Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
Failed logins last hour
Current Version
1.0
Last Release Date
2019-01-25
Compatible With
- Nagios 4.x
- Nagios XI
Owner
License
GPL
Hits
6831
Files:
| File | Description |
|---|---|
| check_failed_logins_rh.sh | check_failed_logins_rh.sh |
This plugin is ment to run in the monitoring target host, so you will need another plugin, like NRPE, installed and configured in your environment.
Example usage:
check_failed_logins.sh -w 5 -c 10
This will check for failed login attempts and return a warning when 5 to 9 attempts fail and a critical when 10 or more attempts fail.
SETUP (with NRPE, with other plugin should be a similar process):
1.- Copy the plugin to the RedHat server you want to monitor.
/usr/lib64/nagios/plugins/check_failed_logins_rh.sh
2.- Define an entry in nrpe.cfg:
command[check_failed_logins]=/usr/lib64/nagios/plugins/check_failed_logins_rh.sh -w 5 -c 10 2>&1
3.- Restart NRPE service.
4.- Create a command in nagios:
define command {
command_name check_failed_logins_rh
command_line $USER1$/check_failed_logins_rh.sh -w $ARG1$ -c $ARG2$
}
Any suggestions will be appreciated.
Example usage:
check_failed_logins.sh -w 5 -c 10
This will check for failed login attempts and return a warning when 5 to 9 attempts fail and a critical when 10 or more attempts fail.
SETUP (with NRPE, with other plugin should be a similar process):
1.- Copy the plugin to the RedHat server you want to monitor.
/usr/lib64/nagios/plugins/check_failed_logins_rh.sh
2.- Define an entry in nrpe.cfg:
command[check_failed_logins]=/usr/lib64/nagios/plugins/check_failed_logins_rh.sh -w 5 -c 10 2>&1
3.- Restart NRPE service.
4.- Create a command in nagios:
define command {
command_name check_failed_logins_rh
command_line $USER1$/check_failed_logins_rh.sh -w $ARG1$ -c $ARG2$
}
Any suggestions will be appreciated.
Reviews (1)
byhamdy.aea, October 8, 2019
1 of 1 people found this review helpful
MONTH=$(date +%b)
DAY=$(date +%e)
#HOUR_AGO=`TZ=GMT+4 date "+%H:%M:%S"`
HOUR_AGO=`date -d '1 hour ago' "+%H:%M:%S"`
HAS_FAILED_LAST_HOUR=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"'BEGIN{c = 0;}{if($3 > h) c = c + 1;}END{print c;}'`
if [ $HAS_FAILED_LAST_HOUR -eq 0 ]; then
FINAL_STATUS="OK - No failed logins in last hour|failed=0"
RETURN_STATUS=$STATE_OK
else
RECENT_ATTEMPTS=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"
'{if($3 > h) for(i=1;i
DAY=$(date +%e)
#HOUR_AGO=`TZ=GMT+4 date "+%H:%M:%S"`
HOUR_AGO=`date -d '1 hour ago' "+%H:%M:%S"`
HAS_FAILED_LAST_HOUR=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"'BEGIN{c = 0;}{if($3 > h) c = c + 1;}END{print c;}'`
if [ $HAS_FAILED_LAST_HOUR -eq 0 ]; then
FINAL_STATUS="OK - No failed logins in last hour|failed=0"
RETURN_STATUS=$STATE_OK
else
RECENT_ATTEMPTS=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"
'{if($3 > h) for(i=1;i
