Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_listening_ports (edouard.lamoine)
Current Version
1.4
Last Release Date
2015-05-13
Owner
License
Other
Hits
9688
Files:
| File | Description |
|---|---|
| check_listening_ports | check_listening_ports |
Adds Port monitoring security to Nagios, showing if some ports were opened, maybe in a malicious way.
Done for MEVIA group: http://www.mevia.fr/
Tested under Ubuntu 10
Plugin made by Edouard Lamoine
This plugin is verifying if no unexpected ports are listening on the localhost.
Copy the plugin in the nagios plugins directory.
Usage: ./check_listening_ports intput_your_authorized_ports_then_services_separed_by_spaces
ex without services informations: check_listening_ports 80 25 5666 sshd mysqld
ex with services informations: /usr/bin/sudo/ check_listening_ports 80 25 5666 sshd mysqld
Return OK if all the current listening ports / services behind have been passed in argument, CRITICAL if any one of them have not been passed, UNKNOWN if no ports were specified.
For example, if a hacker opens the port 984 for hackerdaemon service and you didn't specify port 984 or service hackerdaemon in the command, plugin will return "CRITICAL - Unexpected ports are listening: 984/hackerdaemon"
If you want to be informed of services running behind unexpected ports, you'll have to give Nagios user root access to the plugin: add permissions in sudoers file:
-> visudo
Below the line:
root ALL=(ALL:ALL) ALL
add
nagios ALL=(root) NOPASSWD: /usr/lib/nagios/plugins/check_listening_ports
Of course be sure Nagios user is allowed to access the plugin (use chmod to make it readable by Nagios user)
Let me know if you experience any problem with it.
UPDATE 11/05/2015 v1.1: Fixed bug: sometimes unexpected listening ports appears twice on output string.
UPDATE #2 11/05/2015 v1.2: optimized speed: now 2x faster
UPDATE 13/05/2015 v1.3: added service recognition, now you can specify allowed services, no matter their ports
UPDATE #2 13/05/2015 v1.4: Fixed bug: services with SERVER, IDLE or PRIVATE details messed up all services recognition for their port
This plugin is verifying if no unexpected ports are listening on the localhost.
Copy the plugin in the nagios plugins directory.
Usage: ./check_listening_ports intput_your_authorized_ports_then_services_separed_by_spaces
ex without services informations: check_listening_ports 80 25 5666 sshd mysqld
ex with services informations: /usr/bin/sudo/ check_listening_ports 80 25 5666 sshd mysqld
Return OK if all the current listening ports / services behind have been passed in argument, CRITICAL if any one of them have not been passed, UNKNOWN if no ports were specified.
For example, if a hacker opens the port 984 for hackerdaemon service and you didn't specify port 984 or service hackerdaemon in the command, plugin will return "CRITICAL - Unexpected ports are listening: 984/hackerdaemon"
If you want to be informed of services running behind unexpected ports, you'll have to give Nagios user root access to the plugin: add permissions in sudoers file:
-> visudo
Below the line:
root ALL=(ALL:ALL) ALL
add
nagios ALL=(root) NOPASSWD: /usr/lib/nagios/plugins/check_listening_ports
Of course be sure Nagios user is allowed to access the plugin (use chmod to make it readable by Nagios user)
Let me know if you experience any problem with it.
UPDATE 11/05/2015 v1.1: Fixed bug: sometimes unexpected listening ports appears twice on output string.
UPDATE #2 11/05/2015 v1.2: optimized speed: now 2x faster
UPDATE 13/05/2015 v1.3: added service recognition, now you can specify allowed services, no matter their ports
UPDATE #2 13/05/2015 v1.4: Fixed bug: services with SERVER, IDLE or PRIVATE details messed up all services recognition for their port
