Home Directory Plugins Security Failed logins last hour

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

Failed logins last hour

Rating
1 vote
Favoured:
0
Current Version
1.0
Last Release Date
2019-01-25
Compatible With
  • Nagios 4.x
  • Nagios XI
Owner
License
GPL
Hits
7352
Files:
FileDescription
check_failed_logins_rh.shcheck_failed_logins_rh.sh
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
This is a plugin to monitor failed login attempts in RedHat/CentOS servers.
This plugin is ment to run in the monitoring target host, so you will need another plugin, like NRPE, installed and configured in your environment.

Example usage:
check_failed_logins.sh -w 5 -c 10
This will check for failed login attempts and return a warning when 5 to 9 attempts fail and a critical when 10 or more attempts fail.

SETUP (with NRPE, with other plugin should be a similar process):
1.- Copy the plugin to the RedHat server you want to monitor.
/usr/lib64/nagios/plugins/check_failed_logins_rh.sh
2.- Define an entry in nrpe.cfg:
command[check_failed_logins]=/usr/lib64/nagios/plugins/check_failed_logins_rh.sh -w 5 -c 10 2>&1
3.- Restart NRPE service.
4.- Create a command in nagios:
define command {
command_name check_failed_logins_rh
command_line $USER1$/check_failed_logins_rh.sh -w $ARG1$ -c $ARG2$
}

Any suggestions will be appreciated.
Reviews (1)
byhamdy.aea, October 8, 2019
1 of 1 people found this review helpful
MONTH=$(date +%b)
DAY=$(date +%e)
#HOUR_AGO=`TZ=GMT+4 date "+%H:%M:%S"`
HOUR_AGO=`date -d '1 hour ago' "+%H:%M:%S"`
HAS_FAILED_LAST_HOUR=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"'BEGIN{c = 0;}{if($3 > h) c = c + 1;}END{print c;}'`
if [ $HAS_FAILED_LAST_HOUR -eq 0 ]; then
FINAL_STATUS="OK - No failed logins in last hour|failed=0"
RETURN_STATUS=$STATE_OK
else
RECENT_ATTEMPTS=`sudo grep "$MONTH" /var/log/secure | grep "$DAY" | grep "Failed password" | awk -v h="$HOUR_AGO"
'{if($3 > h) for(i=1;i