Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_passwd_expiration
Current Version
1.1
Last Release Date
2014-06-05
Compatible With
- Nagios 2.x
- Nagios 3.x
- Nagios 4.x
Owner
Download URL
License
GPL
Hits
26809
Files:
| File | Description |
|---|---|
| check_passwd_expiration | check_passwd_expiration |
| nagios_cmd | nagios_cmd |
A list of account expiring in less than x days is displayed.
This plugin works only on Linux.
This nagios plugin checks the password expiration using the command chage.
The user running this plugin (nagios) must be allowed to run chage under root user
This implies to add an authorization via sudoer config file.
As an example, this is the file i added under /etc/sudoers.d directory :
#-------------------
User_Alias NAGIOS = nagios
NAGIOS ALL = NOPASSWD: /usr/bin/chage -l *
Defaults:NAGIOS !requiretty
#-------------------
The output is the following :
- PASSWD_EXPIRATION OK - ALL VALUES ARE OK!, Excluded account(s): [none]
- PASSWD_EXPIRATION CRITICAL - Exp < 5j:[root], Excluded account(s): [none]
- PASSWD_EXPIRATION WARNING - Exp < 6j:[accnt01, accnt02], Excluded account(s): [none]
help output :
check_passwd_expiration 1.1 [http://fr.linkedin.com/in/eliocanaleparola/]
GPL
Verify password expiration for all accounts defined within /etc/passwd
Usage: check_passwd_expiration
-?, --usage
Print usage information
-h, --help
Print detailed help screen
-V, --version
Print version information
--extra-opts=[section][@file]
Read options from an ini file. See http://nagiosplugins.org/extra-opts
for usage and examples.
-w, --warning=STRING
warning value in days. When a password will expire in days, a warning message is sent
-c, --critical=STRING
critical value in days. When a password will expire in days, a critical message is sent
-x, --exclusion=STRING
Excluded account list, Format: [account01:account02:account03:...]
-T, --trace=STRING
Activate trace mode if value different from 0
-t, --timeout=INTEGER
Seconds before plugin times out (default: 15)
-v, --verbose
Show details for command-line debugging (can repeat up to 3 times)
The user running this plugin (nagios) must be allowed to run chage under root user
This implies to add an authorization via sudoer config file.
As an example, this is the file i added under /etc/sudoers.d directory :
#-------------------
User_Alias NAGIOS = nagios
NAGIOS ALL = NOPASSWD: /usr/bin/chage -l *
Defaults:NAGIOS !requiretty
#-------------------
The output is the following :
- PASSWD_EXPIRATION OK - ALL VALUES ARE OK!, Excluded account(s): [none]
- PASSWD_EXPIRATION CRITICAL - Exp < 5j:[root], Excluded account(s): [none]
- PASSWD_EXPIRATION WARNING - Exp < 6j:[accnt01, accnt02], Excluded account(s): [none]
help output :
check_passwd_expiration 1.1 [http://fr.linkedin.com/in/eliocanaleparola/]
GPL
Verify password expiration for all accounts defined within /etc/passwd
Usage: check_passwd_expiration
-?, --usage
Print usage information
-h, --help
Print detailed help screen
-V, --version
Print version information
--extra-opts=[section][@file]
Read options from an ini file. See http://nagiosplugins.org/extra-opts
for usage and examples.
-w, --warning=STRING
warning value in days. When a password will expire in
-c, --critical=STRING
critical value in days. When a password will expire in
-x, --exclusion=STRING
Excluded account list, Format: [account01:account02:account03:...]
-T, --trace=STRING
Activate trace mode if value different from 0
-t, --timeout=INTEGER
Seconds before plugin times out (default: 15)
-v, --verbose
Show details for command-line debugging (can repeat up to 3 times)
Reviews (1)
byhemak88, May 8, 2018
Script works, but it has limitations as below:
- Warning is always overridden by critical value
- It can list only users with exact critical value. That is if password expiry days is 6 and critical value is set to 6, it will list username, but if expiry days is 5 and critical value, 6, it won't list username; only shows Critical status.
- To improve script more, you can include an option to "include" (same as exclude) users option
- Warning is always overridden by critical value
- It can list only users with exact critical value. That is if password expiry days is 6 and critical value is set to 6, it will list username, but if expiry days is 5 and critical value, 6, it won't list username; only shows Critical status.
- To improve script more, you can include an option to "include" (same as exclude) users option
