Security

auditd

Write a Review

Description:

Nagios plugin for monitoring auditd status and logged events.
This plugin uses ausearch, aureport to parse the auditd daemon logs and auditctl for daemon status.
Can be invoked as so:

./check_auditd –failedlogins 3,5 –anomalyevents 1,2 –events 280,300

OK – events=53 users=2 terminals=2 hostnames=1 executables=1 processIDs=11 rules=33 pid=621|
events=53;280;300; changesinconfiguration=0; changestoaccountsgroupsorroles=0; logins=0; failedlogins=0;3;5; authentications=0; failedauthentications=0; users=2; terminals=2; hostnames=1; executables=1; commands=0; files=0; AVCs=0; MACevents=0; failedsyscalls=0; anomalyevents=0;1;2; responsestoanomalyevents=0; cryptoevents=0; integrityevents=0; virtevents=0; keys=0; processIDs=11; rules=33; pid=621; lost=0; backlog=0;

Current Version

1.0

Last Release Date

June 1, 2021

Compatible With

  • Nagios 3.x
  • Nagios 4.x
  • Nagios XI

Owner

Henrik Lindgren

Website

https://github.com/HeLiBloks/check_auditd

Download URL

https://raw.githubusercontent.com/HeLiBloks/check_auditd/main/check_auditd

License

GPL

Copy Page Link Recommend Login to Add to Favorites Login to Claim
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Download Now

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Project Files
FileDescription
check_auditd
Project Notes
nagios plugin for monitoring auditd status and logged events bash-4.2$ ./check_auditd --failedlogins 3,5 --anomalyevents 1,2 --events 280,300 OK - events=53 users=2 terminals=2 hostnames=1 executables=1 processIDs=11 rules=33 pid=621| events=53;280;300; changesinconfiguration=0; changestoaccountsgroupsorroles=0; logins=0; failedlogins=0;3;5; authentications=0; failedauthentications=0; users=2; terminals=2; hostnames=1; executables=1; commands=0; files=0; AVCs=0; MACevents=0; failedsyscalls=0; anomalyevents=0;1;2; responsestoanomalyevents=0; cryptoevents=0; integrityevents=0; virtevents=0; keys=0; processIDs=11; rules=33; pid=621; lost=0; backlog=0; This plugin uses ausearch, aureport to parse the auditd daemon logs and auditctl for daemon status. nagios service configuration service config if using check_by_ssh ausearch has a feature that requires it to be started as a coproc over ssh, therefore the ampersand after check_auditd define service { service_description auditd check_command check_by_ssh!/usr/bin/sudo $USER1$/check_auditd -v -a '--failed' &! check_interval 10 register 1 } service config if using check_nrpe define service { service_description auditd check_command check_nrpe!/usr/bin/sudo $USER1$/check_auditd -v -a '--failed'! check_interval 10 register 1 } sudoers setup Add following to /etc/sudoers or /etc/sudoers.d/nagios nagios ALL=(root:ALL) NOPASSWD:/usr/lib64/nagios/plugins/check_auditd
Reviews (0) Add a Review
Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
0 (0)
Favorites
0
Views
3,757