Home Directory Plugins Security nagios-check-infections

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

nagios-check-infections

Current Version
1.0
Last Release Date
2014-02-25
Compatible With
  • Nagios 3.x
Owner
License
GPL
Hits
24730
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Nagios plugin to check for infections of new, in-the-wild root kits not covered by chkrootkit, rkhunter etc.
nagios-check-infections
=======================
Last modified: 2014-02-25 09:25
Author: Bernhard Brunner

Nagios plugin to check for infections of new, in-the-wild root kits not covered by chkrootkit, rkhunter etc.

Currently, this nagios plugin checks for the following rootkits:
- cdorked using an external c program
- ebury
- darkleech

Adding the check to nagios3
---------------------------
1. Prerequisite: set up check_by_ssh for the servers(s) you want to check
2. Copy the script and cdorked.c program to the server, e.g. in directory /usr/local/bin
3. Compile the cdorked.c program on the server, rename the file to "cdorked-`uname -m`" so that you have an exe for your cpu.
4. Add command and service to your nagios configuration. In the configuration below, all servers belonging to the group linux-servers will automatically get checked using nagios-check-infections. Nagios configuration is beyond the scope of this readme. My configuration is based on hostgroups, so when adding a host just the hostgroups will specified, the service checks are triggered by the hostgroups.


Define a new command ssh_check_infections:

````
# 'ssh_infections command definition
define command
? command_name ssh_check_infections
? command_line /usr/lib/nagios/plugins/check_by_ssh -p $_HOSTSSHPORT$ -t 30 -H $HOSTADDRESS$ -C "/usr/local/bin/nagios-check-infections"
}
````

````
# Define a service to check for infections
define service{
use generic-service ; Name of service template to use
hostgroup_name linux-servers
service_description Infections
check_command ssh_check_infections
}
````