Freewaregruppe Monitoring/Nagios-Plugins
Windows-Plugin:
Windows-Plugin: checks given NTFS Permissions on Windows systems based on information file
Download of this plugin only by mail request, please contact Support.
check_ntfs_permissions is a Windows-Plugin for Monitoring-Systems, which check NTFS Permissions on Windows systems (idea: kind of Health-Check for permissions, which are once set and should not be changed without notifying an administrator).
Windows Server 2003 R2 or newer
Configurationfile permissions.conf
Usually, this plugin is called without parameters.
C:> check_ntfs_permissions.exe
It can be used on english or german Windows OS.
Given permissions has to be read once to write them as hashes into the config file.
Executing the Plugin will read this config file and compares every hash with the permissions found in NTFS.
If comparison signals changes, they will errorlevel CRITICAL afterwards.
Config file permissions.conf looks like this:
<Path> = MD5-Hash
Hints:
if you are checking permissions on files or directories which have inherited rights, you must run the NSClient++ service in Usercontext!
Usually NSClient++ services runs in SYSTEM context.
The config file has to be protected against manipulation, esp. by users trying to change the hashes.
Preferably the plugin is copied into the script directory where you will store your checks under Windows
When using NSClient ++ an entry in NSC.INI similar to this is generated and pointing to the check-plugin:
... [/settings/NRPE/server] allow arguments=true [/settings/external scripts/server] allow arguments=true [/settings/external scripts/scripts] check_my_perms=c:\nsclient++\scripts\check_ntfs_permissions.exe ...
additionally the config file and its sample content:
C:> type c:\nsclient++\scripts\permissions.conf
... E:\Server Ordner\Arbeitsvorbereitung=FA20C5FE18235A4822DF526D36FBFE70 E:\Server Ordner\Ausbildung=11866B08542DA37982AC8D8EC6FF85AA E:\Server Ordner\Controlling=85ACFB98F02259BD63C29C121B716EB4 E:\Server Ordner\Entwicklung=6B8887B5F02A5F1881E3AEF7F59B2759 E:\Server Ordner\Entwicklung\KONSTR~1=1DBB43836E76B9AFE07ECEC74BEFAED3 E:\Server Ordner\Entwicklung\KONSTR~2=0E4F215855E79218180B92AEA98490EF E:\Server Ordner\Entwicklung\Deltas=98626837E63D57E9763714BFC6569018 E:\Server Ordner\GESCHF~1=9CCCF353E2F482A71332753B08FCE7B1 E:\Server Ordner\ISO9001=81CAEE441960775D131A321FD42CCE25 E:\Server Ordner\KompTeam=2DF44DF4C140D8381CE0F31A34F15360 E:\Server Ordner\Materialeinkauf=BCA2F6D8F83E6E32434C087713FEBD47 E:\Server Ordner\Materialverkauf=96EAD801C64352B6E35CA388410E7569 E:\Server Ordner\Multimedia=EF243715AC6918376A64B750C3D34F2F E:\Server Ordner\NETZPL~1=3B72C1007DC1BEA81C98D10B908869E4 E:\Server Ordner\Normen=9036BA187D9BDA7283D34EE30CF028EF E:\Server Ordner\Normen\Extras=8C83BDB53689186270300D885433DD37 E:\Server Ordner\Produktion=DA2CCEF9A1A48B5A8B6A212EFD96F6D1 E:\Server Ordner\Produktionsleitung=64CEC9ABEAD9CF6E3F10A49FFC8FF6FD E:\Server Ordner\QUALIT~1=7A62FB2348602BB358B11E4F8D0C702F E:\Server Ordner\QUALIT~2=4B4C13742E4819BBB9CA509FB941BE8E E:\Server Ordner\Recht=CA3868409AB039073C1A94DE4791ABCD E:\Server Ordner\Schulung=64402F6D2E94406974DBB728B17D05DA E:\Server Ordner\Vertrieb=27E27C97950A552EFE466B222CEA089F E:\Server Ordner\Vertriebsleitung=29F23F9A93628631E4AB60B306EF5E4F E:\Server Ordner\Verwaltung=A1A9D7BC58296146A90A7B085D5F7AAD E:\Server Ordner\Werkzeugeinkauf=493E36F7272F2D92312285D7581F0352 E:\Server Ordner\Zeichnungen=4F32E9B8AAABE5414E72DC33BDBE409F E:\Server Ordner\Zeichnungen\Vorlagen=0CA6D17D43EA0F9024473404A2CF627A E:\Server Ordner\Zeiterfassung=205AAFD72637EDB6ADA6E892834CD0D1 ...
