Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_fsecure [F-Secure fsav check]
Current Version
1.0.1
Last Release Date
2012-09-05
Compatible With
- Nagios 3.x
Owner
License
GPL
Hits
63716
Files:
| File | Description |
|---|---|
| check_fsecure | Perl-Script check_fsecure |
check_fsecure compares the database version of F-Secure fsav with the current date.
We use it on our mailserver via check_by_ssh to make sure fsav (called by amavisd-new) is up-to-date.
Help with "check_fsecure -h"
We use it on our mailserver via check_by_ssh to make sure fsav (called by amavisd-new) is up-to-date.
Help with "check_fsecure -h"
Reviews (1)
byelysium, November 1, 2018
The plugin needs some modification for FSIGK F-Secure Internet Gatekeeper (thats not the same as FSLS, F-Secure Server Linux Security), but then its still useable, thanks for that.
With FSIGK 5.50 you have to change:
1. Link the following binaries to make ./fsav executable within FSIGK:
/usr/lib/libfsavd.so.7 -> /opt/f-secure/fsigk/fssp/lib/libfsavd.so.7
/usr/lib/libsubstatus.so -> /opt/f-secure/fsigk/fssp/lib/libsubstatus.so
/usr/lib/libkeycheck.so -> /opt/f-secure/fsigk/fssp/lib/libkeycheck.so
/usr/lib/libfsclm.so.2 -> /opt/f-secure/fsigk/fssp/lib/libfsclm.so.2
/usr/lib/libmgmtfile.2.0.0.so -> /opt/f-secure/fsigk/fssp/lib/libmgmtfile.2.0.0.so
2. Change line #101 to a hardcoded path conf path (or ad another prefix, FSAV in FSIGK works just different to FSLS):
chomp(my $fsav_version = `$fsav --config=file:/opt/f-secure/fsigk/fssp/etc/fssp.conf --version`);
Now it depends on your FSIGK installation, usually user "nagios" is not able to run "$fsav --config=file:/opt/f-secure/fsigk/fssp/etc/fssp.conf --version" without sudo/root.
2. Add sudo for the FSAV binary like this in check_fsecure:
my $fsav = "/usr/bin/sudo /opt/f-secure/fsigk/fssp/bin/fsav";
3. Comment-out the following lines in check_fsecure:
#if (!-x $fsav) {
# die("ERROR: Unable to execute $fsav");
#}
4. Add a sudo rule /etc/sudoers on monitored machine:
nagios ALL=(root) NOPASSWD: /opt/f-secure/fsigk/fssp/bin/fsav
Thats it.
With FSIGK 5.50 you have to change:
1. Link the following binaries to make ./fsav executable within FSIGK:
/usr/lib/libfsavd.so.7 -> /opt/f-secure/fsigk/fssp/lib/libfsavd.so.7
/usr/lib/libsubstatus.so -> /opt/f-secure/fsigk/fssp/lib/libsubstatus.so
/usr/lib/libkeycheck.so -> /opt/f-secure/fsigk/fssp/lib/libkeycheck.so
/usr/lib/libfsclm.so.2 -> /opt/f-secure/fsigk/fssp/lib/libfsclm.so.2
/usr/lib/libmgmtfile.2.0.0.so -> /opt/f-secure/fsigk/fssp/lib/libmgmtfile.2.0.0.so
2. Change line #101 to a hardcoded path conf path (or ad another prefix, FSAV in FSIGK works just different to FSLS):
chomp(my $fsav_version = `$fsav --config=file:/opt/f-secure/fsigk/fssp/etc/fssp.conf --version`);
Now it depends on your FSIGK installation, usually user "nagios" is not able to run "$fsav --config=file:/opt/f-secure/fsigk/fssp/etc/fssp.conf --version" without sudo/root.
2. Add sudo for the FSAV binary like this in check_fsecure:
my $fsav = "/usr/bin/sudo /opt/f-secure/fsigk/fssp/bin/fsav";
3. Comment-out the following lines in check_fsecure:
#if (!-x $fsav) {
# die("ERROR: Unable to execute $fsav");
#}
4. Add a sudo rule /etc/sudoers on monitored machine:
nagios ALL=(root) NOPASSWD: /opt/f-secure/fsigk/fssp/bin/fsav
Thats it.
