Real-time monitoring of iptables, to prevent human shutdown, forget to open, or monitoring rules whether there are additions and deletions.
On the client side (monitored):
# CD/USR/LOCAL/NAGIOS/ETC
# VIM Nrpe.cfg adds the following:
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
# cd/usr/local/nagios/libexec
# Touch Check_iptables.sh
# chmod 755 check_iptables.sh
# chown Nagios:nagios check_iptables.sh
# vim check_iptables.sh; add the following:
---------------------------------
#!/bin/bash
local_iptables_md5= "975fe1cb63de080b470a1073bebb0f56"//First get the MD5 value in iptables open state
check_iptables_md5= ' sudo/sbin/iptables-n-t Filter-l|md5sum|awk ' {print $} '
if [$local _iptables_md5 = = $check _IPTABLES_MD5]; Then
echo "Ok-iptables is OK"
Exit 0
Else
echo "Critical-iptables is CRITICAL"
Exit 2
Fi
---------------------------------
Script Description: First obtain the value of iptables, and then compare the current value, if the same, indicating that the iptables state is normal, otherwise reported abnormal;
# Visudo Add the following content:
Nagios all= nopasswd:/sbin/iptables-n-T Filter-l
Note: The script calls the Iptables command, and iptables only allows root calls, all of which need to be modified by sudo. The above statement means that only Nagios users are allowed to use the command without a password.
On the server side (monitor side):
The following additions are added to the monitoring configuration file:
Define Service {
Use Web-service
HOST_NAME IP Address
Service_description Iptables_status
Check_command Check_nrpe!check_iptables
}
Finally detect the configuration and restart Nagios.
This article is from the "Square Hill" blog, please be sure to keep this source http://63638790.blog.51cto.com/513514/1577334
Nagios real-time monitoring of iptables status