Initial revision

git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@2 f882894a-f735-0410-b71e-b25c423dba1c

1 files changed, 48 insertions, 0 deletions

diff --git a/contrib/aix/check_failed b/contrib/aix/check_failed
new file mode 100644
index 00000000..50cdf7e1
--- /dev/null
+++ b/contrib/aix/check_failed
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+#======================
+# Created May 25, 2000
+#======================
+
+# This scripts is for checking for failed root login attempts on
+# any machine running AIX which has a failedlogin file in /etc/security
+# The purpose is to thwart (good word) any unauthorised people from
+# even trying to log in as root. This plugin has been developed for Nagios
+# running on AIX.  
+# Lonny Selinger SpEnTBoY lonny@abyss.za.org
+# May
+
+
+my $server = $ARGV[0];
+
+if (!$ARGV[0]) {
+        print "You must specify a server to check\n";
+        print "usage: ./check_failed <Server Name>\n";
+        exit (-1);
+        } else {
+                open (DATE, "/bin/date '+%b %d' |");
+                while (<DATE>) {
+                        $dline = $_;
+                        @dresults = $dline;
+                        chop $dresults[0];
+                }       
+                open (SULOG, "rsh $server -l root who /etc/security/failedlogin | grep root |");
+                while (<SULOG>) {
+                        $line = $_;
+                        @results = split (/\s+/,$line);
+                        if ($line =~ /^root/) {
+                        if (join(' ', @results[2,3]) eq $dresults[0]) { 
+                                print "FAILED root login on $dresults[0], node: $ARGV[0] from $results[5]\n";
+                                exit(2);
+                        }
+                }
+        }
+}       
+if (join(' ', @results[2,3]) ne $dresults[0]) {
+        print "No Failed Root Logins on This Node\n";
+        exit(0);
+}
+exit(0);
+close(SULOG);
+close(DATE);
+
+