Build precise queries to find exactly what you need
Press ESC to close
Your review has been submitted and is pending approval.
check_heartbleed allows you to check for the Heartbleed Vulnerability (CVE-2014-0160) of openssl on various systems. Version - 0.6 : Added TLSv1.0 and SSLv3.0 support If no version is specified, checks all versions. Altered output somewhat. Added optional verbose output Version - 0.5 : Added socket timeout option with default to 10 seconds Changed no data received to unknown, was returning OK. Version - 0.4 : Try: Except: on all socket interactions. Spelling mistake. Version - 0.3 : Properly catches socket connection error. Reworking of internal logic Alterations of some unknown messages Version - 0.2 : Now works with Python 2.4+
Current Version
0.6
Last Release Date
2014-04-18
Owner
Scott Wilkerson
Compatible With
# /usr/local/nagios/libexec/check_heartbleed.py -h usage: check_heartbleed.py server [options]
Test for SSL heartbeat vulnerability (CVE-2014-0160)
options: -h, --help show this help message and exit -H HOST, --host=HOST Host to connect to (default: 127.0.0.1) -p PORT, --port=PORT TCP port to test (default: 443) -v VERSION, --version=VERSION TLS or SSL version to test [TLSv1.0(0), TLSv1.1(1), TLSv1.2(2), or SSLv3.0(3)] (default: all) -u, --udp Use TCP or UDP protocols, no arguments needed. This does not work presently, keep to TCP. (default: TCP) -t TIMEOUT, --timeout=TIMEOUT Plugin timeout length (default: 10) -V, --verbose Print verbose output, including hexdumps of packets.
Example Usage:
# ./check_heartbleed.py -H yahoo.com -p 443 -v 1 OK: yahoo.com TLSv1.0 is not vulnerable # echo $? 0 # ./check_heartbleed.py -H vulnerable.site.com -p 443 -v 1 CRITICAL: vulnerable.site.com TLSv1.0 is vulnerable # echo $? 2 # ./check_heartbleed.py -H vulnerable.site.com CRITICAL: Server vulnerable.site.com TLSv1.0 is vulnerable. TLSv1.1 is vulnerable. TLSv1.2 is vulnerable. SSLv3.0 is vulnerable.
Example Command:
define command { command_name check_heartbleed command_line $USER1$/check_heartbleed.py -H $HOSTADDRESS$ -p 443 -v 1 }
Hey, The plugin works great for some hosts, but is failing for a fairly large number, not sure if this is an issue at my side but I don't think so - [root@host scripts]# ./check_heartbleed.py -H www.google.com -p 443 OK: Server www.google.com TLSv1.0 is not vulnerable. TLSv1.1 is not vulnerable. TLSv1.2 is not vulnerable. SSLv3.0 is not vulnerable. [root@host scripts]# ./check_heartbleed.py -H www.test.com -p 443 UNKNOWN: Server www.test.com closed connection without sending Server Hello. Any thoughts?
In Fortigate devices with FortiOS affected by Heartbleed (FGxxx-5.00-FW-build208-130603), plugin returns OK instead CRITICAL. When we check this devices with NMAP and ssl-heartbleed.nse script, the result is VULNERABLE.
As of 14/4/14 (v0.3), All known issues with python 2.4+ should be resolved. There has been a -H flag per standard nagios plugins, and additional error handling. Please try it again and let us know if issues persist.
hi, i've tried to use it on: rhel 5.x ( Package python-2.4.3-56.el5.x86_64 already installed) but i get the following error msg: --------------------------------------- :~>./check_hearbleed.py --------------------------------------- File "./check_hearbleed.py", line 62 pdat = ' '.join((c if 32
Below is the steps I followed: 1. downloaded “Check_heartbleed.txt” to “check_heartbleed.py” 2. moved to “/usr/local/nagios/libexec/” 3. chmod –R 777 check_heartbleed.py I am getting below error if I execute the script.. any clue on this? [root@localhost libexec]# ./check_heartbleed.py 10.1.71.49 -p 443 Traceback (most recent call last): File "./check_heartbleed.py", line 151, in main() File "./check_heartbleed.py", line 132, in main s.connect((args[0], opts.port)) File "", line 1, in connect socket.error: [Errno 111] Connection refused
Im getting a syntax error: File "./check_heartbleed.py", line 62 pdat = '.join((c if 32 python version: Python 2.4.3 (#1, Oct 23 2012, 22:02:41) [GCC 4.1.2 20080704 (Red Hat 4.1.2-54)] on linux2 Type "help", "copyright", "credits" or "license" for more information.
File "./check_heartbleed.py", line 62 pdat = '.join((c if 32
Hi, I'm getting the following syntax error while executing the plugin. /usr/local/nagios/libexec/check_heartbleed.py localhost -p 443 -v 1 File "/usr/local/nagios/libexec/check_heartbleed.py", line 62 pdat = ''.join((c if 32
You must be logged in to submit a review.
To:
From:
We’ve completely redesigned the world’s largest repository of Nagios plugins and monitoring tools. Join thousands of users sharing monitoring solutions for servers, applications, and everything in between.
Due to our redesign, all existing accounts require a password reset to access your account again.
Ready to explore 6,100+ projects and contribute to the community?
Reset Password Create Account
Happy Monitoring!