Not sure if my response will help you since I take a slightly different
approach to monitoring basically the same thing. I am monitoring both
the ports actually being listened on, and the iptables configuration.
I'm using netstat -ltunp on the monitored server. Below is the plugin
script I am using. Actually, it really looks for CHANGES in open ports.
The first time it runs, it creates a file /var/run/checkPorts that
contains a list of all currently-open ports. Any time a port opens or
stops listening, the script generates an alert. If you expect a change
in the list of open ports, simply delete the file /var/run/checkPorts.
I also have a similar script that compares the actual iptables filter
tables with the ones specified, to see if the firewall may have opened
some port unexpectedly. That, too, has to run on the monitored machine.
If you want to check from the outside - such as from the nagios server -
you probably need to use nmap or the like, or you may be able to use an
SNMP query or similar to your firewall. Be aware that your firewall may
actually detect that type of probing as an intrusion attempt.
#!/bin/bash
result=0
# the PID in the output of netstat can legitimately change, so
# let's remove it. We also sort to be sure that the ordering
# doesn't cause any headaches later
netstat -ltunp | sed 's;[0-9]*/.*;;' | sort > /tmp/$$.checkPorts
if [ ! -f /var/run/checkPorts ]
then
cp /tmp/$$.checkPorts /var/run/checkPorts
echo -n "Created new compare file"
else
out=$(diff --ignore-all-space /tmp/$$.checkPorts /var/run/checkPorts)
if [ $? -ne 0 ]
then
result=1
echo "$out" | grep '[<>]' | awk '{ print $1, $5, $8; }' | sed -e
:a -e '$!N; s/\n/; /; ta'
else
echo -n "Only expected ports are open"
fi
fi
rm -f /tmp/$$.checkPorts
exit $result
Post by Matt BaerIs there a way that Nagios can monitor open ports, even if there isn't
anything listening on the destination? I'd like to monitor my open
ports on my firewall JUST to make sure they're open. I would just
specify the port with the normal Nagios command and point it at my
public IP address, but obviously, the check will fail unless something
is listening on the other end. Basically I want to port scan specific
ports. Any ideas?
--
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About
Office: 866-642-7116
http://www.4nettech.com
This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.