Security

check_heartbleed

Write a Review

Description:

check_heartbleed allows you to check for the Heartbleed Vulnerability (CVE-2014-0160) of openssl on various systems.
Version – 0.6 : Added TLSv1.0 and SSLv3.0 support
If no version is specified, checks all versions.
Altered output somewhat.
Added optional verbose output

Version – 0.5 : Added socket timeout option with default to 10 seconds
Changed no data received to unknown, was returning OK.

Version – 0.4 : Try: Except: on all socket interactions.
Spelling mistake.

Version – 0.3 : Properly catches socket connection error.
Reworking of internal logic
Alterations of some unknown messages

Version – 0.2 : Now works with Python 2.4+

Current Version

0.6

Last Release Date

2014-04-18

Compatible With

  • Nagios 2.x
  • Nagios 3.x
  • Nagios 4.x
  • Nagios XI

Owner

Scott Wilkerson

Copy Page Link Recommend Login to Add to Favorites
Project Notes
# /usr/local/nagios/libexec/check_heartbleed.py -h usage: check_heartbleed.py server [options] Test for SSL heartbeat vulnerability (CVE-2014-0160) options: -h, --help show this help message and exit -H HOST, --host=HOST Host to connect to (default: 127.0.0.1) -p PORT, --port=PORT TCP port to test (default: 443) -v VERSION, --version=VERSION TLS or SSL version to test [TLSv1.0(0), TLSv1.1(1), TLSv1.2(2), or SSLv3.0(3)] (default: all) -u, --udp Use TCP or UDP protocols, no arguments needed. This does not work presently, keep to TCP. (default: TCP) -t TIMEOUT, --timeout=TIMEOUT Plugin timeout length (default: 10) -V, --verbose Print verbose output, including hexdumps of packets. Example Usage: # ./check_heartbleed.py -H yahoo.com -p 443 -v 1 OK: yahoo.com TLSv1.0 is not vulnerable # echo $? 0 # ./check_heartbleed.py -H vulnerable.site.com -p 443 -v 1 CRITICAL: vulnerable.site.com TLSv1.0 is vulnerable # echo $? 2 # ./check_heartbleed.py -H vulnerable.site.com CRITICAL: Server vulnerable.site.com TLSv1.0 is vulnerable. TLSv1.1 is vulnerable. TLSv1.2 is vulnerable. SSLv3.0 is vulnerable. Example Command: define command { command_name check_heartbleed command_line $USER1$/check_heartbleed.py -H $HOSTADDRESS$ -p 443 -v 1 }
Reviews (8) Add a Review
Works great for some hosts but not others?
by CWSI, January 31, 2016

Hey, The plugin works great for some hosts, but is failing for a fairly large number, not sure if this is an issue at my side but I don't think so - [root@host scripts]# ./check_heartbleed.py -H www.google.com -p 443 OK: Server www.google.com TLSv1.0 is not vulnerable. TLSv1.1 is not vulnerable. TLSv1.2 is not vulnerable. SSLv3.0 is not vulnerable. [root@host scripts]# ./check_heartbleed.py -H www.test.com -p 443 UNKNOWN: Server www.test.com closed connection without sending Server Hello. Any thoughts?


Incorrect OK result with FortiOS
by fundacionrts, April 30, 2014

In Fortigate devices with FortiOS affected by Heartbleed (FGxxx-5.00-FW-build208-130603), plugin returns OK instead CRITICAL. When we check this devices with NMAP and ssl-heartbleed.nse script, the result is VULNERABLE.


Check_Heartbleed fixes
by egalstad, April 30, 2014

As of 14/4/14 (v0.3), All known issues with python 2.4+ should be resolved. There has been a -H flag per standard nagios plugins, and additional error handling. Please try it again and let us know if issues persist.


SyntaxError: invalid syntax
by emusic, April 30, 2014

hi, i've tried to use it on: rhel 5.x ( Package python-2.4.3-56.el5.x86_64 already installed) but i get the following error msg: --------------------------------------- :~>./check_hearbleed.py --------------------------------------- File "./check_hearbleed.py", line 62 pdat = ' '.join((c if 32


i am not able to execute.. throws connection refused
by knatesan1, April 30, 2014

Below is the steps I followed: 1. downloaded “Check_heartbleed.txt” to “check_heartbleed.py” 2. moved to “/usr/local/nagios/libexec/” 3. chmod –R 777 check_heartbleed.py I am getting below error if I execute the script.. any clue on this? [root@localhost libexec]# ./check_heartbleed.py 10.1.71.49 -p 443 Traceback (most recent call last): File "./check_heartbleed.py", line 151, in main() File "./check_heartbleed.py", line 132, in main s.connect((args[0], opts.port)) File "", line 1, in connect socket.error: [Errno 111] Connection refused


syntax error
by edgood1, April 30, 2014

Im getting a syntax error: File "./check_heartbleed.py", line 62 pdat = '.join((c if 32 python version: Python 2.4.3 (#1, Oct 23 2012, 22:02:41) [GCC 4.1.2 20080704 (Red Hat 4.1.2-54)] on linux2 Type "help", "copyright", "credits" or "license" for more information.


Getting error trying to run script
by MarkJenks, April 30, 2014

File "./check_heartbleed.py", line 62 pdat = '.join((c if 32


Syntax error
by nkrishna, April 30, 2014

Hi, I'm getting the following syntax error while executing the plugin. /usr/local/nagios/libexec/check_heartbleed.py localhost -p 443 -v 1 File "/usr/local/nagios/libexec/check_heartbleed.py", line 62 pdat = ''.join((c if 32


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Notes Reviews
Project Stats
Rating
4 (10)
Favorites
0
Views
36,392