– nagios check: the permissions on a file or directory

If you want to check the persmissions of a file or directory, you can use this plugin. The plugin is base on the check_file_age plugin.

#! /usr/bin/perl -w

# Copyright (C) 2011 Jasper Aikema
# Checks the permissions of a file.
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty
# GNU General Public License for more details.
# you should have received a copy of the GNU General Public License
# along with this program (or with Nagios); if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA

use strict;
use English;
use Getopt::Long;
use File::stat;
use vars qw($PROGNAME);
use lib "/usr/lib/nagios/plugins";
use utils qw (%ERRORS &print_revision &support);
use Fcntl ':mode';

sub print_help ();
sub print_usage ();

my ($opt_s, $opt_g, $opt_u, $opt_m, $opt_f, $opt_h, $opt_V);
my ($result, $result_string, $is_setuid, $mode, $st);


$opt_f = "";

  "V"   => \$opt_V, "version"     => \$opt_V,
  "h"   => \$opt_h, "help"        => \$opt_h,
  "f=s" => \$opt_f, "file"        => \$opt_f,
  "m=f" => \$opt_m, "mode=f"      => \$opt_m,
  "u"   => \$opt_u, "setuid"      => \$opt_u,
  "g"   => \$opt_g, "setgid"      => \$opt_g,
  "s"   => \$opt_s, "sticky"      => \$opt_s);

if ($opt_V) {
  print_revision($PROGNAME, '1.4.15');
  exit $ERRORS{'OK'};

if ($opt_h) {
  exit $ERRORS{'OK'};

$opt_f = shift unless ($opt_f);

if (! $opt_f) {
  print "FILE_PERMISSION UNKNOWN: No file specified\n";
  exit $ERRORS{'UNKNOWN'};

my @files = split(',', $opt_f);

$result = 'OK';
$result_string = '';

foreach my $file (@files) {

  # Check that file exists (can be directory or link)
  unless (-e $file) {
    print "FILE_PERMISSION CRITICAL: File not found - $file\n";
    exit $ERRORS{'CRITICAL'};

  $st = File::stat::stat($file);
  $mode = sprintf("%04o", $st->mode & 07777);

  if ($opt_m and $mode != $opt_m) {
    $result = 'CRITICAL';
    $result_string .= "the permissions of $file are $mode,";

  if ($opt_u and !($st->mode & S_ISUID)) {
    $result = 'CRITICAL';
    $result_string .= "the setuid bit of $file is not set,";

  if ($opt_g and !($st->mode & S_ISGID)) {
    $result = 'CRITICAL';
    $result_string .= "the setgid bit of $file is not set,";

  if ($opt_s and !($st->mode & S_ISVTX)) {
    $result = 'CRITICAL';
    $result_string .= "the sticky bit of $file is not set,";

if ($result_string eq '') {
  $result_string = 'the permissions of the file(s) are correct';
} else {
  $result_string =~ s/,$//;

print "FILE_PERMISSION $result: $result_string\n";
exit $ERRORS{$result};

sub print_usage () {
  print "Usage:\n";
  print "  $PROGNAME [-m ] [-u] [-g] [-s] -f \n";
  print "  $PROGNAME [-h | --help]\n";
  print "  $PROGNAME [-V | --version]\n";

sub print_help () {
  print_revision($PROGNAME, '1.4.15');
  print "Copyright (c) 2011 Jasper Aikema\n\n";
  print "\n";
  print "    The permissions of the file must be this value (default: 0644)\n";
  print "  <-u>    Check for the suid bit\n";
  print "  <-g>    Check for the guid bit\n";
  print "  <-s>    Check for the sticky bit\n";
  print "\n";

This entry was posted in werk and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *