Page 1 of 2
Check_user Plugin usage
Posted: Tue Sep 22, 2020 6:19 am
by RIDS_I2MP
We would like to understand about the check_user module on Nagios if it can be used to monitor the user activity ?
Can you please share the details setup steps for Unix and Windows platform.
Thanks
Nitin
Re: Check_user Plugin usage
Posted: Tue Sep 22, 2020 5:54 pm
by benjaminsmith
Hi Nitin,
Okay, so on the Linux side there is an official Nagios supporter plugin called check_users. This plugin checks the number of users currently logged in on the local system and generates an error if the number exceeds the thresholds specified.
https://nagios-plugins.org/doc/man/check_users.html
On the Windows side, I would take look at using the Windows Counters available and setup checks via NCPA using the windowscounters API endpoint in NCPA.
https://www.nagios.org/ncpa/help.php#ap ... wscounters
Hope that helps answer your question and let me know if you need clarification on anything.
Thanks,
Benjamin
Re: Check_user Plugin usage
Posted: Wed Sep 23, 2020 5:09 am
by RIDS_I2MP
Hi Team,
if it can be used to monitor the user activity on Prod servers during Off business hours?
Is it possible for Linux ?
Thanks
Nitin Parate
Re: Check_user Plugin usage
Posted: Wed Sep 23, 2020 4:53 pm
by benjaminsmith
HI Nitin,
if it can be used to monitor the user activity on Prod servers during Off business hours?
Can you provide some specifics regarding user activity? What metrics do you want to run checks against?
Thanks,
Benjamin
Re: Check_user Plugin usage
Posted: Mon Oct 19, 2020 5:15 pm
by RIDS_I2MP
benjaminsmith wrote:Hi Nitin,
Okay, so on the Linux side there is an official Nagios supporter plugin called check_users. This plugin checks the number of users currently logged in on the local system and generates an error if the number exceeds the thresholds specified.
https://nagios-plugins.org/doc/man/check_users.html
Thanks,
Benjamin
Hi Benjamin/Team,
This Plugin can be used on linux/Unix machine after installing NRPE Agent on it. But we have already installed NCPA Agent on linux/Unix machine . So kindly guide us on how to use check_users plugin for those Linux/Unix servers getting monitored via NCPA Agent.
Re: Check_user Plugin usage
Posted: Tue Oct 20, 2020 2:57 pm
by benjaminsmith
Hi,
So you can use plugins with NCPA as well. What you'll want to do here is compile the Nagiso plugins on the server, and use the NCPA plugin API endpoint.
Instructions for Installing Nagios Plugins
https://support.nagios.com/kb/article/n ... tml#CentOS
Reference for the NCPA Plugin API
https://www.nagios.org/ncpa/help.php#ap ... es-plugins
Also, there is a directive in the making
ncpa.cfg file to change the plugin path.
https://www.nagios.org/ncpa/help/2.0/configuration.html
Let me know if you have more questions or need further assistance.
Benjamin
Re: Check_user Plugin usage
Posted: Mon Nov 30, 2020 11:35 am
by RIDS_I2MP
Hi Team,
We want to know who exactly is logged in to the server that is username and its details like the time etc. We are already using check_users plugin to find out the number of users currently logged in to.
But now we want to even find who exactly is logged in via Nagios XI.
Please can you suggest us a solution. This is for Linux/Unix Environment where we have NRPE Agent Installed.
For Windows OS :
Please let us know how to find number of currently logged in users and also who exactly is logged in for Windows Servers as well.
Perhaps we have NSC Client installed on all Windows Hosts and there are roughly 800 hosts which we monitor via Nagios. Hence please suggest a solution on which there are no changes required to be made to NSC.ini or NSC.cfg file.
Re: Check_user Plugin usage
Posted: Wed Dec 02, 2020 10:44 am
by ssax
Re: Check_user Plugin usage
Posted: Tue Dec 08, 2020 1:23 pm
by RIDS_I2MP
Hi Team,
Kindly let us know how to use this plugin as well and what command should we create in Nagios API to use this script based plugin.
Also one more thing i found out show_users plugin for Linux which measure the number of users and also who exactly is logged in and based on that we can decide the warning and critical thresholds , so similar to this can you let us know the plugin for windows domain as well.
We again request you to suggest us a solution which is quick and easy as we all together monitor 1000+ hosts and modifying .cfg file is not feasible for us. Please provide us an alternative solution as well or any idea where we can fix this within much less changes.
Re: Check_user Plugin usage
Posted: Wed Dec 09, 2020 11:57 am
by ssax
Please follow this guide (it's the same process for windows/linux/etc):
https://support.nagios.com/kb/article/n ... a-722.html
For the Linux one, rename it to .sh before following the guide. You'll need to analyze the plugins you find in order to determine what commands you will want to use. For the check users one it has a help section that shows you how to call it and what options it supports:
Code: Select all
[nagios@xid ~]# sh showusers.sh -h
usage: showusers.sh [--simple] [ --mandatory username ] [ --unauthorized username ] [ --whitelist username ]
returns a list of users on the local machine
-s, --simple show users without the number of sessions
-m username, --mandatory username
Mandatory users. Return CRITICAL if any of these users are not
currently logged in
-u username, --unauthorized username
Unauthorized users. Returns CRITICAL if any of these users are
logged in. This can be useful if you have a policy that states
that you may not have a root shell but must instead only use
'sudo command'. Specifying '-u root' would alert on root having
a session and hence catch people violating such a policy.
-w username, --whitelist username
Whitelist users. This is exceptionally useful. If you define
a bunch of users here that you know you use, and suddenly
there is a user session open for another account it could
alert you to a compromise. If you run this check say every
3 minutes, then any attacker has very little time to evade
detection before this trips.
-m,-u and -w can be specified multiple times for multiple users
or you can use a switch a single time with a comma separated
list.
-V --version Print the version number and exit
Just running the plugin will show the logged in users.
For the Windows one, put it in checkusers.ps1 under the plugins directory on the system and then call it through the API.
Both of them can be called like this:
/usr/local/nagios/libexec/check_ncpa.py ... lugin.ext'
We again request you to suggest us a solution which is quick and easy as we all together monitor 1000+ hosts and modifying .cfg file is not feasible for us. Please provide us an alternative solution as well or any idea where we can fix this within much less changes.
None of the built-in functionality lists the users, if there isn't a built-in check for this your only option is to find an alternative plugin.
If you would like to see that feature in NCPA, you can submit a feature request here:
https://github.com/NagiosEnterprises/ncpa/issues