From 802da30b9b500aa7b4549373871eb922ad0a2d52 Mon Sep 17 00:00:00 2001 From: Richard Allen Date: Wed, 21 Dec 2016 10:17:12 +0000 Subject: [PATCH] Initial commit of check_firewall_active --- .../check_firewall_active.sh | 23 +++++++++++++++++++ .../nrpe.d/check_firewall_active.cfg | 3 +++ .../sudoers.d/check_firewall_active | 2 ++ 3 files changed, 28 insertions(+) create mode 100755 check_firewall_active/check_firewall_active.sh create mode 100644 check_firewall_active/nrpe.d/check_firewall_active.cfg create mode 100644 check_firewall_active/sudoers.d/check_firewall_active diff --git a/check_firewall_active/check_firewall_active.sh b/check_firewall_active/check_firewall_active.sh new file mode 100755 index 0000000..4b6fd50 --- /dev/null +++ b/check_firewall_active/check_firewall_active.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +EXIT_OK=0 +EXIT_WARN=1 +EXIT_CRIT=2 + +PATH=/sbin:/usr/sbin:$PATH + +if [ "$(id -u)" != "0" ]; then + echo "This script must be run as root" 1>&2 + exit $EXIT_CRIT +fi + +blocks=$(iptables -L -v -n | egrep 'REJECT|DROP' | wc -l) + +if [ $blocks -eq 0 ]; then + echo "CRITICAL: No firewall detected" + exit $EXIT_CRIT +fi + +echo "OK: Firewall is active" +exit $EXIT_OK + diff --git a/check_firewall_active/nrpe.d/check_firewall_active.cfg b/check_firewall_active/nrpe.d/check_firewall_active.cfg new file mode 100644 index 0000000..44a13bc --- /dev/null +++ b/check_firewall_active/nrpe.d/check_firewall_active.cfg @@ -0,0 +1,3 @@ + + +command[check_firewall_active]=sudo /usr/lib/nagios/plugins/check_firewall_active.sh diff --git a/check_firewall_active/sudoers.d/check_firewall_active b/check_firewall_active/sudoers.d/check_firewall_active new file mode 100644 index 0000000..6e5008a --- /dev/null +++ b/check_firewall_active/sudoers.d/check_firewall_active @@ -0,0 +1,2 @@ +Defaults:nrpe !requiretty +nrpe ALL = (root) NOPASSWD: /usr/lib/nagios/plugins/check_firewall_active.sh