Nrpe外掛新定義對重要檔案使用MD5判斷檔案被修改

Michael_DD發表於2014-11-12
Nrpe外掛新定義對重要檔案使用MD5判斷檔案被修改


1.  部署MD5檔案到/usr/local/nagios/libexec 目錄下,並注意檔案許可權

[root@localhost libexec]# ll | grep check_md5
-rwxrwx-wx  1 nagios nagios   2964 Aug 19 15:15 check_md5
[root@localhost libexec]#
[root@localhost libexec]# cat check_md5
#!/bin/sh
#
# Examples:
#
# Check file with md5...
#
#   check_md5.sh -F md5Logfile(/var/log/audit/md5check.log)
#

ECHO="/bin/echo"
TAIL="/usr/bin/tail"
MV="/bin/mv"
MD5SUM="/usr/bin/md5sum"

PROGNAME=`/bin/basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION="1.1.1"

. $PROGPATH/utils.sh

print_usage() {
    echo "Usage: $PROGNAME -F md5Logfile "
    echo "Usage: $PROGNAME --help"
    echo "Usage: $PROGNAME --version"
}

print_help() {
    print_revision $PROGNAME $REVISION
    echo ""
    print_usage
    echo ""
    echo "MD5 file check plugin for Nagios"
    echo ""
    support
}

if [ $# -lt 1 ]; then
    print_usage
    exit $STATE_UNKNOWN
fi

# Grab the command line arguments

exitstatus=$STATE_WARNING #default
while test -n "$1"; do
    case "$1" in
        --help)
            print_help
            exit $STATE_OK
            ;;
        -h)
            print_help
            exit $STATE_OK
            ;;
        --version)
            print_revision $PROGNAME $REVISION
            exit $STATE_OK
            ;;
        -V)
            print_revision $PROGNAME $REVISION
            exit $STATE_OK
            ;;
        --filename)
            md5logfile=$2
            shift
            ;;
        -F)
            md5logfile=$2
            shift
            ;;
        -x)
            exitstatus=$2
            shift
            ;;
        --exitstatus)
            exitstatus=$2
            shift
            ;;            
        *)
            echo "Unknown argument: $1"
            print_usage
            exit $STATE_UNKNOWN
            ;;
    esac
    shift
done

if [ ! -e $md5logfile ]; then
    $MD5SUM /etc/* > /var/log/audit/md5check.log
    $MD5SUM /bin/* >> /var/log/audit/md5check.log
    $MD5SUM /sbin/* >> /var/log/audit/md5check.log
    $MD5SUM /usr/local/bin/*  >> /var/log/audit/md5check.log
    $MD5SUM /usr/local/sbin/*  >> /var/log/audit/md5check.log
    $ECHO "md5log check data initialized...\n"
    exit $STATE_OK
fi

if [ ! -r $md5logfile ] ; then
    $ECHO "md5 Logfile error: md5 Log file $md5logfile is not readable!\n"
    exit $STATE_UNKNOWN
fi

count=`$MD5SUM -c /var/log/audit/md5check.log | grep "FAILED"|wc -l`
lastentry=`$MD5SUM -c /var/log/audit/md5check.log | grep "FAILED" | $TAIL -1 `

if [ "$count" = "0" ]; then # no matches, exit with no error
    $ECHO "md5 file check ok - 0 pattern matches found\n"
    exitstatus=$STATE_OK
else # Print total matche count and the last entry we found
    $ECHO "($count) $lastentry"
    exitstatus=$STATE_CRITICAL
###    exitstatus=$STATE_WARNING
    $MV /var/log/audit/md5check.log /var/log/audit/md5check_`/bin/date '+%Y%m%d_%H%M%S'`.log
    $MD5SUM /etc/* > /var/log/audit/md5check.log
    $MD5SUM /bin/* >> /var/log/audit/md5check.log
    $MD5SUM /sbin/* >> /var/log/audit/md5check.log
    $MD5SUM /usr/local/bin/*  >> /var/log/audit/md5check.log
    $MD5SUM /usr/local/sbin/*  >> /var/log/audit/md5check.log
fi

exit $exitstatus

[root@localhost libexec]#

2. 開啟/usr/local/nagios/etc/下的配置檔案nrpe.cfg 配置檢測命令加入一行
command[check_md5]=/usr/local/nagios/libexec/check_md5 -F /var/log/audit/md5check.log


