Security

check_passwd_expiration

Write a Review

Description:

Check linux account password expiration by scanning /etc/passwd file and verifying password expiration via chage command.
A list of account expiring in less than x days is displayed.
This plugin works only on Linux.

Current Version

1.1

Last Release Date

2014-06-05

Compatible With

  • Nagios 2.x
  • Nagios 3.x
  • Nagios 4.x

Owner

Elio Canale-Parola

Download URL

https://github.com/elio78/nagios

License

GPL

Copy Page Link Recommend Contact Owner Login to Add to Favorites
Project Files
FileDescription
check_passwd_expiration
nagios_cmd
Project Notes
This nagios plugin checks the password expiration using the command chage. The user running this plugin (nagios) must be allowed to run chage under root user This implies to add an authorization via sudoer config file. As an example, this is the file i added under /etc/sudoers.d directory : #------------------- User_Alias NAGIOS = nagios NAGIOS ALL = NOPASSWD: /usr/bin/chage -l * Defaults:NAGIOS !requiretty #------------------- The output is the following : - PASSWD_EXPIRATION OK - ALL VALUES ARE OK!, Excluded account(s): [none] - PASSWD_EXPIRATION CRITICAL - Exp < 5j:[root], Excluded account(s): [none] - PASSWD_EXPIRATION WARNING - Exp < 6j:[accnt01, accnt02], Excluded account(s): [none] help output : check_passwd_expiration 1.1 [http://fr.linkedin.com/in/eliocanaleparola/] GPL Verify password expiration for all accounts defined within /etc/passwd Usage: check_passwd_expiration -?, --usage Print usage information -h, --help Print detailed help screen -V, --version Print version information --extra-opts=[section][@file] Read options from an ini file. See http://nagiosplugins.org/extra-opts for usage and examples. -w, --warning=STRING warning value in days. When a password will expire in days, a warning message is sent -c, --critical=STRING critical value in days. When a password will expire in days, a critical message is sent -x, --exclusion=STRING Excluded account list, Format: [account01:account02:account03:...] -T, --trace=STRING Activate trace mode if value different from 0 -t, --timeout=INTEGER Seconds before plugin times out (default: 15) -v, --verbose Show details for command-line debugging (can repeat up to 3 times)
Reviews (1) Add a Review
Script works in CentOS 7
by hemak88, May 31, 2018

Script works, but it has limitations as below: - Warning is always overridden by critical value - It can list only users with exact critical value. That is if password expiry days is 6 and critical value is set to 6, it will list username, but if expiry days is 5 and critical value, 6, it won't list username; only shows Critical status. - To improve script more, you can include an option to "include" (same as exclude) users option


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
4 (2)
Favorites
0
Views
27,475