Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_dhcpd_leases.py (Advanced Nagios Plugins Collection)
Compatible With
- Nagios 1.x
- Nagios 2.x
- Nagios 3.x
Owner
Download URL
Hits
102549
Part of the Advanced Nagios Plugins Collection, download it here:
https://github.com/harisekhon/nagios-plugins
* Shows dhcp leases assigned by ISC DHCPd
* Formatting is flexible, can show combination of Hostnames/IP/Macs
* Can Alert on leases being handed out to unauthorized machines. This can use Hostnames/Mac Addresses, in the form of Whitelists/Blacklists or any combination of these things. Combine for maximum effect. If a machine trips any of those 4 lists an alert is raised by going Critical.
Usage: check_dhcpd_leases.py [options]
Options:
-h, --help show this help message and exit
-c, --compact-output Compact the output, do not list leases. Use thisto
make sure Nagios gets perfdata as NRPE has a limit on
the number of characters before it discards the rest
-f LEASEFILE, --file=LEASEFILE, --lease-file=LEASEFILE
Specify the dhcp lease file to use. Should be the
current lease file that the ISC dhcp daemon uses to
track it's leases
-m, --mac Show mac addresses as well as Name/IP pairings
-n, --no-name Do not display hostnames. When used by itself, this
just shows assigned IP addresses. Can be used in
conjunction with --mac in order to show only IP/Mac
pairings
-i, --sort-by-ip Change the output order to sort by IP rather than the
default of sorting by hostname. If using --no-name
this is implied
-s, --no-summary Do not print the summary of the number of dhcp leases
used
-t TIMEOUT, --timeout=TIMEOUT
Timeout in seconds before the plugin self terminates.
This should never be needed but the Nagios coding
guidelines recommend it and therefore it is
implemented for completeness. Use this to specify a
custom timeout period in seconds (should be an
integer/whole number). Defaults to 30 seconds
-w HOST_WHITELIST, --host-whitelist=HOST_WHITELIST
Whitelist of known Hostnames. Raises alert if an IP
has been issued to any machine with a Hostname not in
this list. Considered weak since the hostname can be
set on the client machine before requesting a dhcp
lease. But it's there if you want it. Can be a nice
extra layer to the defense in depth strategy when
properly used with a Mac whitelist as well. Although
Mac addresses can also be spoofed, some attackers may
not think to spoof the hostname as well as the mac
address. Should be a comma or space separated list,
enclosed in quotes if using spaces. Hostnames are case
insensitive
-x HOST_BLACKLIST, --host-blacklist=HOST_BLACKLIST
Blacklist of known Hostnames. Raises alert if an IP
has been handed out to a machine with this Hostname.
Can take a list of Hostnames, comma or space separated
(enclose in quotes if using spaces). Can be combined
with any Whitelist, in which case, blacklists always
take preference over whitelists and raise an alert.
Hostnames are case insensitive
-y MAC_WHITELIST, --mac-whitelist=MAC_WHITELIST
Whitelist of known Mac addresses. Raises alert if an
IP has been issued to any machine with a Mac address
not in this list. Although Mac addresses can be
spoofed, this may not have been done when requesting
the dhcp lease. For extra layers combine with --host-
whitelist to form a nice additional tripwire. Should
be a comma or space separated list, enclosed in quotes
if using spaces. Valid Mac formats: aa:bb:cc:dd:ee:ff,
or aa-bb-cc-dd-ee-ff or aabbccddeeff (case
insensitive)
-z MAC_BLACKLIST, --mac-blacklist=MAC_BLACKLIST
Blacklist of known Mac addresses. Raises alert if an
IP has been handed out to a machine with this Mac
address. Can take a list of Macs, comma or space
separated (enclose in quotes if using spaces). Can be
combined with any Whitelist, in which case, blacklists
always take preference over whitelists and raise an
alert. Valid Mac formats: aa:bb:cc:dd:ee:ff, or aa-bb-
cc-dd-ee-ff or aabbccddeeff (case insensitive)
-V, --version Print version number and exit
https://github.com/harisekhon/nagios-plugins
* Shows dhcp leases assigned by ISC DHCPd
* Formatting is flexible, can show combination of Hostnames/IP/Macs
* Can Alert on leases being handed out to unauthorized machines. This can use Hostnames/Mac Addresses, in the form of Whitelists/Blacklists or any combination of these things. Combine for maximum effect. If a machine trips any of those 4 lists an alert is raised by going Critical.
