Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
check_passwd_expiration
1.1
2014-06-05
- Nagios 2.x
- Nagios 3.x
- Nagios 4.x
GPL
27523
File | Description |
---|---|
check_passwd_expiration | check_passwd_expiration |
nagios_cmd | nagios_cmd |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
A list of account expiring in less than x days is displayed.
This plugin works only on Linux.
This nagios plugin checks the password expiration using the command chage.
The user running this plugin (nagios) must be allowed to run chage under root user
This implies to add an authorization via sudoer config file.
As an example, this is the file i added under /etc/sudoers.d directory :
#-------------------
User_Alias NAGIOS = nagios
NAGIOS ALL = NOPASSWD: /usr/bin/chage -l *
Defaults:NAGIOS !requiretty
#-------------------
The output is the following :
- PASSWD_EXPIRATION OK - ALL VALUES ARE OK!, Excluded account(s): [none]
- PASSWD_EXPIRATION CRITICAL - Exp < 5j:[root], Excluded account(s): [none]
- PASSWD_EXPIRATION WARNING - Exp < 6j:[accnt01, accnt02], Excluded account(s): [none]
help output :
check_passwd_expiration 1.1 [http://fr.linkedin.com/in/eliocanaleparola/]
GPL
Verify password expiration for all accounts defined within /etc/passwd
Usage: check_passwd_expiration
-?, --usage
Print usage information
-h, --help
Print detailed help screen
-V, --version
Print version information
--extra-opts=[section][@file]
Read options from an ini file. See http://nagiosplugins.org/extra-opts
for usage and examples.
-w, --warning=STRING
warning value in days. When a password will expire in days, a warning message is sent
-c, --critical=STRING
critical value in days. When a password will expire in days, a critical message is sent
-x, --exclusion=STRING
Excluded account list, Format: [account01:account02:account03:...]
-T, --trace=STRING
Activate trace mode if value different from 0
-t, --timeout=INTEGER
Seconds before plugin times out (default: 15)
-v, --verbose
Show details for command-line debugging (can repeat up to 3 times)
The user running this plugin (nagios) must be allowed to run chage under root user
This implies to add an authorization via sudoer config file.
As an example, this is the file i added under /etc/sudoers.d directory :
#-------------------
User_Alias NAGIOS = nagios
NAGIOS ALL = NOPASSWD: /usr/bin/chage -l *
Defaults:NAGIOS !requiretty
#-------------------
The output is the following :
- PASSWD_EXPIRATION OK - ALL VALUES ARE OK!, Excluded account(s): [none]
- PASSWD_EXPIRATION CRITICAL - Exp < 5j:[root], Excluded account(s): [none]
- PASSWD_EXPIRATION WARNING - Exp < 6j:[accnt01, accnt02], Excluded account(s): [none]
help output :
check_passwd_expiration 1.1 [http://fr.linkedin.com/in/eliocanaleparola/]
GPL
Verify password expiration for all accounts defined within /etc/passwd
Usage: check_passwd_expiration
-?, --usage
Print usage information
-h, --help
Print detailed help screen
-V, --version
Print version information
--extra-opts=[section][@file]
Read options from an ini file. See http://nagiosplugins.org/extra-opts
for usage and examples.
-w, --warning=STRING
warning value in days. When a password will expire in
-c, --critical=STRING
critical value in days. When a password will expire in
-x, --exclusion=STRING
Excluded account list, Format: [account01:account02:account03:...]
-T, --trace=STRING
Activate trace mode if value different from 0
-t, --timeout=INTEGER
Seconds before plugin times out (default: 15)
-v, --verbose
Show details for command-line debugging (can repeat up to 3 times)
Reviews (1)
byhemak88, May 8, 2018
Script works, but it has limitations as below:
- Warning is always overridden by critical value
- It can list only users with exact critical value. That is if password expiry days is 6 and critical value is set to 6, it will list username, but if expiry days is 5 and critical value, 6, it won't list username; only shows Critical status.
- To improve script more, you can include an option to "include" (same as exclude) users option
- Warning is always overridden by critical value
- It can list only users with exact critical value. That is if password expiry days is 6 and critical value is set to 6, it will list username, but if expiry days is 5 and critical value, 6, it won't list username; only shows Critical status.
- To improve script more, you can include an option to "include" (same as exclude) users option