check_passwd_expiration

Submit review Recommend Print Contact Owner

Rating

2 votes

Favoured:

Current Version

1.1

Last Release Date

2014-06-05

Compatible With

Nagios 2.x
Nagios 3.x
Nagios 4.x

Owner

elioCanaleParola

Download URL

github.com/elio78/nagios

License

GPL

Hits

27414

Files:

File	Description
check_passwd_expiration	check_passwd_expiration
nagios_cmd	nagios_cmd

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Download Now

Monitoring Made Magically Better

Nagios Core on Overdrive
Powerful Monitoring Dashboards
Time-Saving Configuration Wizards
Open Source Powered Monitoring On Steroids
And So Much More!

Check linux account password expiration by scanning /etc/passwd file and verifying password expiration via chage command.
A list of account expiring in less than x days is displayed.
This plugin works only on Linux.

This nagios plugin checks the password expiration using the command chage.
The user running this plugin (nagios) must be allowed to run chage under root user
This implies to add an authorization via sudoer config file.
As an example, this is the file i added under /etc/sudoers.d directory :
#-------------------
User_Alias NAGIOS = nagios
NAGIOS ALL = NOPASSWD: /usr/bin/chage -l *
Defaults:NAGIOS !requiretty
#-------------------

The output is the following :
- PASSWD_EXPIRATION OK - ALL VALUES ARE OK!, Excluded account(s): [none]
- PASSWD_EXPIRATION CRITICAL - Exp < 5j:[root], Excluded account(s): [none]
- PASSWD_EXPIRATION WARNING - Exp < 6j:[accnt01, accnt02], Excluded account(s): [none]

help output :
check_passwd_expiration 1.1 [http://fr.linkedin.com/in/eliocanaleparola/]

GPL

Verify password expiration for all accounts defined within /etc/passwd

Usage: check_passwd_expiration

-?, --usage
Print usage information
-h, --help
Print detailed help screen
-V, --version
Print version information
--extra-opts=[section][@file]
Read options from an ini file. See http://nagiosplugins.org/extra-opts
for usage and examples.
-w, --warning=STRING
warning value in days. When a password will expire in days, a warning message is sent
-c, --critical=STRING
critical value in days. When a password will expire in days, a critical message is sent
-x, --exclusion=STRING
Excluded account list, Format: [account01:account02:account03:...]
-T, --trace=STRING
Activate trace mode if value different from 0
-t, --timeout=INTEGER
Seconds before plugin times out (default: 15)
-v, --verbose
Show details for command-line debugging (can repeat up to 3 times)

Reviews (1)

Script works in CentOS 7

byhemak88, May 8, 2018

Script works, but it has limitations as below:
- Warning is always overridden by critical value
- It can list only users with exact critical value. That is if password expiry days is 6 and critical value is set to 6, it will list username, but if expiry days is 5 and critical value, 6, it won't list username; only shows Critical status.
- To improve script more, you can include an option to "include" (same as exclude) users option

Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. All other servicemarks and trademarks are the property of their respective owner. The files and information on this site are the property of their respective owner(s). Nagios Enterprises makes no claims or warranties as to the fitness of any file or information on this website, for any purpose whatsoever. In fact, we officially disclaim all liability. We do, however, think these community contributions are pretty damn cool. Website Copyright © 2009-2024 Nagios Enterprises, LLC. All rights reserved.