3. 第一次執行
[root@localhost etc]# /usr/local/nagios/libexec/check_md5 -F /var/log/audit/md5check.log
/usr/bin/md5sum: WARNING: 11 of 530 computed checksums did NOT match
/usr/bin/md5sum: WARNING: 11 of 530 computed checksums did NOT match
(11) /sbin/mount.vmhgfs: FAILED/usr/bin/md5sum: /etc/abrt: Is a directory
/usr/bin/md5sum: /etc/acpi: Is a directory
/usr/bin/md5sum: /etc/alsa: Is a directory
/usr/bin/md5sum: /etc/alternatives: Is a directory
/usr/bin/md5sum: /etc/audisp: Is a directory
/usr/bin/md5sum: /etc/audit: Is a directory
/usr/bin/md5sum: /etc/avahi: Is a directory
/usr/bin/md5sum: /etc/bash_completion.d: Is a directory
/usr/bin/md5sum: /etc/blkid: Is a directory
/usr/bin/md5sum: /etc/bonobo-activation: Is a directory
/usr/bin/md5sum: /etc/certmonger: Is a directory
/usr/bin/md5sum: /etc/chkconfig.d: Is a directory
/usr/bin/md5sum: /etc/ConsoleKit: Is a directory
/usr/bin/md5sum: /etc/cron.d: Is a directory
/usr/bin/md5sum: /etc/cron.daily: Is a directory
/usr/bin/md5sum: /etc/cron.hourly: Is a directory
/usr/bin/md5sum: /etc/cron.monthly: Is a directory
/usr/bin/md5sum: /etc/cron.weekly: Is a directory
/usr/bin/md5sum: /etc/cups: Is a directory
/usr/bin/md5sum: /etc/dbus-1: Is a directory
/usr/bin/md5sum: /etc/default: Is a directory
/usr/bin/md5sum: /etc/depmod.d: Is a directory
/usr/bin/md5sum: /etc/dhcp: Is a directory
/usr/bin/md5sum: /etc/dnsmasq.d: Is a directory
/usr/bin/md5sum: /etc/dracut.conf.d: Is a directory
/usr/bin/md5sum: /etc/event.d: Is a directory
/usr/bin/md5sum: /etc/festival: Is a directory
/usr/bin/md5sum: /etc/fonts: Is a directory
/usr/bin/md5sum: /etc/foomatic: Is a directory
/usr/bin/md5sum: /etc/gconf: Is a directory
/usr/bin/md5sum: /etc/gcrypt: Is a directory
/usr/bin/md5sum: /etc/gdm: Is a directory
/usr/bin/md5sum: /etc/ghostscript: Is a directory
/usr/bin/md5sum: /etc/gnome-vfs-2.0: Is a directory
/usr/bin/md5sum: /etc/gnupg: Is a directory
/usr/bin/md5sum: /etc/gtk-2.0: Is a directory
/usr/bin/md5sum: /etc/hal: Is a directory
/usr/bin/md5sum: /etc/init: Is a directory
/usr/bin/md5sum: /etc/init.d: Is a directory
/usr/bin/md5sum: /etc/ipa: Is a directory
/usr/bin/md5sum: /etc/iproute2: Is a directory
/usr/bin/md5sum: /etc/java: Is a directory
/usr/bin/md5sum: /etc/jvm: Is a directory
/usr/bin/md5sum: /etc/jvm-commmon: Is a directory
/usr/bin/md5sum: /etc/kde: Is a directory
/usr/bin/md5sum: /etc/kdump-adv-conf: Is a directory
/usr/bin/md5sum: /etc/latrace.d: Is a directory
/usr/bin/md5sum: /etc/ld.so.conf.d: Is a directory
/usr/bin/md5sum: /etc/libreport: Is a directory
/usr/bin/md5sum: /etc/logrotate.d: Is a directory
/usr/bin/md5sum: /etc/lsb-release.d: Is a directory
/usr/bin/md5sum: /etc/lvm: Is a directory
/usr/bin/md5sum: /etc/makedev.d: Is a directory
/usr/bin/md5sum: /etc/maven: Is a directory
/usr/bin/md5sum: /etc/mcelog: Is a directory
/usr/bin/md5sum: /etc/modprobe.d: Is a directory
/usr/bin/md5sum: /etc/NetworkManager: Is a directory
/usr/bin/md5sum: /etc/ntp: Is a directory
/usr/bin/md5sum: /etc/oddjob: Is a directory
