service firewall check

[m0le121]

on client:

Code: Select all

[root@name~]# /etc/init.d/firewall status
firewall is running
[root@name~]# service firewall stop
Deleting firewall packet filter                            [  OK  ]
[root@name~]# /etc/init.d/firewall status
firewall is stopped
[root@name~]# service firewall start
Installing Firewall packet filter WARNING: All config files need .conf: /etc/modprobe.d/block-ipv6.config, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/block-ipv6.config, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/block-ipv6.config, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/block-ipv6.config, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/block-ipv6.config, it will be ignored in a future release.
WARNING: All config files need .conf: /etc/modprobe.d/block-ipv6.config, it will be ignored in a future release.
                                                           [  OK  ]
[root@name~]#

on server:

Code: Select all

[root@monitoring ~]# /etc/init.d/firewall status
-bash: /etc/init.d/firewall: No such file or directory
[root@monitoring ~]#

IF i run the code below on the nagios server:

Code: Select all

[root@monitoring ~]# /usr/lib64/nagios/plugins/check_nrpe -H externalip.com -c firewall_check
Status 2 - Information : firewall is unknown -
[root@monitoring ~]#

value $T1 = empty

if i remove sudo in the code:

Code: Select all

T1=$(sudo /etc/init.d/$SERVICE status)

the output on the nagios server will always be:

Code: Select all

[root@monitoring ~]# /usr/lib64/nagios/plugins/check_nrpe -H externalip.com -c firewall_check
Status 1 - Critical : firewall is stopped

[tgriep]

On your remote system that you want to check for the firewall status, can you run the following while the firewall is enabled and disabled and post the output back?

Code: Select all

su nagios
/usr/lib/nagios/plugins/firewall_check.sh
echo $?

[m0le121]

Good news it works now

On the client side i did:

Code: Select all

sudoedit /etc/sudoers

#Nagios user
Defaults:nrpe  !authenticate
nrpe           ALL=/sbin/service firewall status
nrpe           ALL = (root) NOPASSWD:/sbin/iptables -L -n
Defaults:nrpe  !requiretty

#Nagios user
Defaults:nagios   !authenticate
nagios            ALL=/sbin/service firewall status
nagios            ALL = (root) NOPASSWD:/sbin/iptables -L -n
Defaults:nagios   !requiretty

-- BEGIN CODE --
#!/bin/bash
#
# Author: Ronny Fischer
# Date: 20-07-2015
# Description: Check service firewall is running
#
SERVICE=firewall;
T1=$(sudo /sbin/service $SERVICE status)
RUNNING="$SERVICE is running"
STOPPED="$SERVICE is stopped"
UNKNOWN="$SERVICE is unknown"

IP_ROWS=100
IPTABLES_ROWS=$(sudo /sbin/iptables -L -n | wc -l)
FIREWALL_ROWS=$(sudo /sbin/service $SERVICE status | wc -l)

if [ "$T1" = "$RUNNING" ]; then
   echo "Status 0 - OK : $RUNNING - $IPTABLES_ROWS regels"
   exit 0
elif [ "$T1" != "$RUNNING" ] && [ $IPTABLES_ROWS -gt $IP_ROWS ] && [ $FIREWALL_ROWS -gt $IP_ROWS ]; then
   echo "Status 0 - OK : $RUNNING - $IPTABLES_ROWS regels"
   exit 0
elif [ "$T1" = "$STOPPED" ] || [ $IPTABLES_ROWS -lt $IP_ROWS ]; then
   echo "Status 1 - Critical : $STOPPED - $IPTABLES_ROWS regels"
   exit 2
else
  echo "Status 2 - Information : $UNKNOWN"
  exit 3
fi
-- END CODE --

The problem was the rights of the nagios user!
Thanks all for helping!

[tmcdonald]

I'll be closing this thread now, but feel free to open another if you need anything in the future!