Table of Contents

Nagios plugin for File Permissions

Nagios plugin to compare the file permissions of a file or directory against the actual permissions. For example use this plugin to check if /tmp in fact has the correct file mode of 1777, or if $HOME/.ssh has a mode of 600.

e.g.

check_file_per -f /tmp -p 1777
check_file_per -f /home/user/.ssh/authorized_keys -p 600

Below is the source

check_file_per
#!/bin/bash
#
# File permissions checker plugin for Nagios
# Written by Senthil Nathan
# Last Modified: Nov 26th 2014
#
# Usage: ./check_file_per -f file directory/name -p file permissions in octal
#
# Description: To check file permissions against what the actuals are
#
# This plugin is used to compare the file permissions of a file or directory
# against the actual permissions
#
# Output:
#
#  File/Dir: <file/dir>, Expected Permission: 1999, Actual: 1999
#  File/Dir Permissions Check OK
#
# Examples:
#
# Match file permissions against actual
#
#   check_file_per -f /path/to/file -p Octal permissions value
#
# Check if /tmp has 1777 permissions
#
#   check_file_per -f /tmp -p 1777
#
# More examples (change $HOME to whatever home)
#
#   check_file_per -f $HOME/.ssh/authorized_keys -p 600
#
 
PROGNAME=`/usr/bin/basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION="1.0"
 
. $PROGPATH/utils.sh
 
print_usage() {
    echo "Usage: $PROGNAME -f <file/directory> -p <permission in octal>"
    echo "Usage: $PROGNAME --help"
    echo "Usage: $PROGNAME --version"
}
 
print_help() {
    print_revision $PROGNAME $REVISION
    echo ""
    print_usage
    echo ""
    echo "Check file / directory permissions plugin for Nagios"
    echo ""
    support
}
 
# Make sure the correct number of command line
# arguments have been supplied
 
if [ $# -lt 1 ]; then
    print_usage
    exit $STATE_UNKNOWN
fi
 
# Grab the command line arguments
 
exitstatus=$STATE_WARNING #default
while test -n "$1"; do
    case "$1" in
        --help)
            print_help
            exit $STATE_OK
            ;;
        -h)
            print_help
            exit $STATE_OK
            ;;
        --version)
            print_revision $PROGNAME $REVISION
            exit $STATE_OK
            ;;
        -V)
            print_revision $PROGNAME $REVISION
            exit $STATE_OK
            ;;
        --file)
            thefile=$2
            shift
            ;;
        -f)
            thefile=$2
            shift
            ;;
        --permission)
            theper=$2
            shift
            ;;
        -p)
            theper=$2
            shift
            ;;
        *)
            echo "Unknown argument: $1"
            print_usage
            exit $STATE_UNKNOWN
            ;;
    esac
    shift
done
 
# Check begins here
 
#
#actualper=`/usr/bin/stat -c %a $thefile 2>&1`
actualper=`/usr/bin/stat -c %a $thefile`
if [ $? -eq 1 ]; then
  echo "File/Dir permission check error"
  exit $STATE_WARNING
fi
#
if [ $actualper -ne $theper ]; then
  echo "File/Dir: $thefile, Expected Permission: $theper, Actual: $actualper"
  exit $STATE_CRITICAL
fi
if [ $actualper -eq $theper ]; then
  echo "File/Dir Permissions Check OK"
  exit $STATE_OK
fi
echo "File/Dir Permissions Check Unknown"
exit $STATE_UNKNOWN