Home Directory Plugins Security check_defacement

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

check_defacement

Rating
0 votes
Favoured:
0
Current Version
1.0
Last Release Date
2015-11-30
Compatible With
  • Nagios 3.x
  • Nagios 4.x
Owner
License
GPL
Hits
3280
Files:
FileDescription
check_defacement.shcheck_defacement.sh
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
This plugin check for a potential website defacement.
The script curl the provided url and compare it with the previous curl. Several tests can be made, the default one is calculating how many pecentage of code have been changed since last check.
Script language : Bash

Usage : ./check_defacement.sh -u [URL] -{OPTIONS}

[URL] (STRING - required) Url must be provided without http:// or https://

{OPTIONS}
-w WARNING -c CRITICAL
(INTEGER) Default check, calculating a percentage of changed code since last check, based on code lines changed. Default values: 5 for WARNING and 10 for CRITICAL

-m MD5 checksum test, if checksum of curled url have changed since last check, CRITICAL state.

-k KEYWORD (STRING)
If provided keyword is not present in website code, CRITICAL state.

-l FILE (STRING)
File with defacement words/phrases (one per line). You can create a file with words and phrases with defacement vocabulary (hack, money,...). CRITICAL state if defacement vocabulary found in code.

-p PROXY:PORT (STRING)
-s Use SSL for connection (https)
-h Help
-V Version

In case of WARNING or CRITICAL states, a time stamped backup of curled url is created in dump directory (default /tmp) for investigations.