packages: nagios-plugin-check_iptables/check_iptables (NEW), nagios-plugin-...
glen
glen at pld-linux.org
Thu Mar 18 13:59:50 CET 2010
Author: glen Date: Thu Mar 18 12:59:50 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- plugin to check if at least some iptables rules are present
---- Files affected:
packages/nagios-plugin-check_iptables:
check_iptables (NONE -> 1.1) (NEW), check_iptables.cfg (NONE -> 1.1) (NEW), nagios-plugin-check_iptables.spec (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/nagios-plugin-check_iptables/check_iptables
diff -u /dev/null packages/nagios-plugin-check_iptables/check_iptables:1.1
--- /dev/null Thu Mar 18 13:59:50 2010
+++ packages/nagios-plugin-check_iptables/check_iptables Thu Mar 18 13:59:45 2010
@@ -0,0 +1,148 @@
+#!/bin/sh
+PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
+
+PROGNAME=`basename $0`
+PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
+REVISION=`echo '$Revision$' | sed -e 's/[^0-9.]//g'`
+
+. $PROGPATH/utils.sh
+
+iptables=/usr/sbin/iptables
+sudo=/usr/bin/sudo
+chain=INPUT
+table=filter
+verbose=0
+warning=1
+critical=1
+
+print_usage() {
+ echo "Usage: $PROGNAME -C CHAIN -t TABLE"
+ echo "Usage: $PROGNAME --help"
+ echo "Usage: $PROGNAME --version"
+}
+
+print_help() {
+ print_revision $PROGNAME $REVISION
+ echo ""
+ print_usage
+ echo ""
+ echo "This plugin test the SMTP service on the specified host by sending mail there"
+ echo ""
+
+ echo "-C CHAIN"
+ echo " Chain to list. Default: $chain"
+ echo "-t TABLE"
+ echo " Table to list. Default: $table"
+ echo "-S"
+ echo " Install sudo rules"
+ echo "-v"
+ echo " Enable verbose run"
+ echo "--help"
+ echo " Print this help screen"
+ echo "--version"
+ echo " Print version and license information"
+ echo ""
+
+ support
+ exit 0
+}
+
+setup_sudoers() {
+ new=/etc/sudoers.$$.new
+ umask 0227
+ cat /etc/sudoers > $new
+ cat >> $new <<-EOF
+
+ # Lines matching CHECK_IPTABLES added by $0 -S on $(date)
+ User_Alias CHECK_IPTABLES=nagios
+ CHECK_IPTABLES ALL=(root) NOPASSWD: $iptables -n -t $table -L $chain
+ EOF
+
+ if visudo -c -f $new; then
+ mv -f $new /etc/sudoers
+ exit 0
+ fi
+# rm -f $new
+ exit 1
+}
+
+list_iptables() {
+ $sudo $iptables -n -t $table -L $chain | grep -Fc /
+}
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ --help)
+ print_help
+ exit 0
+ ;;
+
+ -h)
+ print_help
+ exit 0
+ ;;
+
+ --version)
+ print_revision $PROGNAME $REVISION
+ exit 0
+ ;;
+
+ -V)
+ print_revision $PROGNAME $REVISION
+ exit 0
+ ;;
+
+ -v)
+ verbose=1
+ ;;
+
+ -S)
+ setup_sudoers
+ ;;
+
+ -C)
+ chain=$2; shift
+ ;;
+
+ -t)
+ table=$2; shift
+ ;;
+
+ -w)
+ warning=$2; shift
+ ;;
+
+ -c)
+ critical=$2; shift
+ ;;
+
+ *)
+ echo >&2 "Unknown argument: $1"
+ print_usage
+ exit $STATE_UNKNOWN
+ ;;
+ esac
+ shift
+done
+
+
+rc=$STATE_UNKNOWN
+
+# if running as root, skip sudo
+[ "$(id -u)" != 0 ] || sudo=
+
+count=$(list_iptables)
+if [ "$count" -lt "$critical" ]; then
+ rc=$STATE_CRITICAL
+ state=CRITICAL
+elif [ "$count" -lt "$warning" ]; then
+ rc=$STATE_WARNING
+ state=WARNING
+else
+ rc=$STATE_OK
+ state=OK
+fi
+
