]> git.pld-linux.org Git - packages/nagios-plugin-check_iptables.git/blob - check_iptables.sh
projects / packages / nagios-plugin-check_iptables.git / blob
? search:


d10466de90d8a3258fbf8013d1d4486dd875732b
[packages/nagios-plugin-check_iptables.git] / check_iptables.sh
1 #!/bin/sh
2 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
3
4 PROGNAME=${0##*/}
5 PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
6 VERSION=0.2
7 ARGS="$*"
8
9 . $PROGPATH/utils.sh
10
11 iptables=/usr/sbin/iptables
12 sudo=/usr/bin/sudo
13 chain=INPUT
14 table=filter
15 verbose=0
16 warning=1
17 critical=1
18 setup_sudo=0
19
20 print_usage() {
21     echo "Usage: $PROGNAME -C CHAIN -t TABLE"
22     echo "Usage: $PROGNAME --help"
23     echo "Usage: $PROGNAME --version"
24 }
25
26 print_help() {
27         print_revision $PROGNAME $VERSION
28         echo ""
29         print_usage
30         echo ""
31         echo "This plugin tests if iptables has needed amount of rules loaded"
32         echo ""
33
34         echo "-C CHAIN"
35         echo "   Chain to list. Default: $chain"
36         echo "-t TABLE"
37         echo "   Table to list. Default: $table"
38         echo "-S"
39         echo "   Install sudo rules"
40         echo "-v"
41         echo "   Enable verbose run"
42         echo "--help"
43         echo "   Print this help screen"
44         echo "--version"
45         echo "   Print version and license information"
46         echo ""
47
48         support
49         exit 0
50 }
51
52 setup_sudoers() {
53         new=/etc/sudoers.$$.new
54         umask 0227
55         cat /etc/sudoers > $new
56         cat >> $new <<-EOF
57
58         # Lines matching CHECK_IPTABLES added by $0 $ARGS on $(date)
59         User_Alias CHECK_IPTABLES=nagios
60         CHECK_IPTABLES ALL=(root) NOPASSWD: $list_iptables
61         EOF
62
63         if visudo -c -f $new; then
64                 mv -f $new /etc/sudoers
65                 exit 0
66         fi
67         rm -f $new
68         exit 1
69 }
70
71 list_iptables() {
72         # if running as root, skip sudo
73         [ "$(id -u)" != 0 ] || sudo=
74
75         $sudo $list_iptables | grep -Fc /
76 }
77
78 while [ $# -gt 0 ]; do
79         case "$1" in
80         --help)
81                 print_help
82                 exit 0
83                 ;;
84
85         -h)
86                 print_help
87                 exit 0
88                 ;;
89
90         --version)
91                 print_revision $PROGNAME $VERSION
92                 exit 0
93                 ;;
94
95         -V)
96                 print_revision $PROGNAME $VERSION
97                 exit 0
98                 ;;
99
100         -v)
101                 verbose=1
102                 ;;
103
104         -S)
105                 setup_sudo=1
106                 ;;
107
108         -C)
109                 chain=$2; shift
110                 ;;
111
112         -t)
113                 table=$2; shift
114                 ;;
115
116         -w)
117                 warning=$2; shift
118                 ;;
119
120         -c)
121                 critical=$2; shift
122                 ;;
123
124         *)
125                 echo >&2 "Unknown argument: $1"
126                 print_usage
127                 exit $STATE_UNKNOWN
128                 ;;
129         esac
130         shift
131 done
132
133 rc=$STATE_UNKNOWN
134
135 list_iptables="$iptables -n -t $table -L $chain"
136
137 if [ "$setup_sudo" = 1 ]; then
138         setup_sudoers
139 fi
140
141 count=$(list_iptables)
142 if [ "$count" -lt "$critical" ]; then
143         rc=$STATE_CRITICAL
144         state=CRITICAL
145 elif [ "$count" -lt "$warning" ]; then
146         rc=$STATE_WARNING
147         state=WARNING
148 else
149         rc=$STATE_OK
150         state=OK
151 fi
152
153 echo "$state: $count iptables rules in $chain chain of $table table"
154
155 exit $rc
Nagios plugin to check count of iptables rules
This page took 0.053504 seconds and 2 git commands to generate.