check_dhcpd_leases.py (Advanced Nagios Plugins Collection)

Part of the Advanced Nagios Plugins Collection, download it here: https://github.com/harisekhon/nagios-plugins * Shows dhcp leases assigned by ISC DHCPd * Formatting is flexible, can show combination of Hostnames/IP/Macs * Can Alert on leases being handed out to unauthorized machines. This can use Hostnames/Mac Addresses, in the form of Whitelists/Blacklists or any combination of these things. Combine for maximum effect. If a machine trips any of those 4 lists an alert is raised by going Critical. Usage: check_dhcpd_leases.py [options] Options: -h, --help show this help message and exit -c, --compact-output Compact the output, do not list leases. Use thisto make sure Nagios gets perfdata as NRPE has a limit on the number of characters before it discards the rest -f LEASEFILE, --file=LEASEFILE, --lease-file=LEASEFILE Specify the dhcp lease file to use. Should be the current lease file that the ISC dhcp daemon uses to track it's leases -m, --mac Show mac addresses as well as Name/IP pairings -n, --no-name Do not display hostnames. When used by itself, this just shows assigned IP addresses. Can be used in conjunction with --mac in order to show only IP/Mac pairings -i, --sort-by-ip Change the output order to sort by IP rather than the default of sorting by hostname. If using --no-name this is implied -s, --no-summary Do not print the summary of the number of dhcp leases used -t TIMEOUT, --timeout=TIMEOUT Timeout in seconds before the plugin self terminates. This should never be needed but the Nagios coding guidelines recommend it and therefore it is implemented for completeness. Use this to specify a custom timeout period in seconds (should be an integer/whole number). Defaults to 30 seconds -w HOST_WHITELIST, --host-whitelist=HOST_WHITELIST Whitelist of known Hostnames. Raises alert if an IP has been issued to any machine with a Hostname not in this list. Considered weak since the hostname can be set on the client machine before requesting a dhcp lease. But it's there if you want it. Can be a nice extra layer to the defense in depth strategy when properly used with a Mac whitelist as well. Although Mac addresses can also be spoofed, some attackers may not think to spoof the hostname as well as the mac address. Should be a comma or space separated list, enclosed in quotes if using spaces. Hostnames are case insensitive -x HOST_BLACKLIST, --host-blacklist=HOST_BLACKLIST Blacklist of known Hostnames. Raises alert if an IP has been handed out to a machine with this Hostname. Can take a list of Hostnames, comma or space separated (enclose in quotes if using spaces). Can be combined with any Whitelist, in which case, blacklists always take preference over whitelists and raise an alert. Hostnames are case insensitive -y MAC_WHITELIST, --mac-whitelist=MAC_WHITELIST Whitelist of known Mac addresses. Raises alert if an IP has been issued to any machine with a Mac address not in this list. Although Mac addresses can be spoofed, this may not have been done when requesting the dhcp lease. For extra layers combine with --host- whitelist to form a nice additional tripwire. Should be a comma or space separated list, enclosed in quotes if using spaces. Valid Mac formats: aa:bb:cc:dd:ee:ff, or aa-bb-cc-dd-ee-ff or aabbccddeeff (case insensitive) -z MAC_BLACKLIST, --mac-blacklist=MAC_BLACKLIST Blacklist of known Mac addresses. Raises alert if an IP has been handed out to a machine with this Mac address. Can take a list of Macs, comma or space separated (enclose in quotes if using spaces). Can be combined with any Whitelist, in which case, blacklists always take preference over whitelists and raise an alert. Valid Mac formats: aa:bb:cc:dd:ee:ff, or aa-bb- cc-dd-ee-ff or aabbccddeeff (case insensitive) -V, --version Print version number and exit

You must be logged in to submit a review.

Your review has been submitted and is pending approval.

Your recommendation has been sent.

Project Overview Project Notes Reviews