Monitor HTTPS Website in NagiosXI.

[sundaraminfotech]

Hi Team,

I'm trying to monitor our customer websites through nagiosxi using SSL. I'm facing the below error after configure the website url in nagios xi.

nagios_web01.JPG

Please help to resolve the issue.

[lmiltchev]

Can you show us the actual command that you are running from the command line along with the output of it?

[sreinhardt]

What version of Nagios XI, OS, and openssl versions are you using?

Code: Select all

rpm -qa | grep openssl
cat /etc/*elease
uname -a

You can also specify the -v flag to get verbose output. Running your command from the cli and appending the -v flag then sending the output back here would be very helpful. Finally, do you know what ciphers are supported by your system? You can try my attached script to detect ciphers that your nagios system supports, that are also supported on your web server.

Code: Select all

Add the attached file to your nagios server in /tmp
chmod +x /tmp/check_ciphers.sh
/tmp/check_ciphers.sh -s [hostname or ip of web server] -d 1 -l /tmp/cipher-log -p 443

Once that command is completed, send us the /tmp/ciphers-log file please.

[sundaraminfotech]

Hi lmiltchev,

Please find the command & output in below screenshot.

http_error.JPG

[abrist]

Can you follow Spenser's suggestion in his previous post?

[sundaraminfotech]

Hi Team,

Please find the command output below

[root@NAGIOSXILB libexec]# rpm -qa | grep openssl
openssl-1.0.1e-15.el6.x86_64
openssl-devel-1.0.1e-15.el6.x86_64
openssl098e-0.9.8e-17.el6.centos.2.x86_64
[root@NAGIOSXILB libexec]# cat /etc/*elease
CentOS release 6.5 (Final)
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)
[root@NAGIOSXILB libexec]# uname -a
Linux NAGIOSXILB 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@NAGIOSXILB libexec]#

I'm trying the ciphers script it showing error please find the error message for your reference below

[root@NAGIOSXILB /]# /tmp/check_ciphers.sh -s 23.58.34.254 -d l -l /tmp/cipher-log1 -p 443
: No such file or directory
[root@NAGIOSXILB /]#
[root@NAGIOSXILB /]#
[root@NAGIOSXILB /]# ls -lrt /tmp/check_ciphers.sh
-rwxr-xr-x 1 root root 2225 Nov 17 10:28 /tmp/check_ciphers.sh
[root@NAGIOSXILB /]#
[root@NAGIOSXILB /]#

[lmiltchev]

This is really strange... Can you try cd-ing into the "/tmp" directory first, then running the command?

Code: Select all

cd /tmp
./check_ciphers.sh -s 23.58.34.254 -d 1 -l /tmp/cipher-log1 -p 443

[sundaraminfotech]

The same error persist.

[root@NAGIOSXILB tmp]# ./check_ciphers.sh -s 23.58.34.254 -d 1 -l /tmp/cipher-log1 -p 443
: No such file or directory

[lmiltchev]

Run the following command and place the output in code wraps:

Code: Select all

cat /tmp/check_ciphers.sh

Open the file in vi:

Code: Select all

vi /tmp/check_ciphers.sh

type:

Code: Select all

:set ff?

hit "Enter" and let us know what is the "fileformat" equal to.

[sundaraminfotech]

Hi Team,

Please find the outputs below,

Code: Select all

#!/usr/bin/env bash

## enable file and stdout logging.
logit() {
        if [[ -z $LOG ]]; then
                printf "%s\n" "$1"
        else
                printf "%s\n" "$1" | tee -a "$LOG"
        fi
}

## Main function to test all supported local ciphers against remote systems and
verify mutual ciphers.
check_ssl_ciphers() {

        ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

        logit "Obtaining cipher list from $(openssl version)."

        for cipher in ${ciphers[@]}; do
                result="Testing $cipher..."
                check_res+=$(echo -n | openssl s_client -cipher "$cipher" -conne
ct $SERVER:$PORT 2>&1)
                if [[ $VERBOSE -eq 1 ]]; then
                        echo "$check_res"
                fi

                if [[ "$check_res" =~ "Cipher is ${cipher}" || "$check_res" =~ "
Cipher    :" ]] ; then
                  result+="YES"
                else
                  if [[ "$result" =~ ":error:" ]] ; then
                        error=$(echo -n $result | cut -d':' -f6)
                        result+="NO ($error)"
                  else
                        result+="UNKNOWN RESPONSE"
                  fi
                fi

                logit "$result"
                sleep $DELAY
        done
}

## usage ...
usage() {
        cat <<EOF
Usage: $0 [options]

This script is intended to check a your local openssl version, against a remote
servers supported ciphers.
NMAP may be used as a one-line alternative as well with: nmap --script ssl-enum-
ciphers -p 443 www.example.com
Note: Despite the name, this is not an appropriate nagios plugin! It should only
 be used for manual validation of ciphers.

-s - Server name or IP.
-p - Remote server port.
-d - Delay between requests.
-l - Log file for output.
-v - Verbose output.
-h - This output.

EOF
}

## Handle cli arguments
while getopts "hvd:l:s:p:" opt
        do
        case $opt in
                h)
                        usage
                        exit 0
                        ;;
                d)
                        DELAY=$OPTARG
                        ;;
                l)
                        LOG="$OPTARG"
                        ;;
                s)
                        SERVER="$OPTARG"
                        ;;
                p)
                        PORT=$OPTARG
                        ;;
                v)
                        VERBOSE=1
                        ;;
                ?)
                        usage
                        exit 1
                        ;;
        esac
done

## Validate necessary args
if [[ -z $SERVER ]]; then
        echo ERROR: Server address is required.
        usage
        exit 1
fi
if [[ -z $PORT ]]; then
        echo WARNING: Using default port of 443.
        PORT=443
fi
if [[ -z $DELAY ]]; then
        echo WARNING: Using default delay of 1.
        DELAY=1
fi
if [[ -z $VERBOSE ]]; then
        VERBOSE=0
fi

## execute main()
check_ssl_ciphers

File Format Output

format.JPG