Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1


Remember Me

Category: Security

Nagios plugins for monitoring security software.

Nagios XI

Submit Your Nagios Project!

Help build Nagios Exchange for yourself and the entire the Nagios Community by your Nagios project to the site. It's easy - just create an account, login, and add a new listing. Read the FAQ for instructions.
Additional listings are organized in the following sub-categories:
Category Listings:
There are 82 Listings in this Category.List your addon or plugin here!

Check Centrify

A plugin to check the Centrify service running on a local machine. It will report CPU and Memory of the adclient process, the zone, the DC and the version. -- Update 07/04/2016, new version of script uploaded which now accepts command line args and al ...


Check Iptables

This plugin check if the number of iptables rules loaded and the ones that are supposed to be loaded are the same. If the numbers are not ok it notifies nagios and logs on /var/log/iptables the users logged in at the time.


Check Nessus Scans

This is a check to download and parse a given Nessus scan (see and return the number of critical and high vulnerabilities.


Check setting sshd (Security of SSH)

This check control the security of your SSH service (The setting of sshd_config file) 4 values are checking: PermitRootLogin, Protocol, Port and PermitEmptyPasswords For more detail ./ -h

Check UniFi Video

This is a plugin (bash script) that pulls the latest recording time of UniFi video cameras from the UniFi video server. It uses JSON parsing to pull a single variable from the Unifi Video system through the Admin API.


Check Windows for Indicators of Compromise - Via Event ...

Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule via a Nagios NCPA agent, however, it may also be run from a command-line (fo ...



This Nagios plugin monitors the state of files/directors, using the inotify State Monitoring tool, receiving as arguments the states and files/directors to be monitored, as well as the path of the log file, where the inotify registers the events, notifyin ...



Plugin written as bash script to check the health of iptables and the rules in there. It performs several check: * checks command ($DEF_IPT and $DEF_IPS) and rulefiles ($DEF_IPT_RFILE and $DEF_IPS_RFILE), returns ...



A simple bash script to check if the ssl certificate is getting expire. If getting expired in 10 days then it will alert. Syntax: script : Feel free to change, as per need, example for -c and -w. For now I just made it simple.



This Nagios plugin monitors the Apache server log file in search of State 404, receiving as arguments the full path of the log file, and the maximum values for warning and critical, these values are passed in pairs (50.100), to specify the value of record ...



This Nagios plugin monitors the main principals where the executable files are stored, you can optionally be the user to define the principals that you want to monitor in accordance with your system's interests and configuration, by ticking the critical s ...

LicenseGPL This is a simple BASH script that checks that only the correct Apache processes are running, and that no other processes (such as PERL scripts) are running as Apache. If it returns OK, it includes the text "0 Bad apache Processes Running". If it fails ...



Monitor Barracuda Spam Firewall Appliance queue sizes


Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit, written in bash.



This check connects to a specified host:port with OpenSSL to determine if the signing algorithm used on the server certificate is secure.



This check uses OpenSSL to connect to a host:port and either confirm that it is specifying at least one accepted client certificate CA name, or compare the accepted CA names list returned by the host to a list supplied to the check. The purpose being tha ...

This is a nagios plugin which you can use to check if a CRL (Certificate Revocation List, public list with revoked certificates) is still valid. This is based on the plugin from [Michele Baldessari]( I've modified it ...



check_crl_bulk Checks the ‘Next Update’ time for a number of CRL files using OpenSSL.



Check Certificate Revocation List(CRL) expiration and validity



This plugin will check the length of the in, out and bounce queues on a Barracuda Spam Firewall using SNMP. The latest release (version 3) supports Barracuda Spam and Virus firewalls with firmware versions 3 and 4. The OIDs changed in V4 and the plug ...



This Nagios plugin monitors system network connections alerting whenever a large number of SYN recv states are verified. The quantities of connections to be considered excessive are passed as arguments, and when Nagios is exceeded alert with the states wa ...



This plugin check for a potential website defacement. The script curl the provided url and compare it with the previous curl. Several tests can be made, the default one is calculating how many pecentage of code have been changed since last check.