+echo "$state: $count iptables rules in $chain chain of $table table"
+
+exit $rc
================================================================
Index: packages/nagios-plugin-check_iptables/check_iptables.cfg
diff -u /dev/null packages/nagios-plugin-check_iptables/check_iptables.cfg:1.1
--- /dev/null Thu Mar 18 13:59:50 2010
+++ packages/nagios-plugin-check_iptables/check_iptables.cfg Thu Mar 18 13:59:45 2010
@@ -0,0 +1,22 @@
+# Usage:
+# check_iptables
+define command {
+ command_name check_iptables
+ command_line /usr/lib/nagios/plugins/check_iptables
+}
+
+define service {
+ use generic-service
+ name iptables
+ register 0
+ service_description iptables
+
+ normal_check_interval 120
+ retry_check_interval 15
+ max_check_attempts 3
+
+ check_period daytime
+ notification_interval 240
+
+ check_command check_iptables
+}
================================================================
Index: packages/nagios-plugin-check_iptables/nagios-plugin-check_iptables.spec
diff -u /dev/null packages/nagios-plugin-check_iptables/nagios-plugin-check_iptables.spec:1.1
--- /dev/null Thu Mar 18 13:59:50 2010
+++ packages/nagios-plugin-check_iptables/nagios-plugin-check_iptables.spec Thu Mar 18 13:59:45 2010
@@ -0,0 +1,67 @@
+# $Revision$, $Date$
+%define plugin check_iptables
+Summary: Nagios plugin to check count of iptables rules
+Name: nagios-plugin-%{plugin}
+Version: 0.1
+Release: 1
+License: GPL v2
+Group: Networking
+Source0: %{plugin}
+Source1: %{plugin}.cfg
+BuildRequires: rpmbuild(macros) >= 1.552
+Requires: iptables
+Requires: nagios-common
+Requires: sudo
+BuildArch: noarch
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define _sysconfdir /etc/nagios/plugins
+%define plugindir %{_prefix}/lib/nagios/plugins
+
+%description
+Nagios plugin to check count of iptables rules.
+
+%prep
+%setup -qcT
+cp -p %{SOURCE0} %{plugin}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},%{plugindir}}
+install -p %{plugin} $RPM_BUILD_ROOT%{plugindir}/%{plugin}
+sed -e 's, at plugindir@,%{plugindir},' %{SOURCE1} > $RPM_BUILD_ROOT%{_sysconfdir}/%{plugin}.cfg
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+if [ "$1" = 1 ]; then
+ # setup sudo rules on first install
+ %{plugindir}/%{plugin} -S || :
+fi
+
+%postun
+if [ "$1" = 0 ]; then
+ # remove all sudo rules related to us
+ %{__sed} -i -e '/CHECK_IPTABLES/d' /etc/sudoers
+fi
+
+%triggerin -- nagios-nrpe
+%nagios_nrpe -a %{plugin} -f %{_sysconfdir}/%{plugin}.cfg
+
+%triggerun -- nagios-nrpe
+%nagios_nrpe -d %{plugin} -f %{_sysconfdir}/%{plugin}.cfg
+
+%files
+%defattr(644,root,root,755)
+%attr(640,root,nagios) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{plugin}.cfg
+%attr(755,root,root) %{plugindir}/%{plugin}
+
+%define date %(echo `LC_ALL="C" date +"%a %b %d %Y"`)
+%changelog
+* %{date} PLD Team <feedback at pld-linux.org>
+All persons listed below can be reached at <cvs_login>@pld-linux.org
+
+$Log$
+Revision 1.1 2010/03/18 12:59:45 glen
+- plugin to check if at least some iptables rules are present
================================================================
More information about the pld-cvs-commit
mailing list