Home Directory Plugins Security check_listening_ports (edouard.lamoine)

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

check_listening_ports (edouard.lamoine)

Rating
7 votes
Favoured:
1
Current Version
1.4
Last Release Date
2015-05-13
License
Other
Hits
4740
Files:
FileDescription
check_listening_portscheck_listening_ports
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
check_listening_ports (edouard.lamoine)
A plugin that check for all listening ports/services behind, and verify if these ports or services have been approved by the user.

Adds Port monitoring security to Nagios, showing if some ports were opened, maybe in a malicious way.

Done for MEVIA group: http://www.mevia.fr/

Tested under Ubuntu 10
Plugin made by Edouard Lamoine

This plugin is verifying if no unexpected ports are listening on the localhost.

Copy the plugin in the nagios plugins directory.

Usage: ./check_listening_ports intput_your_authorized_ports_then_services_separed_by_spaces

ex without services informations: check_listening_ports 80 25 5666 sshd mysqld

ex with services informations: /usr/bin/sudo/ check_listening_ports 80 25 5666 sshd mysqld

Return OK if all the current listening ports / services behind have been passed in argument, CRITICAL if any one of them have not been passed, UNKNOWN if no ports were specified.

For example, if a hacker opens the port 984 for hackerdaemon service and you didn't specify port 984 or service hackerdaemon in the command, plugin will return "CRITICAL - Unexpected ports are listening: 984/hackerdaemon"

If you want to be informed of services running behind unexpected ports, you'll have to give Nagios user root access to the plugin: add permissions in sudoers file:

-> visudo

Below the line:
root ALL=(ALL:ALL) ALL

add

nagios ALL=(root) NOPASSWD: /usr/lib/nagios/plugins/check_listening_ports

Of course be sure Nagios user is allowed to access the plugin (use chmod to make it readable by Nagios user)


Let me know if you experience any problem with it.

UPDATE 11/05/2015 v1.1: Fixed bug: sometimes unexpected listening ports appears twice on output string.

UPDATE #2 11/05/2015 v1.2: optimized speed: now 2x faster

UPDATE 13/05/2015 v1.3: added service recognition, now you can specify allowed services, no matter their ports

UPDATE #2 13/05/2015 v1.4: Fixed bug: services with SERVER, IDLE or PRIVATE details messed up all services recognition for their port
Reviews (1)
bytfdc, May 7, 2015
work fine, thanks !