/usr/bin/md5sum: /etc/oddjobd.conf.d: Is a directory
/usr/bin/md5sum: /etc/openldap: Is a directory
/usr/bin/md5sum: /etc/opt: Is a directory
/usr/bin/md5sum: /etc/PackageKit: Is a directory
/usr/bin/md5sum: /etc/pam.d: Is a directory
/usr/bin/md5sum: /etc/pango: Is a directory
/usr/bin/md5sum: /etc/pcmcia: Is a directory
/usr/bin/md5sum: /etc/pki: Is a directory
/usr/bin/md5sum: /etc/plymouth: Is a directory
/usr/bin/md5sum: /etc/pm: Is a directory
/usr/bin/md5sum: /etc/polkit-1: Is a directory
/usr/bin/md5sum: /etc/popt.d: Is a directory
/usr/bin/md5sum: /etc/portreserve: Is a directory
/usr/bin/md5sum: /etc/postfix: Is a directory
/usr/bin/md5sum: /etc/ppp: Is a directory
/usr/bin/md5sum: /etc/prelink.conf.d: Is a directory
/usr/bin/md5sum: /etc/profile.d: Is a directory
/usr/bin/md5sum: /etc/pulse: Is a directory
/usr/bin/md5sum: /etc/rc0.d: Is a directory
/usr/bin/md5sum: /etc/rc1.d: Is a directory
/usr/bin/md5sum: /etc/rc2.d: Is a directory
/usr/bin/md5sum: /etc/rc3.d: Is a directory
/usr/bin/md5sum: /etc/rc4.d: Is a directory
/usr/bin/md5sum: /etc/rc5.d: Is a directory
/usr/bin/md5sum: /etc/rc6.d: Is a directory
/usr/bin/md5sum: /etc/rc.d: Is a directory
/usr/bin/md5sum: /etc/redhat-lsb: Is a directory
/usr/bin/md5sum: /etc/request-key.d: Is a directory
/usr/bin/md5sum: /etc/rhsm: Is a directory
/usr/bin/md5sum: /etc/rpm: Is a directory
/usr/bin/md5sum: /etc/rsyslog.d: Is a directory
/usr/bin/md5sum: /etc/rwtab.d: Is a directory
/usr/bin/md5sum: /etc/samba: Is a directory
/usr/bin/md5sum: /etc/sasl2: Is a directory
/usr/bin/md5sum: /etc/scl: Is a directory
/usr/bin/md5sum: /etc/security: Is a directory
/usr/bin/md5sum: /etc/selinux: Is a directory
/usr/bin/md5sum: /etc/setuptool.d: Is a directory
/usr/bin/md5sum: /etc/sgml: Is a directory
/usr/bin/md5sum: /etc/skel: Is a directory
/usr/bin/md5sum: /etc/snmp: Is a directory
/usr/bin/md5sum: /etc/sound: Is a directory
/usr/bin/md5sum: /etc/ssh: Is a directory
/usr/bin/md5sum: /etc/ssh_bak: Is a directory
/usr/bin/md5sum: /etc/ssl: Is a directory
/usr/bin/md5sum: /etc/sssd: Is a directory
/usr/bin/md5sum: /etc/statetab.d: Is a directory
/usr/bin/md5sum: /etc/sudoers.d: Is a directory
/usr/bin/md5sum: /etc/sysconfig: Is a directory
/usr/bin/md5sum: /etc/terminfo: Is a directory
/usr/bin/md5sum: /etc/udev: Is a directory
/usr/bin/md5sum: /etc/vmware-tools: Is a directory
/usr/bin/md5sum: /etc/wpa_supplicant: Is a directory
/usr/bin/md5sum: /etc/X11: Is a directory
/usr/bin/md5sum: /etc/xdg: Is a directory
/usr/bin/md5sum: /etc/xinetd.d: Is a directory
/usr/bin/md5sum: /etc/xml: Is a directory
/usr/bin/md5sum: /etc/yum: Is a directory
/usr/bin/md5sum: /etc/yum.repos.d: Is a directory

4. 第二次執行
[root@localhost etc]# /usr/local/nagios/libexec/check_md5 -F /var/log/audit/md5check.log
md5 file check ok - 0 pattern matches found
[root@localhost etc]#

5. 其他指令碼部署大同小異,不一一舉例。。

配置成功,可以直接在centreon上定義服務模板。。。

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29500582/viewspace-1329358/,如需轉載,請註明出處,否則將追究法律責任。

相關文章