Nagios Plugin to monitor your FreeBSD Ports Tree for updates or installed
packages with known security vulnerabilities.
Latest version is check_ports-0.6.1
check_ports is a pure shell script. It uses portaudit(1) from ports-mgmt/portaudit. If you are monitoring your systems for port updates pkg_version(1) will be used.
If you are checking a jail with check_ports jexec(8) can be used. There is also an unprivileged check mode for jails which is much more slower.
check_ports is available as FreeBSD port net-mgmt/nagios-check_ports thanks to Anders Troback. Install is as easy as:
# cd /usr/ports/net-mgmt/nagios-check_ports
# make install clean
You will find check_ports at /usr/local/libexec/nagios/check_ports.
check_ports knows the following switches:
-h show help message
-v show version number
-a shows if any updates are available. This does not change the Nagios state.
-w shows if any updates are available. This changes the Nagios state to warning if there is an update
-p shows if the ports tree is older then 24 hours. Changes Nagios state to warning.
-r obsolete - check_ports does not use ports-mgmt/portupgrade anymore.
-j jailname check jail with jailname instead of main system. This switch can be combined with [-wapu]
-u check jail as unprivileged user. Very slow but you do not have to be root to execute this check.
-c check your environment for needed tools. Recommended before the first run to detect possibly unhandled errors.
check_ports can be called without arguments. The default behaviour is to check
installed packages against portaudit for known security vulnerabilites.
PORTS OK - 0 security problem(s).
If a security problem is found Nagios state will change to critical.
PORTS CRITICAL - 2 security problem(s).
If you want to monitor all of your ports and the age of your ports tree you can use this handy switch,
which won't change Nagios state to warning in case of updates:
PORTS OK - 0 security problem(s), 1 Package(s) available for upgrade, Ports Tree updated within the last 24h.
To monitor a jail within your host system with all ports and the ports tree age use this switch.
In case of any update it will return the warning state to Nagios:
./check_ports -wp -j jailname
PORTS WARNING - 0 security problem(s), 12 Package(s) available for upgrade, Ports Tree updated within the last 24h.
Please remember that check_ports uses jexec(8) to execute commandos within the jail. In this case jail_attach(2) is used which needs root privileges. If you want to monitor your jails that way you have to call the plugin with root priviliges (i.e. with sudo(8)). Otherwise you can use the unprivileged mode with the -u switch
10 Mar 2009: bugfix release v0.6.1
20 Feb 2009: release v0.6
- bug in unprivileged mode for jails at function run_main_jail() (thanks to Aleksandr Stankevic)
09 Mar 2008: first release to public
- use pkg_version(1) instead of portversion(1) (faster, no need to install ports-mgmt/portupgrade)
- added unprivileged mode (-u parameter), slow but now any user can run jail checks (thanks to Artem Sidorenko)
- fixed location of INDEX file, depending on release number (thanks to David Croal)
- replaced cut(1) with awk(1)
- check uid before executing jail check via jexec(8)
- general code cleanup
- removed spelling mistakes
- write a README
- wait on your feedback and improve the plugin
Questions, recommendations and bugs go to email@example.com.
Copyright (c) 2008-2009, Matthias Kellermann
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Back to adminlife.net