nagios 實時監控 iptables 狀態

【功能】：實時監控Iptables，防止人爲關閉後，忘了開啓，或者監控規則是否有增刪。

【說明】腳本來至官方，這個腳本是通過獲取iptables規則條數來判斷iptables是否正常。運行參數：./check_iptables.sh -T filter -r 1（filter爲表名） (1爲規則條數)原腳本是當檢測到的規則條數大於-r參數時提示正常，否則不正常。（我改成了當等於規則條數時，提示正常。如果你的規則是動態的增加的則可以改爲大於時提示正常）同時將當前用戶寫入/var/log/iptables/iptables.log中。

ps：當然這個腳本缺點是不能監控規則更改，不過目前我採用了另外一種方法。暫時不公開。

【設置】 

在nrpe端

1、新建iptables監控日誌目錄 /var/log/iptables/

2、將check_iptables.sh（在下面或下載附件）腳本授權並修改屬主放入..nagios/libexec/ 目錄中。

修改nrpe.cfg 添加 

command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh -T filter -r n   (n爲條數)

腳本調用了iptables，iptables默認只允許root調用。所以需要修改sudo

使用visodu命令添加以下語句，表示只允許nagios用戶不用密碼使用該條命令(包括參數)。使用其它iptables參數是不行的，可以自己測試。最大程度保障安全。

nagios ALL= NOPASSWD: /sbin/iptables -n -t filter -L

重啓nrpe進程。

（如果遇到nagios沒有權限調用iptables 則參考http://xikder.blog.51cto.com/1423200/785618處理方法） 

在nagios端

service中添加

define service {
        use                  web-service
        host_name             XX
        service_description   iptables_status
        check_command         check_nrpe!check_iptables
        }

檢測配置並重啓nagios。

【腳本】check_iptables.sh

#!/bin/bash
#
# Developers: Rhommel Lamas
# Purpose: Nagios Plugin for Iptables Rules load check
# Version 0.5
#
# ---------------------------------------- License -----------------------------------------------------
#
# This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# ---------------------------------------- Documentation -------------------------------------------------
#
# Documentation about iptables: ~:# man iptables
#
# This scripts is intended to be used to check if your iptables rules are set correctly load at any time,
#   I didn't find a better way to check if a server has your rules loaded so I check the number of
#   configured rules and if they are less than they should be Nagios will send an alert using it
#   notify service.
#
# -----------------------------------------------------------------------------------------------------
#  Plugin Description
# -----------------------------------------------------------------------------------------------------
#
# This Plugin handled 2 States
#   OK - The number of Iprules equal o more than the minimun that we setup on the -r variable
#   CRITICAL - The number of IPrules are less than the minimun required.
#   UNKNOWN - It could be something about validation on the parameters
#
# This plugin also send and log every check to the file $LOG so if the plugins goes critical we can se who
# disable the iptables comparing the time with the auth file.
#----------------------------------------------------------------------------------------------------------
#   Initialization
#----------------------------------------------------------------------------------------------------------
PARAM1=$1
TABLE=$2
MINRULES=$3
PARAM4=$4
LOG=/var/log/iptables/iptables.log
CHKIPTBLS=`sudo /sbin/iptables -n -t filter -L |wc -l`

#
# Parameter Validation
##

if [ "$PARAM1" != "-T" -o "$TABLE" == "" -o "$MINRULES" != "-r" -o "$PARAM4" == "" ]; then
        echo "Usage: $0 -T <table> -r <min rules>"
        echo ""
        exit 3
                # Nagios exit code 3 = status UNKNOWN = orange


if [ "$PARAM1" == "-h" ]; then
        echo ""
        echo "      -h = Display's this Help"
        echo "      -T = Table to check"
        echo "               Available Tables:"
        echo "                  nat"
        echo "                  mangle"
        echo "                  filter"
        echo "      -r = Minimun quantity of rules"
        echo ""
        # Nagios exit code 3 = status UNKNOWN = orange
                exit 3
   fi
fi

##
#   DO NOT MODIFY ANYTHING BELOW THIS
##

$CHKIPTBLS >/dev/null 2>/dev/null

if [ "$CHKIPTBLS" == 0 ]; then
    TOTRULES=$CHKIPTBLS
else
    TOTRULES=$[$CHKIPTBLS-8]
fi


if [ "$TOTRULES" == "$PARAM4" ]; then
                    echo "OK - Iptables are OK The Table $TABLE and Chain $CHAIN has $TOTRULES rules configured"
                    # Nagios exit code 0 = status OK = green
                    exit 0
else
                    echo " CRITICAL - Iptables are CRITICAL The Table $TABLE and Chain $CHAIN has $TOTRULES rules configured"
                    for i in `w  -h | cut -f1 -d" " | sort | uniq`
                    do

                        echo "`date '+%d/%m/%Y - %H:%M:%S'` - CRITICAL - $i is logged in and there are only $TOTRULES loaded" >> $LOG
                    done
                    # Nagios exit code 2 = status CRITICAL = red
                    exit 2
fi

 附件已上傳，在下面。