check_listening_ports (edouard.lamoine)

Project Notes

Plugin made by Edouard Lamoine

This plugin is verifying if no unexpected ports are listening on the localhost.

Copy the plugin in the nagios plugins directory.

Usage: ./check_listening_ports intput_your_authorized_ports_then_services_separed_by_spaces

ex without services informations: check_listening_ports 80 25 5666 sshd mysqld

ex with services informations: /usr/bin/sudo/ check_listening_ports 80 25 5666 sshd mysqld

Return OK if all the current listening ports / services behind have been passed in argument, CRITICAL if any one of them have not been passed, UNKNOWN if no ports were specified.

For example, if a hacker opens the port 984 for hackerdaemon service and you didn't specify port 984 or service hackerdaemon in the command, plugin will return "CRITICAL - Unexpected ports are listening: 984/hackerdaemon"

If you want to be informed of services running behind unexpected ports, you'll have to give Nagios user root access to the plugin: add permissions in sudoers file:

-> visudo

Below the line:
root ALL=(ALL:ALL) ALL

add

nagios ALL=(root) NOPASSWD: /usr/lib/nagios/plugins/check_listening_ports

Of course be sure Nagios user is allowed to access the plugin (use chmod to make it readable by Nagios user)

Let me know if you experience any problem with it.

UPDATE 11/05/2015 v1.1: Fixed bug: sometimes unexpected listening ports appears twice on output string.

UPDATE #2 11/05/2015 v1.2: optimized speed: now 2x faster

UPDATE 13/05/2015 v1.3: added service recognition, now you can specify allowed services, no matter their ports

UPDATE #2 13/05/2015 v1.4: Fixed bug: services with SERVER, IDLE or PRIVATE details messed up all services recognition for their port