Is there a Nagios plugin that uses Nmap and does port checking?

Question

I need to monitor open and closed ports on dozens of hosts. I've found a Nagios plugin that does what I need, but I would have to use this script through NRPE.

Some of the hosts are powered by Linux and they all have Perl installed. But some of them are Windows machines, and it's not convenient for me to install Perl on every one of them. That's why I can not use this plugin.

I hope that there's Nagios plugin that uses Nmap, or something similar, so it could check ports on every host remotely, without installing plugins on remote hosts, only on the server.

Answer 1

This guy has developed a nagios script for linux that does exactly what you are asking:

http://www.altsec.info/check_scan.html

I'm trying now to find a Windows equivalent

Miguel

Answer 2

What do you mean to check ports on hosts remotely? Do you just want to connect to the port to see if it is open? The check_tcp plugin will do that, if, that's what you want to do.

Not quite sure what you mean.

Answer 3

I suppose what you want is to make sure that there is no "positive" response on any port apart from a short whitelist. I can see how you would prefer not to have 65000 check_tcp:s on each host :)

Mind you, I'm not sure nagios is really your best bet for this. Partly, it risks being a test that is always red and also, if you are serious about it, you should not limit the check to hosts that you actually know about. This sits awkwardly with Nagios which expects a host as the basic unit of configuration.

Personally, I would probably have a separate tool that mailed me when something new shows up. In its most trivial form, this would be just a script that reacted to a non-zero diff of nmap output between today and yesterday and mailed me. In more complex form, such software tend to be sorted as IDSes which are not my expertise, but Google may be able to help.

Answer 4

It sounds like you need a nagios check for changes/alerts in pbnj

Use nagios to monitor the tool that tracks the changes, don't try to shim Nagios to track the changes.

Answer 5

i really like nagios. have been using it for years. i even do some oracle database management with it, but what nagios really is is an availability monitoring tool. i think what you are asking for is better fulfilled by another software like openvas or snort.