Usage: check_dhcpd_leases.py [options]
Options:
-h, --help show this help message and exit
-c, --compact-output Compact the output, do not list leases. Use thisto
make sure Nagios gets perfdata as NRPE has a limit on
the number of characters before it discards the rest
-f LEASEFILE, --file=LEASEFILE, --lease-file=LEASEFILE
Specify the dhcp lease file to use. Should be the
current lease file that the ISC dhcp daemon uses to
track it's leases
-m, --mac Show mac addresses as well as Name/IP pairings
-n, --no-name Do not display hostnames. When used by itself, this
just shows assigned IP addresses. Can be used in
conjunction with --mac in order to show only IP/Mac
pairings
-i, --sort-by-ip Change the output order to sort by IP rather than the
default of sorting by hostname. If using --no-name
this is implied
-s, --no-summary Do not print the summary of the number of dhcp leases
used
-t TIMEOUT, --timeout=TIMEOUT
Timeout in seconds before the plugin self terminates.
This should never be needed but the Nagios coding
guidelines recommend it and therefore it is
implemented for completeness. Use this to specify a
custom timeout period in seconds (should be an
integer/whole number). Defaults to 30 seconds
-w HOST_WHITELIST, --host-whitelist=HOST_WHITELIST
Whitelist of known Hostnames. Raises alert if an IP
has been issued to any machine with a Hostname not in
this list. Considered weak since the hostname can be
set on the client machine before requesting a dhcp
lease. But it's there if you want it. Can be a nice
extra layer to the defense in depth strategy when
properly used with a Mac whitelist as well. Although
Mac addresses can also be spoofed, some attackers may
not think to spoof the hostname as well as the mac
address. Should be a comma or space separated list,
enclosed in quotes if using spaces. Hostnames are case
insensitive
-x HOST_BLACKLIST, --host-blacklist=HOST_BLACKLIST
Blacklist of known Hostnames. Raises alert if an IP
has been handed out to a machine with this Hostname.
Can take a list of Hostnames, comma or space separated
(enclose in quotes if using spaces). Can be combined
with any Whitelist, in which case, blacklists always
take preference over whitelists and raise an alert.
Hostnames are case insensitive
-y MAC_WHITELIST, --mac-whitelist=MAC_WHITELIST
Whitelist of known Mac addresses. Raises alert if an
IP has been issued to any machine with a Mac address
not in this list. Although Mac addresses can be
spoofed, this may not have been done when requesting
the dhcp lease. For extra layers combine with --host-
whitelist to form a nice additional tripwire. Should
be a comma or space separated list, enclosed in quotes
if using spaces. Valid Mac formats: aa:bb:cc:dd:ee:ff,
or aa-bb-cc-dd-ee-ff or aabbccddeeff (case
insensitive)
-z MAC_BLACKLIST, --mac-blacklist=MAC_BLACKLIST
Blacklist of known Mac addresses. Raises alert if an
IP has been handed out to a machine with this Mac
address. Can take a list of Macs, comma or space
separated (enclose in quotes if using spaces). Can be
combined with any Whitelist, in which case, blacklists
always take preference over whitelists and raise an
alert. Valid Mac formats: aa:bb:cc:dd:ee:ff, or aa-bb-
cc-dd-ee-ff or aabbccddeeff (case insensitive)
-V, --version Print version number and exit
Reviews (0)
Be the first to review this listing!
