check_dhcp question

[Aaron Webber]

After an incident we have been tasked with detecting rogue DHCP servers on our network. Looking at the check_dhcp plugin it looks like it does 99% of what we need. My specific question relates to us making a change to the check_dhcp.c file and if it would work. My co-worker and I are not familiar enough with the language.

For the section:
               if(valid_responses==0)
                                result=STATE_CRITICAL;
                else if(requested_servers>0 && requested_responses==0)
                                result=STATE_CRITICAL;
                else if(requested_responses<requested_servers)
                                result=STATE_WARNING;
                else if(request_specific_address==TRUE && received_requested_address==FALSE)
                                result=STATE_WARNING;

If we were to add this after the first if
                Else if (valid_responses>1)
                                Result=STATE_CRITICAL;

Then compile the plugin per the github instructions from there would that alert if we had more than one DHCP response?

Regards,

[Aaron Webber]

Aaron Webber | Security Systems Engineer
awebber at insidesales.com<mailto:awebber at insidesales.com> | P: 877.210.0126 | F: 801.853.4089
LinkedIn<http://linkedin.com/company/82914>  |  Customer Testimonials<http://www.insidesales.com/about-us/customers#/?a=sig111>  |  Sales Rep Best Practices<https://www.youtube.com/user/officialinsidesales>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-plugins.org/archive/help/attachments/20180912/d900a6b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6057 bytes
Desc: image002.png
URL: <https://www.monitoring-plugins.org/archive/help/attachments/20180912/d900a6b3/attachment.png>