Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: ghorst352 on July 29, 2013, 02:54:16 PM

Title: Create a NAGIOS Alert if more than one superuser exists on server
Post by: ghorst352 on July 29, 2013, 02:54:16 PM

I am trying to figure out how to write a plugin that contains conditional logic in regards to sending an alert if more than one superuser exists on the server. The only thing I have so far is the following command:

awk -F: '{if ($3 < 1) print $0}' < /etc/passwd

which prints --> root:x:0:0:root:/root:/bin/bash

This is close to what I need however I need this to report if the total count is more than one and I have no clue how to convert this into commands

So another words if I ran the same command and it printed the following then send an alert
awk -F: '{if ($3 < 1) print $0}' < /etc/passwd
root:x:0:0:root:/root:/bin/bash
super:x:0:0:super:/super:/bin/bash
-> send alert to Nagios

I need help with the script command and not the nagios part.  The nagios part I can take care of, it's the script command I cannot figure out.

Any help is appreciated.

Any help is appreciated.

Title: Re: Create a NAGIOS Alert if more than one superuser exists on server
Post by: _alex on July 29, 2013, 03:12:06 PM

Code: [Select]

[[ $(awk -F: '{if ($3 < 1) print $0}' < /etc/passwd | wc -l) -gt 1 ]] && echo alert

Title: Re: Create a NAGIOS Alert if more than one superuser exists on server
Post by: Stefano on July 29, 2013, 03:12:24 PM

not an answer but a question: why?

is there any possibility to have 2 or more superusers on the same server?

Title: Re: Create a NAGIOS Alert if more than one superuser exists on server
Post by: ghorst352 on July 30, 2013, 12:51:11 PM

Thanks Alex, this is the final syntax I came up with after utilizing the wc command.

#!/bin/bash

    count=$(awk -F: '{if ($3 < 1) print $0}' < /etc/passwd | wc -l)
    if [ $count -lt 2 ] ; then
        echo "OK"
        exit 0
    elif [ $count=2 ] ; then
        echo "CRITICAL - Multiple Superusers"
        exit 2
    fi

done

Stefano, in regards to your question the purpose of this is purely for security.  My systems only have one superuser so anything thereafter is reason for an alert.


Thanks.

Title: Re: Create a NAGIOS Alert if more than one superuser exists on server
Post by: CharlieBrady on August 08, 2013, 02:57:07 AM

Quote from: Stefano on July 29, 2013, 03:12:24 PM

is there any possibility to have 2 or more superusers on the same server?

Yes, it is possible to have two users with different names, but both with uid of 0. But this will only happen if 1) you do it, or 2) someone cracks the root account on the system. If 2) occurs, you can't rely on any script running to generate an alert. Just warning you...

I think your time is better spent making your system more secure than it is to add this 'shut-the-stable-door-after-the-horse-has-bolted' alert. But that's your decision to make. First thing I would do is disable any PHP programs.

Title: Re: Create a NAGIOS Alert if more than one superuser exists on server
Post by: ghorst352 on August 08, 2013, 11:51:38 AM

bump.