Nagios plugin to compare the file permissions of a file or directory against the actual permissions. For example use this plugin to check if /tmp in fact has the correct file mode of 1777, or if $HOME/.ssh has a mode of 600.
e.g.
check_file_per -f /tmp -p 1777 check_file_per -f /home/user/.ssh/authorized_keys -p 600
Below is the source
#!/bin/bash # # File permissions checker plugin for Nagios # Written by Senthil Nathan # Last Modified: Nov 26th 2014 # # Usage: ./check_file_per -f file directory/name -p file permissions in octal # # Description: To check file permissions against what the actuals are # # This plugin is used to compare the file permissions of a file or directory # against the actual permissions # # Output: # # File/Dir: <file/dir>, Expected Permission: 1999, Actual: 1999 # File/Dir Permissions Check OK # # Examples: # # Match file permissions against actual # # check_file_per -f /path/to/file -p Octal permissions value # # Check if /tmp has 1777 permissions # # check_file_per -f /tmp -p 1777 # # More examples (change $HOME to whatever home) # # check_file_per -f $HOME/.ssh/authorized_keys -p 600 # PROGNAME=`/usr/bin/basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="1.0" . $PROGPATH/utils.sh print_usage() { echo "Usage: $PROGNAME -f <file/directory> -p <permission in octal>" echo "Usage: $PROGNAME --help" echo "Usage: $PROGNAME --version" } print_help() { print_revision $PROGNAME $REVISION echo "" print_usage echo "" echo "Check file / directory permissions plugin for Nagios" echo "" support } # Make sure the correct number of command line # arguments have been supplied if [ $# -lt 1 ]; then print_usage exit $STATE_UNKNOWN fi # Grab the command line arguments exitstatus=$STATE_WARNING #default while test -n "$1"; do case "$1" in --help) print_help exit $STATE_OK ;; -h) print_help exit $STATE_OK ;; --version) print_revision $PROGNAME $REVISION exit $STATE_OK ;; -V) print_revision $PROGNAME $REVISION exit $STATE_OK ;; --file) thefile=$2 shift ;; -f) thefile=$2 shift ;; --permission) theper=$2 shift ;; -p) theper=$2 shift ;; *) echo "Unknown argument: $1" print_usage exit $STATE_UNKNOWN ;; esac shift done # Check begins here # #actualper=`/usr/bin/stat -c %a $thefile 2>&1` actualper=`/usr/bin/stat -c %a $thefile` if [ $? -eq 1 ]; then echo "File/Dir permission check error" exit $STATE_WARNING fi # if [ $actualper -ne $theper ]; then echo "File/Dir: $thefile, Expected Permission: $theper, Actual: $actualper" exit $STATE_CRITICAL fi if [ $actualper -eq $theper ]; then echo "File/Dir Permissions Check OK" exit $STATE_OK fi echo "File/Dir Permissions Check Unknown" exit $STATE_UNKNOWN