Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Failed logins last hour
1.0
2019-01-25
- Nagios 4.x
- Nagios XI
GPL
6831
File | Description |
---|---|
check_failed_logins_rh.sh | check_failed_logins_rh.sh |
This plugin is ment to run in the monitoring target host, so you will need another plugin, like NRPE, installed and configured in your environment.
Example usage:
check_failed_logins.sh -w 5 -c 10
This will check for failed login attempts and return a warning when 5 to 9 attempts fail and a critical when 10 or more attempts fail.
SETUP (with NRPE, with other plugin should be a similar process):
1.- Copy the plugin to the RedHat server you want to monitor.
/usr/lib64/nagios/plugins/check_failed_logins_rh.sh
2.- Define an entry in nrpe.cfg:
command[check_failed_logins]=/usr/lib64/nagios/plugins/check_failed_logins_rh.sh -w 5 -c 10 2>&1
3.- Restart NRPE service.
4.- Create a command in nagios:
define command {
command_name check_failed_logins_rh
command_line $USER1$/check_failed_logins_rh.sh -w $ARG1$ -c $ARG2$
}
Any suggestions will be appreciated.
Example usage:
check_failed_logins.sh -w 5 -c 10
This will check for failed login attempts and return a warning when 5 to 9 attempts fail and a critical when 10 or more attempts fail.
SETUP (with NRPE, with other plugin should be a similar process):
1.- Copy the plugin to the RedHat server you want to monitor.
/usr/lib64/nagios/plugins/check_failed_logins_rh.sh
2.- Define an entry in nrpe.cfg:
command[check_failed_logins]=/usr/lib64/nagios/plugins/check_failed_logins_rh.sh -w 5 -c 10 2>&1
3.- Restart NRPE service.
4.- Create a command in nagios:
define command {
command_name check_failed_logins_rh
command_line $USER1$/check_failed_logins_rh.sh -w $ARG1$ -c $ARG2$
}
Any suggestions will be appreciated.
Reviews (1)
byhamdy.aea, October 8, 2019
1 of 1 people found this review helpful
MONTH=$(date +%b)
DAY=$(date +%e)
#HOUR_AGO=`TZ=GMT+4 date "+%H:%M:%S"`
HOUR_AGO=`date -d '1 hour ago' "+%H:%M:%S"`
HAS_FAILED_LAST_HOUR=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"'BEGIN{c = 0;}{if($3 > h) c = c + 1;}END{print c;}'`
if [ $HAS_FAILED_LAST_HOUR -eq 0 ]; then
FINAL_STATUS="OK - No failed logins in last hour|failed=0"
RETURN_STATUS=$STATE_OK
else
RECENT_ATTEMPTS=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"
'{if($3 > h) for(i=1;i
DAY=$(date +%e)
#HOUR_AGO=`TZ=GMT+4 date "+%H:%M:%S"`
HOUR_AGO=`date -d '1 hour ago' "+%H:%M:%S"`
HAS_FAILED_LAST_HOUR=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"'BEGIN{c = 0;}{if($3 > h) c = c + 1;}END{print c;}'`
if [ $HAS_FAILED_LAST_HOUR -eq 0 ]; then
FINAL_STATUS="OK - No failed logins in last hour|failed=0"
RETURN_STATUS=$STATE_OK
else
RECENT_ATTEMPTS=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"
'{if($3 > h) for(i=1;i