The examples show some directorynames, which are written in its shortform – this is due to the fact, that we are using german Umlaute for it:
KONSTR~1 (for Konstruktionspläne), GESCHF~1 (for Geschäftsführung), NETZPL~1 (for Netzpläne) ect.
Configuration of the config file permissions.conf
Manual changes on config file:
– if you have to extend the config file just write an additional path with tailing equal sign.
Afterwards execute the plugin again, it will recognize the new path, read the NTFS permissions and write them as new hashes in the config file:
NTFS_Permissions OK: Folder checked: 1, Folder unchanged: 1, Folder changed: 0 – Permissions on folder C:\Temp\Testordner saved.
– if you need to change permissions: just delete the hash AND the equal sign after the path and execute the check again:
C:> check_ntfs_permissions.exe
OK: Folder checked: 29, Folder unchanged: 29, Folder changed: 0 – Permissions on folder E:\Server Ordner\Zeiterfassung saved.
– if you have to delete a check for a given line: just delete the whole line in the config file and execute the plugin again:
NTFS_Permissions OK: Folder checked: 28, Folder unchanged: 28, Folder changed: 0
For information on the plugin and its usage you can call it with the help command:
C:> check_ntfs_permissions.exe help
check_ntfs_permissions - Version 1.3
Copyright (C) 2014 LuftEngineering GmbH, Germany
Report Bugs to:info@luft-it.de
check_ntfs_permissions plugin for Nagios. Monitors NTFS folder permissions.
Usage:
timeout - Seconds before the plugin times out (default = 15)
version - Plugin version
help - Show this text
debug - Print details. NOT for use with nagios
check_ntfs_permissions
For debugging purposes, it may also be called with a more detailed output option (this mode is not suitable for continuous operation, but for testing purposes only).
Afterwards it will output the detailed status of the individual components:
C:> check_ntfs_permissions.exe debug
Timeout: 15 Configfile: c:\scripts\Permissions.conf Folder: E:\Server Ordner\Arbeitsvorbereitung, HASH: A20C5FE18235A4822DF526D36FB FE70 Permissions on folder E:\Server Ordner\Arbeitsvorbereitung not changed. Folder: E:\Server Ordner\Ausbildung, HASH: 11866B08542DA37982AC8D8EC6FF85AA Permissions on folder E:\Server Ordner\Ausbildung not changed. Folder: E:\Server Ordner\Controlling, HASH: 85ACFB98F02259BD63C29C121B716EB4 Permissions on folder E:\Server Ordner\Controlling not changed. Folder: E:\Server Ordner\Entwicklung, HASH: 6B8887B5F02A5F1881E3AEF7F59B2759 Permissions on folder E:\Server Ordner\Entwicklung not changed. Folder: E:\Server Ordner\Entwicklung\KONSTR~1, HASH: 1DBB43836E76B9AFE07ECEC74BE FAED3 Permissions on folder E:\Server Ordner\Entwicklung\KONSTR~1 not changed. Folder: E:\Server Ordner\Entwicklung\KONSTR~2, HASH: 0E4F215855E79218180B92AEA98 490EF Permissions on folder E:\Server Ordner\Entwicklung\KONSTR~2 not changed. Folder: E:\Server Ordner\Entwicklung\_JoHu, HASH: 98626837E63D57E9763714BFC65690 18 Permissions on folder E:\Server Ordner\Entwicklung\_JoHu not changed. Folder: E:\Server Ordner\GESCHF~1, HASH: 9CCCF353E2F482A71332753B08FCE7B1 Permissions on folder E:\Server Ordner\GESCHF~1 not changed. Folder: E:\Server Ordner\ISO TS 16949, HASH: 81CAEE441960775D131A321FD42CCE25 Permissions on folder E:\Server Ordner\ISO TS 16949 not changed. Folder: E:\Server Ordner\KompTeam, HASH: 2DF44DF4C140D8381CE0F31A34F15360 Permissions on folder E:\Server Ordner\KompTeam not changed. Folder: E:\Server Ordner\Materialeinkauf, HASH: BCA2F6D8F83E6E32434C087713FEBD47 Permissions on folder E:\Server Ordner\Materialeinkauf not changed. Folder: E:\Server Ordner\Meister, HASH: 96EAD801C64352B6E35CA388410E7569 Permissions