1 #!/usr/bin/perl
2 #======================
3 # Created May 25, 2000
4 #======================
6 # This scripts is for checking for failed root login attempts on
7 # any machine running AIX which has a failedlogin file in /etc/security
8 # The purpose is to thwart (good word) any unauthorised people from
9 # even trying to log in as root. This plugin has been developed for Nagios
10 # running on AIX.
11 # Lonny Selinger SpEnTBoY lonny@abyss.za.org
12 # May
15 my $server = $ARGV[0];
17 if (!$ARGV[0]) {
18 print "You must specify a server to check\n";
19 print "usage: ./check_failed <Server Name>\n";
20 exit (-1);
21 } else {
22 open (DATE, "/bin/date '+%b %d' |");
23 while (<DATE>) {
24 $dline = $_;
25 @dresults = $dline;
26 chop $dresults[0];
27 }
28 open (SULOG, "rsh $server -l root who /etc/security/failedlogin | grep root |");
29 while (<SULOG>) {
30 $line = $_;
31 @results = split (/\s+/,$line);
32 if ($line =~ /^root/) {
33 if (join(' ', @results[2,3]) eq $dresults[0]) {
34 print "FAILED root login on $dresults[0], node: $ARGV[0] from $results[5]\n";
35 exit(2);
36 }
37 }
38 }
39 }
40 if (join(' ', @results[2,3]) ne $dresults[0]) {
41 print "No Failed Root Logins on This Node\n";
42 exit(0);
43 }
44 exit(0);
45 close(SULOG);
46 close(DATE);