This Nagios plugin monitors the content of the Web page passed by URL as an argument, in search of potentially hazardous words, returning the critical state if a detection is made. By default, a set of words are defined, which can optionally be ignored, o ...



Perl plugin that checks a specified DNS blacklist such as to see whether a host is listed. Depends on Net::DNS.


This Nagios plugin monitors domain names and corresponding IP address, both passed as arguments, alerting with critical state if incompatibilities are verified. By default, Google DNS is used, however, optionally the user can set the DNS server that suits ...



This Nagios plugin monitors the state of the DNSSEC configurations and points out with the critical state in case vulnerabilities (poor configuration, expired signatures, not using DNSSEC) be detected. The domain to be monitored is passed as an argument, ...



Uses the DShield API to check the Infocon status. Will return OK on green, WARNING on Yellow and Oragne, and CRITICAL on Red.



Script to arbitrarily monitor the md5 checksums of any given file and throw a warning when a file is changed. Script is self-maintaining, in that it will update its own cache of checksums after a mismatch - this way, you don't have to remember to update t ...


Simple file integrity checker.


Small Utility for utilising the Windows WSC_SECURITY_PROVIDER functions and properties in Windows Vista and later



check_heartbleed allows you to check for the Heartbleed Vulnerability (CVE-2014-0160) of openssl on various systems. Version - 0.6 : Added TLSv1.0 and SSLv3.0 support If no version is specified, checks all versions. Altered output somewhat. Added opti ...

check_heartbleed - TK

check_heartbleed checks if a server is vulnerable against Heartbleed SSL attack (CVE-2014-0160). Features: can start with plain and upgrade with STARTTLS or similar commands with IMAP, POP, SMTP, FTP, HTTP and HTTP proxies, PostgreSQL heart ...



Perlscript for checking a https-servers, with a ssl-client-certificate.


This plugin checks whether there are inactive users on a system. The plugin requires CPAN module User-Utmp-1.8.



This Nagios plugin monitors blacklists in search of a past IP address as an argument. By default, the plugin searches in 27 of the most popular blacklists, and can optionally be added to other lists, or ignored the set of predefined blacklists. This plugi ...



Check ipsec connections from openswan or strongswan


Check Kerberos 5 KDC with shell commands


check the usability of a kerberos 5 KDC (Advanced Nagios Plugins Collection)

Checks a specific Kerberos KDC is working by getting a TGT using a keytab Create a nagios kerberos principal and export a keytab for it to use in this check Requirements: - Kerberos KDC - Kerberos Realm - nagios kerberos principal - exported k ... (Advanced Nagios Plugins Collection...

Checks Kerberos is working by requesting a TGT from the KDC using a pre-exported keytab


When employees leave a company, sometimes computer accounts are not deleted, meaning that they could become a security risk. This plugin checks for accounts of users who have left, using a central list of blacklisted usernames which is downloaded from a w ...

check_listening_ports (edouard.lamoine)

check_listening_ports (edouard.lamoine) A plugin that check for all listening ports/services behind, and verify if these ports or services have been approved by the user. Adds Port monitoring security to Nagios, showing if some ports were opened, maybe in a malicious way. Done for MEVIA g ...


A plugin written in Bash to check the MD5 sum of a single file. In case the files MD5 change the plugin issues a critical state. This behavior can be changed by using a --warning argument, so that only a warning state is issued.



NRPE plugin to check nCipher/nFast hardserver, nShield HSM status and inserted smartcard on RHEL and Solaris.


check_nids_interfaces Nagios plugin designed to passively check capture interfaces to validate they are receiving desired traffic flows.



This Nagios plugin monitors a domain in search of web vulnerabilities, so it uses the scan of Web Nikto vulnerabilities, producing an HTML report, and alerting to the existence of known vulnerabilities, returning the critical state in case of detection. ...



This is a nagios plugin to check an OCSP server. It does so by having a PEM encoded certificate in the code, and the PEM encoded certificate of the issuer. This is sent to the OCSP server and the response is then parsed to give the correct nagios result. ...


This Nagios plugin monitors ports, and alerts about opening new port of communication. As arguments are passed the list of authorized ports, and the IP address of the machine to be monitored (local), returning the critical state if one or more open ports ...

Page 1 of 2