on folder E:\Server Ordner\Meister not changed. Folder: E:\Server Ordner\Multimedia, HASH: EF243715AC6918376A64B750C3D34F2F Permissions on folder E:\Server Ordner\Multimedia not changed. Folder: E:\Server Ordner\NETZPL~1, HASH: 3B72C1007DC1BEA81C98D10B908869E4 Permissions on folder E:\Server Ordner\NETZPL~1 not changed. Folder: E:\Server Ordner\Normen, HASH: 9036BA187D9BDA7283D34EE30CF028EF Permissions on folder E:\Server Ordner\Normen not changed. Folder: E:\Server Ordner\NovelAlt, HASH: 8C83BDB53689186270300D885433DD37 Permissions on folder E:\Server Ordner\NovelAlt not changed. Folder: E:\Server Ordner\Produktion, HASH: DA2CCEF9A1A48B5A8B6A212EFD96F6D1 Permissions on folder E:\Server Ordner\Produktion not changed. Folder: E:\Server Ordner\Produktionsleitung, HASH: 64CEC9ABEAD9CF6E3F10A49FFC8FF 6FD Permissions on folder E:\Server Ordner\Produktionsleitung not changed. Folder: E:\Server Ordner\QUALIT~1, HASH: 7A62FB2348602BB358B11E4F8D0C702F Permissions on folder E:\Server Ordner\QUALIT~1 not changed. Folder: E:\Server Ordner\QUALIT~2, HASH: 4B4C13742E4819BBB9CA509FB941BE8E Permissions on folder E:\Server Ordner\QUALIT~2 not changed. Folder: E:\Server Ordner\Recht, HASH: CA3868409AB039073C1A94DE4791ABCD Permissions on folder E:\Server Ordner\Recht not changed. Folder: E:\Server Ordner\Schulung, HASH: 64402F6D2E94406974DBB728B17D05DA Permissions on folder E:\Server Ordner\Schulung not changed. Folder: E:\Server Ordner\Vertrieb, HASH: 27E27C97950A552EFE466B222CEA089F Permissions on folder E:\Server Ordner\Vertrieb not changed. Folder: E:\Server Ordner\Vertriebsleitung, HASH: 29F23F9A93628631E4AB60B306EF5E4 F Permissions on folder E:\Server Ordner\Vertriebsleitung not changed. Folder: E:\Server Ordner\Verwaltung, HASH: A1A9D7BC58296146A90A7B085D5F7AAD Permissions on folder E:\Server Ordner\Verwaltung not changed. Folder: E:\Server Ordner\Werkzeugeinkauf, HASH: 493E36F7272F2D92312285D7581F0352 Permissions on folder E:\Server Ordner\Werkzeugeinkauf not changed. Folder: E:\Server Ordner\Zeichnungen, HASH: 4F32E9B8AAABE5414E72DC33BDBE409F Permissions on folder E:\Server Ordner\Zeichnungen not changed. Folder: E:\Server Ordner\Zeichnungen_SWT, HASH: 0CA6D17D43EA0F9024473404A2CF627A Permissions on folder E:\Server Ordner\Zeichnungen_SWT not changed. Folder: E:\Server Ordner\Zeiterfassung, HASH: 205AAFD72637EDB6ADA6E892834CD0D1 Permissions on folder E:\Server Ordner\Zeiterfassung not changed. Folder: E:\Server Ordner\Testordner, HASH: 02CFD5DCAD90BAE6E6FDD65E608E6AAE Permissions on folder E:\Server Ordner\Testordner changed. NTFS_Permissions CRITICAL: Folder checked: 30, Folder unchanged: 29, Folder chan ged: 1 - Permissions on folder E:\Server Ordner\Testordner changed.
Check of several Directories, things are fine:
C:> check_ntfs_permissions.exe
FS_Permissions OK: Folder checked: 29, Folder unchanged: 29, Folder changed: 0
NTFS_Permissions OK: Folder checked: 29, Folder unchanged: 29, Folder changed: 0
Checking permissions on Directories, permissions have changed, comparison to config file :
C:> check_ntfs_permissions.exe
FS_Permissions CRITICAL: Folder checked: 30, Folder unchanged: 29, Folder changed: 1 - Permissions on folder E:\Server Ordner\Testordner changed.
NTFS_Permissions CRITICAL: Folder checked: 30, Folder unchanged: 29, Folder changed: 1 – Permissions on folder C:\Temp\Testfolder changed.
2014-12-04
1.3 – Use long directorynames
2014-10-11
1.2 – Support for german Umlaute in directorynames
2014-06-07
1.1 – Support for .Net 3.5
2013-29-07
1.0 – First version
check_ntfs_permissions is licensed under the GNU General Public License.
Joachim Luft will answer your questions to this plugin and is happy about your donation.
