Home Directory Plugins Security check_passwd_expiration

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

check_passwd_expiration

Rating
2 votes
Favoured:
0
Current Version
1.1
Last Release Date
2014-06-05
Compatible With
  • Nagios 2.x
  • Nagios 3.x
  • Nagios 4.x
License
GPL
Hits
27565
Files:
FileDescription
check_passwd_expirationcheck_passwd_expiration
nagios_cmdnagios_cmd
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Check linux account password expiration by scanning /etc/passwd file and verifying password expiration via chage command.
A list of account expiring in less than x days is displayed.
This plugin works only on Linux.
This nagios plugin checks the password expiration using the command chage.
The user running this plugin (nagios) must be allowed to run chage under root user
This implies to add an authorization via sudoer config file.
As an example, this is the file i added under /etc/sudoers.d directory :
#-------------------
User_Alias NAGIOS = nagios
NAGIOS ALL = NOPASSWD: /usr/bin/chage -l *
Defaults:NAGIOS !requiretty
#-------------------

The output is the following :
- PASSWD_EXPIRATION OK - ALL VALUES ARE OK!, Excluded account(s): [none]
- PASSWD_EXPIRATION CRITICAL - Exp < 5j:[root], Excluded account(s): [none]
- PASSWD_EXPIRATION WARNING - Exp < 6j:[accnt01, accnt02], Excluded account(s): [none]




help output :
check_passwd_expiration 1.1 [http://fr.linkedin.com/in/eliocanaleparola/]

GPL

Verify password expiration for all accounts defined within /etc/passwd

Usage: check_passwd_expiration

-?, --usage
Print usage information
-h, --help
Print detailed help screen
-V, --version
Print version information
--extra-opts=[section][@file]
Read options from an ini file. See http://nagiosplugins.org/extra-opts
for usage and examples.
-w, --warning=STRING
warning value in days. When a password will expire in days, a warning message is sent
-c, --critical=STRING
critical value in days. When a password will expire in days, a critical message is sent
-x, --exclusion=STRING
Excluded account list, Format: [account01:account02:account03:...]
-T, --trace=STRING
Activate trace mode if value different from 0
-t, --timeout=INTEGER
Seconds before plugin times out (default: 15)
-v, --verbose
Show details for command-line debugging (can repeat up to 3 times)


Reviews (1)
Script works, but it has limitations as below:
- Warning is always overridden by critical value
- It can list only users with exact critical value. That is if password expiry days is 6 and critical value is set to 6, it will list username, but if expiry days is 5 and critical value, 6, it won't list username; only shows Critical status.
- To improve script more, you can include an option to "include" (same as exclude) users option