Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
checkIPtables
Current Version
0.1
Last Release Date
2012-04-28
Compatible With
- Nagios 3.x
Owner
License
GPL
Hits
70569
Files:
| File | Description |
|---|---|
| check_iptables.sh | plugin file for checkIPtables |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
* checks command ($DEF_IPT and $DEF_IPS) and rulefiles ($DEF_IPT_RFILE and $DEF_IPS_RFILE), returns 3 in case of error
* checks if iptables command can be called with no error,
if not return 2
* checks INPUT, FORWARD and OUTPUT and returns 2 if
no rules are found in chain AND default policy is NOT
according to $DEF_POL_XXX
* checks every chain for $DEF_POL_XXX and returns 1 in error case
* checks iptables -L -n output and compares to a rules
file returns 1 if rules in place are not the same than
in the file
* checks ipset definitions and compares the actual rules
to a rules file ($DEF_IPS_RFILE) returns 1 upon error
The script is quite strict. If only the order of rules in iptables change compared to rules config, the script issues a WARNING
* Prequisites
* nagios (>=3), icigna, iptables, ipset, bash ...
* see here for (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtables#preq) more complete list
* it might run with other shells than bash although not tested with others
* it should work with older versions of nagios (<3) too.[[BR]]As this plugin can return several lines it's recommended to use >=3 because only from this version onward multiline support for return values is included
* On which platforms does it run?
* it should run in most Unix-Linux enviorements
* currently only tested on debian-squeeze but as long as (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtables#preq) the prequisites are satisfied it should run on almost every NIX :-)
* Common pitfalls:
* nagios user cannot access the command files
* ensure a non-root user can run the code (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtables#important)
* consistency check always fails
* generate rule file content (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtablesConfig#point3)
>>
iptables -L -n > $DEF_IPT_RFILE
ipset -L > $DEF_IPS_RFILE
>>
* if you use fail2ban (or similar software) see (https://project.brain-force.ch/Nagios/ticket/1)
* plugin does nothing
* don't forget that the plugin is NOT running as root but (mostly) as nagios. Ensure that nagios is allowed to access the commands and files needed
* test as user nagios (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtablesConfig#point4)
>>
su nagios -s /bin/bash -c /usr/lib/nagios/plugins/check_iptables
>>
* nagios (>=3), icigna, iptables, ipset, bash ...
* see here for (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtables#preq) more complete list
* it might run with other shells than bash although not tested with others
* it should work with older versions of nagios (<3) too.[[BR]]As this plugin can return several lines it's recommended to use >=3 because only from this version onward multiline support for return values is included
* On which platforms does it run?
* it should run in most Unix-Linux enviorements
* currently only tested on debian-squeeze but as long as (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtables#preq) the prequisites are satisfied it should run on almost every NIX :-)
* Common pitfalls:
* nagios user cannot access the command files
* ensure a non-root user can run the code (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtables#important)
* consistency check always fails
* generate rule file content (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtablesConfig#point3)
>>
iptables -L -n > $DEF_IPT_RFILE
ipset -L > $DEF_IPS_RFILE
>>
* if you use fail2ban (or similar software) see (https://project.brain-force.ch/Nagios/ticket/1)
* plugin does nothing
* don't forget that the plugin is NOT running as root but (mostly) as nagios. Ensure that nagios is allowed to access the commands and files needed
* test as user nagios (https://project.brain-force.ch/Nagios/wiki/plugins/security/firewall/checkIPtablesConfig#point4)
>>
su nagios -s /bin/bash -c /usr/lib/nagios/plugins/check_iptables
>>
Reviews (0)
Be the first to review this listing!
