I'm new to Nagios XI and looking for a way to monitor the firewalls (iptables) on our RHEL 6.9 servers and notify us if the firewall gets turned off. Any assistance would be greatly appreciated.
jb
Monitor RHEL 6.9 - firewall status on/off
-
npolovenko
- Support Tech
- Posts: 3457
- Joined: Mon May 15, 2017 5:00 pm
Re: Monitor RHEL 6.9 - firewall status on/off
Hello, @johnnyb.
If you install NRPE on the RHEL server, you could use this plugin from here:
or this one:
Here's the manual on how to install the NRPE agent:
You may also monitor whether the firewalld process is active or not and have alerts based on that.
You could also simply run a check from a Nagios server to see if the specific destination port is open. You wouldn't need to install any agents for that.
If you install NRPE on the RHEL server, you could use this plugin from here:
Code: Select all
http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/nagios-plugin-check_iptables/check_iptables?revision=1.6&view=coCode: Select all
https://exchange.nagios.org/directory/Plugins/Security/Firewall-Software/check_iptables/detailsCode: Select all
https://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_XI_Linux_Agent.pdfYou could also simply run a check from a Nagios server to see if the specific destination port is open. You wouldn't need to install any agents for that.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
bolson
Re: Monitor RHEL 6.9 - firewall status on/off
This one might suit your needs,
https://exchange.nagios.org/directory/P ... es/details
If not, let me know.
https://exchange.nagios.org/directory/P ... es/details
If not, let me know.
-
bolson
Re: Monitor RHEL 6.9 - firewall status on/off
Did you find a plugin that meets your needs and may we close this topic as resolved? If not, if you're looking for a very basic plugin which simply checks to see if iptables is running or not, I'm about to publish such a plugin on the Nagios Exchange.
Re: Monitor RHEL 6.9 - firewall status on/off
I'd would be interested to see the plugin which simply checks to see if iptables is running or not. I'm still trying to get this to work properly. I apologize in advance as I am very new to Nagios XI.
You do not have the required permissions to view the files attached to this post.
Re: Monitor RHEL 6.9 - firewall status on/off
You do not have the required permissions to view the files attached to this post.
-
bolson
Re: Monitor RHEL 6.9 - firewall status on/off
I'm not sure where you got all of the extra command arguments... The following seems to work just fine.
You do not have the required permissions to view the files attached to this post.
Re: Monitor RHEL 6.9 - firewall status on/off
Initially, I thought you could simply use check_init_service with check_nrpe, for example:
However, this produces lots of output as it shows the firewall rules, instead of just stating: "iptables is running...". I haven't been able to find a specific plugin that is going to do the job, so I decided to use a simple bash script, and a custom command.
Here's what I did.
ON THE REMOTE MACHINE
I placed the following script (named "check_iptables") to the plugins directory (/usr/local/nagios/libexec):
and made it executable.
I added the following command to "/usr/local/nagios/etc/nrpe/common.cfg" file:
saved, exited, and restarted nrpe:
Note: You can add the command to the "/usr/local/nagios/etc/nrpe.cfg" too if you wish. Also, if you are running NRPE under xinetd, you will need to restart xinetd (instead of nrpe deamon):
Next, I modified /etc/sudoers (by running visudo) by adding this line:
ON THE NAGIOS XI SERVER
I tested my check from the command line:
Once I saw it was running, I created a new service check in XI:
I scheduled a forced, immediate check in the GUI (under the Service Status Detail page):
Hope this helps.
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H x.x.x.x -c check_init_service -a 'iptables'Here's what I did.
ON THE REMOTE MACHINE
I placed the following script (named "check_iptables") to the plugins directory (/usr/local/nagios/libexec):
Code: Select all
#!/bin/bash
/sbin/service iptables status > /dev/null 2>&1
if [ $? = 0 ]; then
echo "iptables is running"
exit 0;
else
echo "iptables is not running"
exit 2;
fiCode: Select all
chmod +x /usr/local/nagios/libexec/check_iptables.shCode: Select all
command[check_iptables]=sudo /usr/local/nagios/libexec/check_iptables.shCode: Select all
service nrpe restartCode: Select all
service xinetd restartCode: Select all
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_iptables.shI tested my check from the command line:
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H <client ip> -c 'check_iptables'
iptables is runningCode: Select all
define service {
host_name CentOS6-NRPE
service_description iptables
use xiwizard_nrpe_service
check_command check_nrpe!check_iptables!!!!!!!
max_check_attempts 5
check_interval 5
retry_interval 1
check_period xi_timeperiod_24x7
notification_interval 60
notification_period xi_timeperiod_24x7
notifications_enabled 1
contacts nagiosadmin
_xiwizard linux-server
register 1
}Hope this helps.
You do not have the required permissions to view the files attached to this post.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitor RHEL 6.9 - firewall status on/off
Thank you very much Brian Olson and lmiltchev for all your assistance. I will take the information that you have given me and run with it. Please close this topic as resolved at your convenience. Again, thank you both for your patience with a Nagios newbie and your incredible expertise. jb