Nagios xi - monitored linux directory

dhoran · Post by **dhoran** » Tue Dec 17, 2024 10:54 am

hi,

I tried search & google, not finding an answer.

Is anyone monitoring directory user/group and permissions on monitored linux hosts

example: drwx------. 2 username usergroup 4096 Jun 21 10:37 .ssh

Alert if there are any changes to user/group or permissions ?

thanks
-david

bbahn · Post by **bbahn** » Tue Dec 17, 2024 11:56 am

Hello @dhoran,

You will need to create a custom plugin and execute it on the target machine with NCPA or NRPE, but it's definitely doable. If you only care if it changes from a specific set of values, you can create a simple plugin using something like the following to get the current permissions:

Code: Select all

#!/usr/bin/env bash

# Nagios plugin to check file permissions, owner, and group.
# Usage: ./check_file_permissions.sh /path/to/file expected_owner expected_group expected_mode

FILE_PATH="$1"
EXPECTED_OWNER="$2"
EXPECTED_GROUP="$3"
EXPECTED_MODE="$4"

if [[ -z "$FILE_PATH" || -z "$EXPECTED_OWNER" || -z "$EXPECTED_GROUP" || -z "$EXPECTED_MODE" ]]; then
  echo "Usage: $0 <file_path> <expected_owner> <expected_group> <expected_mode>"
  exit 3
fi

CURRENT_OWNER=$(stat -c "%U" "$FILE_PATH" 2>/dev/null)
CURRENT_GROUP=$(stat -c "%G" "$FILE_PATH" 2>/dev/null)
CURRENT_MODE=$(stat -c "%a" "$FILE_PATH" 2>/dev/null)

if [[ -z "$CURRENT_OWNER" || -z "$CURRENT_GROUP" || -z "$CURRENT_MODE" ]]; then
  echo "CRITICAL: Unable to stat $FILE_PATH (file not found or permission denied)."
  exit 2
fi

if [[ "$CURRENT_OWNER" == "$EXPECTED_OWNER" && \
      "$CURRENT_GROUP" == "$EXPECTED_GROUP" && \
      "$CURRENT_MODE" == "$EXPECTED_MODE" ]]; then
  echo "OK: $FILE_PATH permissions/owner/group match (owner=$CURRENT_OWNER, group=$CURRENT_GROUP, mode=$CURRENT_MODE)."
  exit 0
else
  echo "CRITICAL: Mismatch for $FILE_PATH (owner=$CURRENT_OWNER, group=$CURRENT_GROUP, mode=$CURRENT_MODE)"
  exit 2
fi

which can then be called with

Code: Select all

check_file_permissions.sh /root/.ssh username usergroup 700

If you need your plugin to track the permissions and continually check for any changes, you will need to make a somewhat more complicated plugin that saves the output somewhere, checks against that output and then echo/returns whether the output varied from the saved information.

Here's some documentation about adding plugins to Nagios xi: Managing Plugins in Nagios xi

dhoran · Post by **dhoran** » Tue Dec 17, 2024 12:56 pm

Hi @bbahn,

Thank you for the information, a couple of things.

The check_file_permissions.sh - do I need to put this on each monitored host or is this just installed and run from the server ?

Also, before I can run the command line test do I need to go thru the "Install your plugin" instructions ?

thanks
-david

bbahn · Post by **bbahn** » Wed Dec 18, 2024 5:19 pm

This particular plugin would need to be installed on each monitored host. You could make a modified version of the script where instead of running a remote script executor, you execute the commands through SSH. In that case, you would still need to enable SSH on those machines, but could run the commands from the xi machine. Otherwise, you will have to scp the plugin to your hosts.

Nagios Support Forum

Nagios xi - monitored linux directory

Nagios xi - monitored linux directory

Re: Nagios xi - monitored linux directory

Re: Nagios xi - monitored linux directory

Re: Nagios xi - monitored linux directory