Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
nagios-check-infections
Current Version
1.0
Last Release Date
2014-02-25
Compatible With
- Nagios 3.x
Owner
License
GPL
Hits
24664
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
nagios-check-infections
=======================
Last modified: 2014-02-25 09:25
Author: Bernhard Brunner
Nagios plugin to check for infections of new, in-the-wild root kits not covered by chkrootkit, rkhunter etc.
Currently, this nagios plugin checks for the following rootkits:
- cdorked using an external c program
- ebury
- darkleech
Adding the check to nagios3
---------------------------
1. Prerequisite: set up check_by_ssh for the servers(s) you want to check
2. Copy the script and cdorked.c program to the server, e.g. in directory /usr/local/bin
3. Compile the cdorked.c program on the server, rename the file to "cdorked-`uname -m`" so that you have an exe for your cpu.
4. Add command and service to your nagios configuration. In the configuration below, all servers belonging to the group linux-servers will automatically get checked using nagios-check-infections. Nagios configuration is beyond the scope of this readme. My configuration is based on hostgroups, so when adding a host just the hostgroups will specified, the service checks are triggered by the hostgroups.
Define a new command ssh_check_infections:
````
# 'ssh_infections command definition
define command
? command_name ssh_check_infections
? command_line /usr/lib/nagios/plugins/check_by_ssh -p $_HOSTSSHPORT$ -t 30 -H $HOSTADDRESS$ -C "/usr/local/bin/nagios-check-infections"
}
````
````
# Define a service to check for infections
define service{
use generic-service ; Name of service template to use
hostgroup_name linux-servers
service_description Infections
check_command ssh_check_infections
}
````
=======================
Last modified: 2014-02-25 09:25
Author: Bernhard Brunner
Nagios plugin to check for infections of new, in-the-wild root kits not covered by chkrootkit, rkhunter etc.
Currently, this nagios plugin checks for the following rootkits:
- cdorked using an external c program
- ebury
- darkleech
Adding the check to nagios3
---------------------------
1. Prerequisite: set up check_by_ssh for the servers(s) you want to check
2. Copy the script and cdorked.c program to the server, e.g. in directory /usr/local/bin
3. Compile the cdorked.c program on the server, rename the file to "cdorked-`uname -m`" so that you have an exe for your cpu.
4. Add command and service to your nagios configuration. In the configuration below, all servers belonging to the group linux-servers will automatically get checked using nagios-check-infections. Nagios configuration is beyond the scope of this readme. My configuration is based on hostgroups, so when adding a host just the hostgroups will specified, the service checks are triggered by the hostgroups.
Define a new command ssh_check_infections:
````
# 'ssh_infections command definition
define command
? command_name ssh_check_infections
? command_line /usr/lib/nagios/plugins/check_by_ssh -p $_HOSTSSHPORT$ -t 30 -H $HOSTADDRESS$ -C "/usr/local/bin/nagios-check-infections"
}
````
````
# Define a service to check for infections
define service{
use generic-service ; Name of service template to use
hostgroup_name linux-servers
service_description Infections
check_command ssh_check_infections
}
````
Reviews (0)
Be the first to review this listing!
