Nagios Monitoring of Directories

I had a recent occurrence at work that caused me to look around for a tool to monitor a directory for any changes made. Since there didn’t seem to be anything out there, I created a check called dirchanged. It looks at all the files in a directory and creates an sha256 has of the names and contents of the files. That hash is compared to a known value to determine if there have been any changes made.

There are a couple of issues with this check specifically that it doesn’t look into subdirectories and that the hash for comparison is passed on the command line from within the Nagios configuration files. I think the first issue will be fixed soon enough w/ a flag to indicate if the directory tree is to be traversed. The second issue is more cumbersome in that the hash value has to be stored somewhere. I’m not yet certain that putting it in the Nagios configuration files is better than putting it somewhere on the target file system. From the security standpoint, having the check not stored on the target file system is better, much less chance of it being changed by bad guys.

I’ll let it run for a while and see how it behaves and if changes are warranted.

2 thoughts on “Nagios Monitoring of Directories”

  1. I had a linux Redhat tool years ago called Tripwire that did this. That project succumbed to bitrot long ago but it may have been revitalized. It was super useful and they had a pretty good security model that you might get some hints from, assuming the documentation is still around.

    I would love to have a tool like this to monitor my long term storage of files… family photos and such. Because bits on a hard drive sometimes flip, destroying files.

    1. I remember TripWire! Was a nice tool. Sadly, the server I need to monitor won’t allow me to install such nice tools. Hence writing a simple comparison tool.

      In terms of long term storage, I suggest you migrate to a modern file system. Say ZFS. It has built in protection for such silliness as cosmic bit twiddling.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>