Nagios Support Forum

Hello, all.

Earlier today I spoke with @ssax regarding our unique set up. We need to have scripts run by the host agents to check for the following:

• Whole disk encryption for the system drive, whether or not it's encrypted and, if possible, the cipher strength of that encryption. Should be able to detect using any encryption software. Alert if drive is not fully encrypted or if any SEA-256 cipher strength was not used.
• Screen Savers, whether or not they're enabled, if they are set to show for longer than 5 minutes of idle, and whether or not the workstation locks and asks for the user's password to access the workstation again. Alert if any of these conditions are not met or if the Windows screensaver is set to Bubbles.
• Whether or not a password is set for all user accounts. Alert if there is no password set on any account.
• Whether or not automatic login is enabled. Alert if it's enabled.
• Report if user accounts are either Standard or Administrator accounts.
• Whether or not a firewall is present and running. Should support any firewall software. Alert if there isn't one running, it's not enabled, or if one isn't installed.
• Whether or not anti-virus is installed, enabled, and it's up-to-date. Should support any desktop anti-virus or Intnernet security product. Alert if there isn't one installed, it isn't running, or its definitions are out of date.
• Whether or not automatic updates for the OS are enabled. Alert if it's not enabled and, if possible, if available updates are not installed.
• Whether or not Java (JRE) is updated, giving the version number, if possible. Alert if it's not up-to-date.
• The ages of files in a particular folder. This folder will be in a user's set of profile or home folders, so consideration for using variables to identify the currently logged in user is a must (%USERPROFILE%\Documents and ~/Documents, for example). Alert if files are in the folder past three weeks (warning) and one month (critical).

We'd also like scripts to help us fix some of these issues in the background without disturbing the user, initiating these scripts from the Nagios server, if at all possible. Easier ones like enabling firewall and anti-virus, setting the screen saver, disabling automatic login, and such.

Let me know what you can come up with to help us figure out what needs to be scripted versus what's out there, and how we bundle it all up with agent installs. We need these for both Windows and Mac, unless otherwise specified.

Thank you!

To help us on our way with this, can you PM me your Profile? You can download it by going to Admin > System Config > System Profile and click the Download Profile button towards the top. If for whatever reason you *cannot* download the profile, please put the output of Show Profile in the thread (that will at least get us some info).

After you PM the profile, please update this thread. Updating this thread is the only way for it to show back up on our dashboard.

@dwhitfield, how do I send a direct message to you from this forum system?

There's a PM button to the right (and slightly beneath) of the "Quote" button.

UPDATE: Profile received and shared with techs.

Sounds more something for sccm. Not really for nagios but that is my opinion.

@dwitfield, Thank you. I had to reload the page to get the PM button to show.

@ruffsense, I agree to an extent that would be ideal our company had any kind of centralized infrastructure, particularly one where SCCM and Active Directory were used. Unfortunately, all of our users are remote and don't log in to anything centralized (no AD, no LDAP, no OD, not even VPN). It's a little unusual.

For all of your requirements, I would look at using powershell / batch and figure out if the capabilities exist for it all. Some of the plugins may already exist, and others you'll need to create. Our community Exchange is @ https://exchange.nagios.org

As for the Nagios portion, you'll want to learn about event handlers to react to certain alerts in a if this then that fashion - https://assets.nagios.com/downloads/nag ... ios-XI.pdf
You will also want to learn about how to Configure NSClient++ (which will be the agent, which executes the scripts on the end users computer) - https://assets.nagios.com/downloads/nag ... ios-XI.pdf

@rkennedy, thank you for the recommendations! Does this mean, then, that for our Mac users, I might need to look at shell scripting or AppleScript? Is this what you'd suggest? What about using Python for both platforms?

TCN-Link wrote: Does this mean, then, that for our Mac users, I might need to look at shell scripting or AppleScript?

Whether you want to script it all or just parts will be up to you. If it were me, I'd use as much preexisting stuff as possible, but that's just me, and glancing at https://exchange.nagios.org/directory/P ... OS--2F-OSX suggests you will probably need to do some scripting.

Is this what you'd suggest?

I'd suggest looking at https://assets.nagios.com/downloads/nag ... _Agent.pdf (and the exchange link posted above) and going from there.

What about using Python for both platforms?

That's certainly an option. It's been ~8.5 years since I did any scripting on a Mac, so there is likely someone better placed to have an opinion on python on either of those platforms.



One thing I also want to point out is https://assets.nagios.com/downloads/nag ... ios-XI.pdf.

Please let us know if you have any additional questions. We're here to help!