Initial commit of check_firewall_active (#28)

* Initial commit of check_firewall_active * Fixing things found in the review. Started work on rpm spec file * Fixing spec a bit * Fixing url
2016-12-21 12:40:29 +00:00 · 2016-12-21 12:40:29 +00:00 · 3501677f20
parent 6726f614ad
commit 3501677f20
4 changed files with 78 additions and 0 deletions
--- a/check_firewall_active/check_firewall_active.sh
+++ b/check_firewall_active/check_firewall_active.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+
+EXIT_OK=0
+EXIT_WARN=1
+EXIT_CRIT=2
+
+PATH=/sbin:/usr/sbin:$PATH
+
+if [ "$(id -u)" != "0" ]; then
+	echo "This script must be run as root" 1>&2
+	exit $EXIT_CRIT
+fi
+
+blocks=$(iptables -L -v -n | egrep 'REJECT|DROP' | wc -l)
+
+if [ $blocks -eq 0 ]; then
+	echo "CRITICAL: No firewall detected"
+	exit $EXIT_CRIT
+fi
+
+echo "OK: Firewall is active"
+exit $EXIT_OK
+
--- a/check_firewall_active/nagios-okplugin-check_firewall_active.spec
+++ b/check_firewall_active/nagios-okplugin-check_firewall_active.spec
@ -0,0 +1,50 @@
+%define debug_package %{nil}
+
+Summary:	A Nagios plugin to check if iptables are actually enforcing rules
+Name:		nagios-okplugin-check_firewall_active
+Version:	1.0.0
+Release:	1%{?dist}
+License:	GPLv2+
+Group:		Applications/System
+URL:		https://github.com/opinkerfi/nagios-plugins/issues
+Source0:	http://opensource.ok.is/trac/browser/nagios-plugins/check_firewall_active/releases/nagios-okplugin-check_firewall_active-%{version}.tar.gz
+Requires:	nagios-nrpe
+Requires:	iptables
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Packager:	Richard Allen <ra@ok.is>
+
+
+
+%description
+A Nagios plugin to check if iptables are actually enforcing rules
+
+
+%prep
+%setup -q
+#perl -pi -e "s|/usr/lib64|%{_libdir}|g" nrpe.d/check_firewall_active.cfg
+
+%build
+
+
+%install
+rm -rf %{buildroot}
+install -D -p -m 0755 check_firewall_active.sh %{buildroot}%{_libdir}/nagios/plugins/check_firewall_active.sh
+install -D -p -m 0755 nrpe.d/check_firewall_active.cfg %{buildroot}/etc/nrpe.d/check_firewall_active.cfg
+install -D -p -m 0644 sudoers.d/check_firewall_active %{buildroot}/etc/sudoers.d/check_firewall_active
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+#%doc README LICENSE
+%{_libdir}/nagios/plugins/*
+/etc/nrpe.d/check_firewall_active.cfg
+/etc/sudoers.d/check_firewall_active
+
+%post
+restorecon -v %{_libdir}/nagios/plugins/check_firewall_active.sh /etc/nrpe.d/check_firewall_active.cfg /etc/sudoers.d/check_firewall_active
+
+%changelog
+* Thu Dec 20 2016  Richard Allen <ra@ok.is> 0.1-1
+- Initial packaging
--- a/check_firewall_active/nrpe.d/check_firewall_active.cfg
+++ b/check_firewall_active/nrpe.d/check_firewall_active.cfg
@ -0,0 +1,3 @@
+
+
+command[check_firewall_active]=sudo /usr/lib64/nagios/plugins/check_firewall_active.sh
--- a/check_firewall_active/sudoers.d/check_firewall_active
+++ b/check_firewall_active/sudoers.d/check_firewall_active
@ -0,0 +1,2 @@
+Defaults:nrpe	!requiretty
+nrpe		ALL = (root) NOPASSWD: /usr/lib64/nagios/plugins/check_firewall_active.sh
				`@ -0,0 +1,3 @@`


				`command[check_firewall_active]=sudo /usr/lib64/nagios/plugins/check_firewall_active.sh`