Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
Failed logins last hour
1.0
2019-01-25
- Nagios 4.x
- Nagios XI
GPL
7352
File | Description |
---|---|
check_failed_logins_rh.sh | check_failed_logins_rh.sh |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
This plugin is ment to run in the monitoring target host, so you will need another plugin, like NRPE, installed and configured in your environment.
Example usage:
check_failed_logins.sh -w 5 -c 10
This will check for failed login attempts and return a warning when 5 to 9 attempts fail and a critical when 10 or more attempts fail.
SETUP (with NRPE, with other plugin should be a similar process):
1.- Copy the plugin to the RedHat server you want to monitor.
/usr/lib64/nagios/plugins/check_failed_logins_rh.sh
2.- Define an entry in nrpe.cfg:
command[check_failed_logins]=/usr/lib64/nagios/plugins/check_failed_logins_rh.sh -w 5 -c 10 2>&1
3.- Restart NRPE service.
4.- Create a command in nagios:
define command {
command_name check_failed_logins_rh
command_line $USER1$/check_failed_logins_rh.sh -w $ARG1$ -c $ARG2$
}
Any suggestions will be appreciated.
Example usage:
check_failed_logins.sh -w 5 -c 10
This will check for failed login attempts and return a warning when 5 to 9 attempts fail and a critical when 10 or more attempts fail.
SETUP (with NRPE, with other plugin should be a similar process):
1.- Copy the plugin to the RedHat server you want to monitor.
/usr/lib64/nagios/plugins/check_failed_logins_rh.sh
2.- Define an entry in nrpe.cfg:
command[check_failed_logins]=/usr/lib64/nagios/plugins/check_failed_logins_rh.sh -w 5 -c 10 2>&1
3.- Restart NRPE service.
4.- Create a command in nagios:
define command {
command_name check_failed_logins_rh
command_line $USER1$/check_failed_logins_rh.sh -w $ARG1$ -c $ARG2$
}
Any suggestions will be appreciated.
Reviews (1)
byhamdy.aea, October 8, 2019
1 of 1 people found this review helpful
MONTH=$(date +%b)
DAY=$(date +%e)
#HOUR_AGO=`TZ=GMT+4 date "+%H:%M:%S"`
HOUR_AGO=`date -d '1 hour ago' "+%H:%M:%S"`
HAS_FAILED_LAST_HOUR=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"'BEGIN{c = 0;}{if($3 > h) c = c + 1;}END{print c;}'`
if [ $HAS_FAILED_LAST_HOUR -eq 0 ]; then
FINAL_STATUS="OK - No failed logins in last hour|failed=0"
RETURN_STATUS=$STATE_OK
else
RECENT_ATTEMPTS=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"
'{if($3 > h) for(i=1;i
DAY=$(date +%e)
#HOUR_AGO=`TZ=GMT+4 date "+%H:%M:%S"`
HOUR_AGO=`date -d '1 hour ago' "+%H:%M:%S"`
HAS_FAILED_LAST_HOUR=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"'BEGIN{c = 0;}{if($3 > h) c = c + 1;}END{print c;}'`
if [ $HAS_FAILED_LAST_HOUR -eq 0 ]; then
FINAL_STATUS="OK - No failed logins in last hour|failed=0"
RETURN_STATUS=$STATE_OK
else
RECENT_ATTEMPTS=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"
'{if($3 > h) for(i=1;i