>
>>> Client - NRPE config file
>>>
>>> [root at abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i
>>> iptable
>>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
>>> [root at abc libexec]#
>>>
>>>
>>> [root at abc libexec]# ./check_nrpe -H localhost -c check_iptables
>>> Firewall is not running
>>>                                                     <-----  executing
>>> via
>>> check_nrpe   (  wrong output )
>>> [root at abc libexec]#
>>>
>>>
>>> NRPE Logs
>>> -------------
>>>
>>> May 14 18:52:28 abc nrpe[31158]: Added
>>> command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15%
>>> -c 5% -p /db May 14 18:52:28 abc nrpe[31158]: Added
>>> command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w
>>> 15% -c 5% -p /app May 14 18:52:28 abc nrpe[31158]: Added
>>> command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
>>> May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All
>>> network traffic will be encrypted.
>>> May 14 18:52:28 abc nrpe[31158]: Handling the connection...
>>> May 14 18:52:28 abc nrpe[31158]: Host is asking for command
>>> 'check_iptables' to be run...
>>> May 14 18:52:28 abc nrpe[31158]: Running command:
>>> /usr/local/nagios/libexec/check_iptables.sh
>>> May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2
>>> and
>>> output: Firewall is not running
>>> May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is
>>> not running
>>>
>>>
>>> Kind Regards,
>>> Thilak
>>>
>>>
>>> From: Deborah Martin [mailto:Deborah.Martin at kognitio.com]
>>> Sent: Tuesday, 14 May 2013 6:44 PM
>>> To: Nagios Users List
>>> Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>
>>> Hi,
>>> What is the wrong output being returned ? This might give us all a
>>> clue as to the cause of the problem.
>>> When you run the check manually, are you doing this as the same user
>>> that check_nrpe will use ?
>>>
>>> Regards,
>>> Deborah
>>>
>>>
>>>
>>> From: Thilakraj.Shanmugam
>>> [mailto:Thilakraj.Shanmugam at canberra.edu.au]
>>> Sent: 14 May 2013 08:43
>>> To:
>>> nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcefo<mailto:nagios-users at lists.sourceforge.net<mailto:nagios-users at lists.sourcefo>
>>> r<mailto:nagios-users at lists.sourceforge.net<mailto:nagios-users at lists
>>> .sourcefor>
>>> ge.net>
>>> Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring
>>>
>>> Greetings!
>>>
>>> Could someone send me nagios plugin which is tested and works well
>>> for monitoring IPTABLES in Linux.
>>>
>>> I have tested below script but it is not returning correct output to
>>> nagios server.
>>>
>>> If I execute script manually, it shows correct output...
>>>
>>> But if I execute via  ./check_nrpe - H localhost -c check_iptables,
>>> it shows wrong output.
>>>
>>>
>>>
>>> Below is my plugin
>>> ------------------------------
>>>
>>> #!/bin/bash
>>> set -x
>>>
>>> IPT='/sbin/iptables'
>>> GREP='/bin/grep'
>>> AWK='/bin/awk'
>>> EXPR='/usr/bin/expr'
>>> WC='/usr/bin/wc'
>>> A='/usr/bin/sudo'
>>>
>>> E_SUCCESS="0"
>>> E_CRITICAL="2"
>>> E_UNKNOWN="3"
>>>
>>> CHAINS=`$A $IPT -nvL | $GREP 'Chain' | $AWK '{ print $2 }'| $GREP Cid
>>> | $WC -l`
>>>
>>>                 if [ $CHAINS -ne 0 ] ; then
>>>                         echo "Firewall is running!"
>>>                         exit ${E_SUCCESS}
>>>
>>>                 elif [ $CHAINS -eq 0 ] ; then
>>>                         echo "Firewall is not running"
>>>                         exit ${E_CRITICAL}
>>>                 fi
>>>
>>>
>>>
>>> This e-mail and any files transmitted with it are strictly
>>> confidential and intended solely for the use of the individual or
>>> entity to whom they are addressed. If you are not the intended
>>> recipient, please delete this e-mail immediately. Any unauthorised
>>> distribution or copying is strictly prohibited.
>>>
>>> Whilst Kognitio endeavours to prevent the transmission of viruses via
>>> e-mail, we cannot guarantee that any e-mail or attachment is free
>>> from computer viruses and you are strongly advised to undertake your
>>> own anti-virus precautions. Kognitio grants no warranties regarding
>>> performance, use or quality of any e-mail or attachment and
>>> undertakes no liability for loss or damage, howsoever caused.
>>>
>>>
>>> This e-mail and any files transmitted with it are strictly
>>> confidential and intended solely for the use of the individual or
>>> entity to whom they are addressed. If you are not the intended
>>> recipient, please delete this e-mail immediately. Any unauthorised
>>> distribution or copying is strictly prohibited.
>>>
>>> Whilst Kognitio endeavours to prevent the transmission of viruses via
>>> e-mail, we cannot guarantee that any e-mail or attachment is free
>>> from computer viruses and you are strongly advised to undertake your
>>> own anti-virus precautions. Kognitio grants no warranties regarding
>>> performance, use or quality of any e-mail or attachment and
>>> undertakes no liability for loss or damage, howsoever caused.
>>> ---------------------------------------------------------------------
>>> -
>>> -------- Introducing AppDynamics Lite, a free troubleshooting tool
>>> for Java/.NET Get 100% visibility into your production application -
>>> at no cost.
>>> Code-level diagnostics for performance bottlenecks with <2% overhead
>>> Download for free and get started troubleshooting in minutes.
>>> http://p.sf.net/sfu/appdyn_d2d_ap1___________________________________
>>> _
>>> ___________
>>> Nagios-users mailing list
>>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefo<mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefo>
>>> rge.net> https://lists.sourceforge.net/lists/listinfo/nagios-users
>>> ::: Please include Nagios version, plugin version (-v) and OS when
>>> reporting any issue.
>>> ::: Messages without supporting info will risk being sent to
>>> /dev/null
>>
>>
>> --
>> "The very existence of flamethrowers proves that sometime, somewhere,
>> someone said to themselves, 'You know, I want to set those people over
>> there on fire, but I'm just not close enough to get the job
>> done.'"                          -- George Carlin
>>
>>
>> ----------------------------------------------------------------------
>> -------- Introducing AppDynamics Lite, a free troubleshooting tool for
>> Java/.NET Get 100% visibility into your production application - at no
>> cost.
>> Code-level diagnostics for performance bottlenecks with <2% overhead
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap1
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefor<mailto:Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourcefor>
>> ge.net> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
>> ----------------------------------------------------------------------
>> -------- Introducing AppDynamics Lite, a free troubleshooting tool for
>> Java/.NET Get 100% visibility into your production application - at no
>> cost.
>> Code-level diagnostics for performance bottlenecks with <2% overhead
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap1____________________________________
>> ___________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>
>
> --
> "The very existence of flamethrowers proves that sometime, somewhere,
> someone said to themselves, 'You know, I want to set those people over
> there on fire, but I'm just not close enough to get the job
> done.'"                          -- George Carlin
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net<mailto:Nagios-users at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2_______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null


-- 
"The very existence of flamethrowers proves that sometime, somewhere,
someone said to themselves, 'You know, I want to set those people
over there on fire, but I'm just not close enough to get the job
done.'"                          -- George Carlin


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list