標籤:nagios 監控 iptables
即時監控Iptables,防止人為關閉後,忘了開啟,或者監控規則是否有增刪。
在用戶端(被監控端):
# cd /usr/local/nagios/etc
# vim nrpe.cfg 增加如下內容:
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
# cd /usr/local/nagios/libexec
# touch check_iptables.sh
# chmod 755 check_iptables.sh
# chown nagios:nagios check_iptables.sh
# vim check_iptables.sh ;增加如下內容:
---------------------------------
#!/bin/bash
local_iptables_md5="975fe1cb63de080b470a1073bebb0f56" //首先擷取iptables 開啟狀態下的MD5值
check_iptables_md5=`sudo /sbin/iptables -n -t filter -L|md5sum|awk ‘{print $1}‘`
if [ $local_iptables_md5 == $check_iptables_md5 ]; then
echo "OK - Iptables is OK"
exit 0
else
echo "CRITICAL - Iptables is CRITICAL"
exit 2
fi
---------------------------------
指令碼說明:先擷取iptables的值,然後對比現在的值,如果一樣,說明iptables狀態正常,否則報異常;
# visudo 增加如下內容:
nagios ALL= NOPASSWD: /sbin/iptables -n -t filter -L
註:指令碼調用了iptables命令,iptables預設只允許root調用,所有需要修改sudo。以上語句,表示只允許nagios使用者不用密碼使用該條命令。
在服務端(監控端):
在監控設定檔裡新增如下內容:
define service {
use web-service
host_name ip address
service_description iptables_status
check_command check_nrpe!check_iptables
}
最後檢測配置並重啟nagios。
本文出自 “方寸小山” 部落格,請務必保留此出處http://63638790.blog.51cto.com/513514/1577334
nagios 即時監控 iptables 狀態
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
