forked from cbartlett/nagios-plugins
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcheck_scan.sh
executable file
·174 lines (137 loc) · 4.24 KB
/
check_scan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
#!/bin/bash
# check_scan.sh
# works as a nagios plugin to do an nmap scan of a system
# The difference between this script and what I've seen elsewhere
# is check_scan.sh provides a baseline of scan data for comparison.
#
# Copyright (C) 2005 Mark Stingley
# mark AT altsec.info
#
# If you need help with your security or systems administration,
# see http://www.altsec.info
#
# Dependencies: nmap, nagios, linux
#
# README: (1) check the variables below in the section named
# SET THESE VARIABLES. Also, verify the path for
# the GNU/Linux utilities referenced
# (2) the other requirement is a directory that the
# nagios user can write to. I used /etc/nagios,
# since the directories created there contain
# baseline nmap scan data
# (3) the scan files are kept in /etc/nagios/scancheck
# in the scans directory. The last scan is simply
# named by the ip address of the host, such as:
# 192.168.25.3. The baseline scan for that host
# would be 192.168.25.3.base
# (4) to modify the baseline and eliminate warnings
# about ports, edit the scan file IP-address.base
# in /etc/nagios/scancheck/scans. Just be sure
# that the data is a default "sort", or comparison
# won't work. The alternative is to simply cat
# the last scan file to the baseline, such as:
# cat #.#.#.# > #.#.#.#.base
#
# Installation: simply copy this script to your plugin directory,
# make sure it is executable and has the proper
# ownership
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# See http://www.gnu.org/licenses/licenses.html#GPL or write to the
# Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
# MA 02111-1307 USA
#
# Changelog:
# 20051011 revised from a 2004 script "scancheck.sh"
#
# ToDo:
# 1. rewrite in perl or C
# 2. incorporate exclusion lists
# 3. incorporate critical port lists
#
# - - - - - - - - SET THESE VARIABLES - - - - - - - - - - - -
BASEDIR=/etc/nagios/scancheck #where to keep everything
#must be nagios user writable
NMAPPATH=/usr/bin #where is nmap
#------------------------------------------------------------
#note... to run manually, you have to supply a dummy
#argument 1, since the ip address is arg2
IP=$2
if [ ! "$IP" ]; then
echo "No IP address supplied"
exit 0
fi
SCANDIR=$BASEDIR/scans
FILEDIR=$BASEDIR/files
CHANGED=0
INITIAL=0
if [ ! -d $BASEDIR ]; then
mkdir $BASEDIR
fi
if [ ! -d $SCANDIR ]; then
mkdir $SCANDIR
fi
if [ ! -d $FILEDIR ]; then
mkdir $FILEDIR
fi
if [ ! -f $SCANDIR/$IP.base ]; then
touch $SCANDIR/$IP.base
INITIAL=1
fi
SCANTIME=`/bin/date +%Y%m%d-%H%M`
/usr/bin/nmap -sT -P0 $IP | /bin/grep -w open | \
/usr/bin/sort > $SCANDIR/$IP
function get_changes
{
local flag
if [ "$1" == opened ]
then
flag="-2"
elif [ "$1" == closed ]
then
flag="-1"
fi
/usr/bin/comm $flag -3 $SCANDIR/$IP $SCANDIR/$IP.base \
| /usr/bin/awk '{print $1}' \
| /usr/bin/paste -s -d " " -
}
OPENED=`get_changes opened`
CLOSED=`get_changes closed`
if [ $INITIAL -eq 1 ]; then
/bin/cat $SCANDIR/$IP > $SCANDIR/$IP.base
echo "Initial scan"
exit 0
fi
# append_msg LABEL DATA
# Appends "$LABEL $DATA" to DIFFMSG if DATA is nonempty
# Also adds ", " between msgs if there are multiple
function append_msg
{
if [ -n "$2" ]
then
if [ -n "$DIFFMSG" ]
then
DIFFMSG="$DIFFMSG, "
fi
DIFFMSG="${DIFFMSG}$1 $2"
fi
}
if [ -n "$OPENED$CLOSED" ]; then
DIFFMSG=""
append_msg OPENED "$OPENED"
append_msg CLOSED "$CLOSED"
echo "Scan $SCANTIME: $DIFFMSG"
exit 1
else
echo "$SCANTIME: no change"
exit 0
fi