Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
nagios-check-infections
Current Version
1.0
Last Release Date
2014-02-25
Compatible With
- Nagios 3.x
Owner
License
GPL
Hits
24361
nagios-check-infections
=======================
Last modified: 2014-02-25 09:25
Author: Bernhard Brunner
Nagios plugin to check for infections of new, in-the-wild root kits not covered by chkrootkit, rkhunter etc.
Currently, this nagios plugin checks for the following rootkits:
- cdorked using an external c program
- ebury
- darkleech
Adding the check to nagios3
---------------------------
1. Prerequisite: set up check_by_ssh for the servers(s) you want to check
2. Copy the script and cdorked.c program to the server, e.g. in directory /usr/local/bin
3. Compile the cdorked.c program on the server, rename the file to "cdorked-`uname -m`" so that you have an exe for your cpu.
4. Add command and service to your nagios configuration. In the configuration below, all servers belonging to the group linux-servers will automatically get checked using nagios-check-infections. Nagios configuration is beyond the scope of this readme. My configuration is based on hostgroups, so when adding a host just the hostgroups will specified, the service checks are triggered by the hostgroups.
Define a new command ssh_check_infections:
````
# 'ssh_infections command definition
define command
? command_name ssh_check_infections
? command_line /usr/lib/nagios/plugins/check_by_ssh -p $_HOSTSSHPORT$ -t 30 -H $HOSTADDRESS$ -C "/usr/local/bin/nagios-check-infections"
}
````
````
# Define a service to check for infections
define service{
use generic-service ; Name of service template to use
hostgroup_name linux-servers
service_description Infections
check_command ssh_check_infections
}
````
=======================
Last modified: 2014-02-25 09:25
Author: Bernhard Brunner
Nagios plugin to check for infections of new, in-the-wild root kits not covered by chkrootkit, rkhunter etc.
Currently, this nagios plugin checks for the following rootkits:
- cdorked using an external c program
- ebury
- darkleech
Adding the check to nagios3
---------------------------
1. Prerequisite: set up check_by_ssh for the servers(s) you want to check
2. Copy the script and cdorked.c program to the server, e.g. in directory /usr/local/bin
3. Compile the cdorked.c program on the server, rename the file to "cdorked-`uname -m`" so that you have an exe for your cpu.
4. Add command and service to your nagios configuration. In the configuration below, all servers belonging to the group linux-servers will automatically get checked using nagios-check-infections. Nagios configuration is beyond the scope of this readme. My configuration is based on hostgroups, so when adding a host just the hostgroups will specified, the service checks are triggered by the hostgroups.
Define a new command ssh_check_infections:
````
# 'ssh_infections command definition
define command
? command_name ssh_check_infections
? command_line /usr/lib/nagios/plugins/check_by_ssh -p $_HOSTSSHPORT$ -t 30 -H $HOSTADDRESS$ -C "/usr/local/bin/nagios-check-infections"
}
````
````
# Define a service to check for infections
define service{
use generic-service ; Name of service template to use
hostgroup_name linux-servers
service_description Infections
check_command ssh_check_infections
}
````
Reviews (0)
Be the first to review this listing!
