检查自由PKG审计Nagios \ 124;Icinga \ 124;Shinken \ 124;等。
checkpkgaudit的Python项目详细描述
内容
usage
此检查对您的主机及其运行中的监狱运行pkg审核
示例输出:
确定
CHECKPKGAUDIT OK - 0 vulnerabilities found ! | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0
关键
Critical state is reached with first vulnerable pkg. No warning, no configurable threasold, why waiting 2 or more vulnerabilities ?
We are talking about security vulnerabilities !
Of course, the plugin sum all the vulnerabilities and details each host|jail concerned
CHECKPKGAUDIT CRITICAL - found 2 vulnerable(s) pkg(s) in : ns2, ns3 | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=1;;@1:;0 ns3=1;;@1:;0 smtp=0;;@1:;0
Notice that summary returns the total amount problems :
found 2 vulnerable(s) pkg(s) in : ns2, ns3 but performance data is detailled by host|jail
未知
if an error occured during pkg audit, the plugin raises a check error, which returns an UNKNOWN state.
typically UNKNOWN causes
- pkg audit -F has not been runned on host or a jail
CHECKPKGAUDIT UNKNOWN - jailname Try running 'pkg audit -F' first | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0
- pkg -j jailname audit runned as a non sudoer user
CHECKPKGAUDIT UNKNOWN - jailname pkg: jail_attach(jailname): Operation not permitted | 'host.domain.tld'=0;;@1:;0
If you have running jails, sudo is your friend to run this plugin with an unprivileged user. A sample config here
icinga ALL = NOPASSWD: /usr/local/bin/check_pkgaudit
Install
checkpkgaudit可以通过 可以是easy_install或pip。
是否在虚拟环境中:
easy_install checkpkgaudit # or pip install checkpkgaudit
check_pkgaudit位于/usr/local/bin/check_pkgaudit
警告
SSL证书错误
如果在easy_install中遇到ssl证书错误, 您可能需要安装根证书捆绑包 来自Mozilla项目:
pkg install -y ca_root_nss
ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem
Nagios|icinga like configuration
check_pkgaudit可以本地或远程调用 通过check_by_ssh或nrpe。
按ssh检查
下面是通过ssh远程检查的示例定义
命令定义
define command{ command_name check_ssh_pkgaudit command_line $USER1$/check_by_ssh -H $HOSTADDRESS$ -i /var/spool/icinga/.ssh/id_rsa -C "sudo /usr/local/bin/check_pkgaudit" }
服务本身
define service{ use my-service host_name hostname service_description pkg audit check_command check_ssh_pkgaudit! }
ICinga2命令
object CheckCommand "pkgaudit" { import "plugin-check-command" import "ipv4-or-ipv6" command = [ PluginDir + "/check_by_ssh" ] arguments = { "-H" = "$address$" "-i" = "$ssh_id$" "-p" = "$ssh_port$" "-C" = "$ssh_command$" } vars.address = "$check_address$" vars.ssh_id = "/var/spool/icinga/.ssh/id_rsa" vars.ssh_port = "$vars.ssh_port$" vars.ssh_command = "sudo /usr/local/bin/check_pkgaudit" }
ICinga2服务
apply Service "pkgaudit" { check_command = "pkgaudit" assign where host.name == "hostname" }
nrpe
将此行添加到/usr/local/etc/nrpe.cfg
... command[check_pkgaudit]=/usr/local/bin/check_pkgaudit ...
nagios命令定义
define command{ command_name check_nrpe_pkgaudit command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_pkgaudit }
服务本身
define service{ use my-service host_name hostname service_description pkg audit check_command check_nrpe_pkgaudit }
testing
python bootstrap-buildout.py --setuptools-version=33.1.1 --buildout-version=2.5.2 bin/buildout -N bin/test
0.7.1 (2017-03-08)
- 自述文件改进–lcaracol
0.7 (2017-03-07)
- 用vnet jailshttps://github.com/jpcw/checkpkgaudit/issues/4–blqn修复丢失的ip jls输出
- 删除py2.6、py32并添加py3.6支持
0.6 (2016-03-14)
- 添加hastd–voileux的排除项
0.5 (2016-03-11)
- 添加对具有不同监狱和主机名的监狱的支持–stbx
0.4 (2015-03-21)
- 用可能的pypi ssl证书问题改进自述文件,提供解决方法
0.3 (2015-03-21)
- 修复安装自述文件错误–nicolas rahir nox
- 添加nrpe conf示例–nicolas rahir nox
0.2 (2015-03-06)
- 固定徽章
0.1 (2015-03-06)
- jean-philippe camguilhem<;jpcw_uu at_uuu camguilhem.net>;
Contributors
马蒂亚斯:lcaracol
达米安·拉科斯特:DAM64
托马斯·巴尔达奎因:blqn
西蒙·雷切尔:沃伊勒克斯
斯特芬·布兰德曼:机顶盒
尼古拉斯·拉希尔:氮氧化物
Jean-Philippe Camguilhem,作者