Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Monitor RHEL 6.9 - firewall status on/off

https://support.nagios.com/forum/viewtopic.php?t=46818

Page 1 of 1

Monitor RHEL 6.9 - firewall status on/off

Posted: Wed Dec 20, 2017 2:45 pm
by johnnyb
I'm new to Nagios XI and looking for a way to monitor the firewalls (iptables) on our RHEL 6.9 servers and notify us if the firewall gets turned off. Any assistance would be greatly appreciated.

jb

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Wed Dec 20, 2017 4:00 pm
by npolovenko
Hello, @johnnyb.
If you install NRPE on the RHEL server, you could use this plugin from here:

Code: Select all

http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/nagios-plugin-check_iptables/check_iptables?revision=1.6&view=co
or this one:

Code: Select all

https://exchange.nagios.org/directory/Plugins/Security/Firewall-Software/check_iptables/details
Here's the manual on how to install the NRPE agent:

Code: Select all

https://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_XI_Linux_Agent.pdf
You may also monitor whether the firewalld process is active or not and have alerts based on that.

You could also simply run a check from a Nagios server to see if the specific destination port is open. You wouldn't need to install any agents for that.

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Wed Dec 20, 2017 4:08 pm
by bolson
This one might suit your needs,

https://exchange.nagios.org/directory/P ... es/details

If not, let me know.

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Thu Dec 21, 2017 2:31 pm
by bolson
Did you find a plugin that meets your needs and may we close this topic as resolved? If not, if you're looking for a very basic plugin which simply checks to see if iptables is running or not, I'm about to publish such a plugin on the Nagios Exchange.

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Thu Dec 21, 2017 3:05 pm
by johnnyb
Nagios.IPTables2.png
I'd would be interested to see the plugin which simply checks to see if iptables is running or not. I'm still trying to get this to work properly. I apologize in advance as I am very new to Nagios XI.

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Thu Dec 21, 2017 3:07 pm
by johnnyb
Nagios.2.png

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Thu Dec 21, 2017 4:04 pm
by bolson
I'm not sure where you got all of the extra command arguments... The following seems to work just fine.
Untitled.jpg

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Thu Dec 21, 2017 4:06 pm
by lmiltchev
Initially, I thought you could simply use check_init_service with check_nrpe, for example:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H x.x.x.x -c check_init_service -a 'iptables'
However, this produces lots of output as it shows the firewall rules, instead of just stating: "iptables is running...". I haven't been able to find a specific plugin that is going to do the job, so I decided to use a simple bash script, and a custom command.

Here's what I did.

ON THE REMOTE MACHINE

I placed the following script (named "check_iptables") to the plugins directory (/usr/local/nagios/libexec):

Code: Select all

#!/bin/bash
 /sbin/service iptables status > /dev/null 2>&1
if [ $? = 0 ]; then
        echo "iptables is running"
        exit 0;
else
        echo "iptables is not running"
        exit 2;
fi
and made it executable.

Code: Select all

chmod +x /usr/local/nagios/libexec/check_iptables.sh
I added the following command to "/usr/local/nagios/etc/nrpe/common.cfg" file:

Code: Select all

command[check_iptables]=sudo /usr/local/nagios/libexec/check_iptables.sh
saved, exited, and restarted nrpe:

Code: Select all

service nrpe restart
Note: You can add the command to the "/usr/local/nagios/etc/nrpe.cfg" too if you wish. Also, if you are running NRPE under xinetd, you will need to restart xinetd (instead of nrpe deamon):

Code: Select all

service xinetd restart
Next, I modified /etc/sudoers (by running visudo) by adding this line:

Code: Select all

nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_iptables.sh
ON THE NAGIOS XI SERVER

I tested my check from the command line:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H <client ip> -c 'check_iptables'
iptables is running
Once I saw it was running, I created a new service check in XI:

Code: Select all

define service {
	host_name			CentOS6-NRPE
	service_description		iptables
	use				xiwizard_nrpe_service
	check_command			check_nrpe!check_iptables!!!!!!!
	max_check_attempts		5
	check_interval			5
	retry_interval			1
	check_period			xi_timeperiod_24x7
	notification_interval		60
	notification_period		xi_timeperiod_24x7
	notifications_enabled		1
	contacts			nagiosadmin
	_xiwizard			linux-server
	register			1
	}
example01.PNG
I scheduled a forced, immediate check in the GUI (under the Service Status Detail page):
example02.PNG
Hope this helps.

Re: Monitor RHEL 6.9 - firewall status on/off

Posted: Fri Dec 22, 2017 7:42 am
by johnnyb
Thank you very much Brian Olson and lmiltchev for all your assistance. I will take the information that you have given me and run with it. Please close this topic as resolved at your convenience. Again, thank you both for your patience with a Nagios newbie and your incredible expertise. jb
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited