Freeware and Plugins

Freewaregruppe Monitoring/Nagios-Plugins

check_ntfs_permissions

Windows-Plugin:

Windows-Plugin: checks given NTFS Permissions on Windows systems based on information file

Download of this plugin only by mail request, please contact Support.

Description

check_ntfs_permissions is a Windows-Plugin for Monitoring-Systems, which check NTFS Permissions on Windows systems (idea: kind of Health-Check for permissions, which are once set and should not be changed without notifying an administrator).

Requirements

Windows Server 2003 R2 or newer
Configurationfile permissions.conf

Documentation

Usually, this plugin is called without parameters.

C:> check_ntfs_permissions.exe

It can be used on english or german Windows OS.

Installation

Given permissions has to be read once to write them as hashes into the config file.
Executing the Plugin will read this config file and compares every hash with the permissions found in NTFS.
If comparison signals changes, they will errorlevel CRITICAL afterwards.

Config file permissions.conf looks like this:

<Path> = MD5-Hash

Hints:
if you are checking permissions on files or directories which have inherited rights, you must run the NSClient++ service in Usercontext!
Usually NSClient++ services runs in SYSTEM context.

The config file has to be protected against manipulation, esp. by users trying to change the hashes.

Preferably the plugin is copied into the script directory where you will store your checks under Windows

When using NSClient ++ an entry in NSC.INI similar to this is generated and pointing to the check-plugin:

...
 [/settings/NRPE/server] 
allow arguments=true  

[/settings/external scripts/server] 
allow arguments=true 
 
[/settings/external scripts/scripts] 
check_my_perms=c:\nsclient++\scripts\check_ntfs_permissions.exe
...

additionally the config file and its sample content:

C:> type c:\nsclient++\scripts\permissions.conf

...
E:\Server Ordner\Arbeitsvorbereitung=FA20C5FE18235A4822DF526D36FBFE70
E:\Server Ordner\Ausbildung=11866B08542DA37982AC8D8EC6FF85AA
E:\Server Ordner\Controlling=85ACFB98F02259BD63C29C121B716EB4
E:\Server Ordner\Entwicklung=6B8887B5F02A5F1881E3AEF7F59B2759
E:\Server Ordner\Entwicklung\KONSTR~1=1DBB43836E76B9AFE07ECEC74BEFAED3
E:\Server Ordner\Entwicklung\KONSTR~2=0E4F215855E79218180B92AEA98490EF
E:\Server Ordner\Entwicklung\Deltas=98626837E63D57E9763714BFC6569018
E:\Server Ordner\GESCHF~1=9CCCF353E2F482A71332753B08FCE7B1
E:\Server Ordner\ISO9001=81CAEE441960775D131A321FD42CCE25
E:\Server Ordner\KompTeam=2DF44DF4C140D8381CE0F31A34F15360
E:\Server Ordner\Materialeinkauf=BCA2F6D8F83E6E32434C087713FEBD47
E:\Server Ordner\Materialverkauf=96EAD801C64352B6E35CA388410E7569
E:\Server Ordner\Multimedia=EF243715AC6918376A64B750C3D34F2F
E:\Server Ordner\NETZPL~1=3B72C1007DC1BEA81C98D10B908869E4
E:\Server Ordner\Normen=9036BA187D9BDA7283D34EE30CF028EF
E:\Server Ordner\Normen\Extras=8C83BDB53689186270300D885433DD37
E:\Server Ordner\Produktion=DA2CCEF9A1A48B5A8B6A212EFD96F6D1
E:\Server Ordner\Produktionsleitung=64CEC9ABEAD9CF6E3F10A49FFC8FF6FD
E:\Server Ordner\QUALIT~1=7A62FB2348602BB358B11E4F8D0C702F
E:\Server Ordner\QUALIT~2=4B4C13742E4819BBB9CA509FB941BE8E
E:\Server Ordner\Recht=CA3868409AB039073C1A94DE4791ABCD
E:\Server Ordner\Schulung=64402F6D2E94406974DBB728B17D05DA
E:\Server Ordner\Vertrieb=27E27C97950A552EFE466B222CEA089F
E:\Server Ordner\Vertriebsleitung=29F23F9A93628631E4AB60B306EF5E4F
E:\Server Ordner\Verwaltung=A1A9D7BC58296146A90A7B085D5F7AAD
E:\Server Ordner\Werkzeugeinkauf=493E36F7272F2D92312285D7581F0352
E:\Server Ordner\Zeichnungen=4F32E9B8AAABE5414E72DC33BDBE409F
E:\Server Ordner\Zeichnungen\Vorlagen=0CA6D17D43EA0F9024473404A2CF627A
E:\Server Ordner\Zeiterfassung=205AAFD72637EDB6ADA6E892834CD0D1
...

The examples show some directorynames, which are written in its shortform – this is due to the fact, that we are using german Umlaute for it:
KONSTR~1 (for Konstruktionspläne), GESCHF~1 (for Geschäftsführung), NETZPL~1 (for Netzpläne) ect.

Configuration of the config file permissions.conf

Manual changes on config file:

– if you have to extend the config file just write an additional path with tailing equal sign.
Afterwards execute the plugin again, it will recognize the new path, read the NTFS permissions and write them as new hashes in the config file:

NTFS_Permissions OK: Folder checked: 1, Folder unchanged: 1, Folder changed: 0 – Permissions on folder C:\Temp\Testordner saved.

– if you need to change permissions: just delete the hash AND the equal sign after the path and execute the check again:

C:> check_ntfs_permissions.exe

OK: Folder checked: 29, Folder unchanged: 29, Folder changed: 0 – Permissions on folder E:\Server Ordner\Zeiterfassung saved.

– if you have to delete a check for a given line: just delete the whole line in the config file and execute the plugin again:

NTFS_Permissions OK: Folder checked: 28, Folder unchanged: 28, Folder changed: 0

For information on the plugin and its usage you can call it with the help command:

C:> check_ntfs_permissions.exe help

check_ntfs_permissions - Version 1.3
Copyright (C) 2014 LuftEngineering GmbH, Germany
Report Bugs to:info@luft-it.de

check_ntfs_permissions plugin for Nagios. Monitors NTFS folder permissions.

Usage:
     timeout  - Seconds before the plugin times out (default = 15)
     version  - Plugin version
     help     - Show this text
     debug    - Print details. NOT for use with nagios
 check_ntfs_permissions

For debugging purposes, it may also be called with a more detailed output option (this mode is not suitable for continuous operation, but for testing purposes only).
Afterwards it will output the detailed status of the individual components:

C:> check_ntfs_permissions.exe debug

Timeout: 15
Configfile: c:\scripts\Permissions.conf
Folder: E:\Server Ordner\Arbeitsvorbereitung, HASH: A20C5FE18235A4822DF526D36FB
FE70
Permissions on folder E:\Server Ordner\Arbeitsvorbereitung not changed.
Folder: E:\Server Ordner\Ausbildung, HASH: 11866B08542DA37982AC8D8EC6FF85AA
Permissions on folder E:\Server Ordner\Ausbildung not changed.
Folder: E:\Server Ordner\Controlling, HASH: 85ACFB98F02259BD63C29C121B716EB4
Permissions on folder E:\Server Ordner\Controlling not changed.
Folder: E:\Server Ordner\Entwicklung, HASH: 6B8887B5F02A5F1881E3AEF7F59B2759
Permissions on folder E:\Server Ordner\Entwicklung not changed.
Folder: E:\Server Ordner\Entwicklung\KONSTR~1, HASH: 1DBB43836E76B9AFE07ECEC74BE
FAED3
Permissions on folder E:\Server Ordner\Entwicklung\KONSTR~1 not changed.
Folder: E:\Server Ordner\Entwicklung\KONSTR~2, HASH: 0E4F215855E79218180B92AEA98
490EF
Permissions on folder E:\Server Ordner\Entwicklung\KONSTR~2 not changed.
Folder: E:\Server Ordner\Entwicklung\_JoHu, HASH: 98626837E63D57E9763714BFC65690
18
Permissions on folder E:\Server Ordner\Entwicklung\_JoHu not changed.
Folder: E:\Server Ordner\GESCHF~1, HASH: 9CCCF353E2F482A71332753B08FCE7B1
Permissions on folder E:\Server Ordner\GESCHF~1 not changed.
Folder: E:\Server Ordner\ISO TS 16949, HASH: 81CAEE441960775D131A321FD42CCE25
Permissions on folder E:\Server Ordner\ISO TS 16949 not changed.
Folder: E:\Server Ordner\KompTeam, HASH: 2DF44DF4C140D8381CE0F31A34F15360
Permissions on folder E:\Server Ordner\KompTeam not changed.
Folder: E:\Server Ordner\Materialeinkauf, HASH: BCA2F6D8F83E6E32434C087713FEBD47

Permissions on folder E:\Server Ordner\Materialeinkauf not changed.
Folder: E:\Server Ordner\Meister, HASH: 96EAD801C64352B6E35CA388410E7569
Permissions on folder E:\Server Ordner\Meister not changed.
Folder: E:\Server Ordner\Multimedia, HASH: EF243715AC6918376A64B750C3D34F2F
Permissions on folder E:\Server Ordner\Multimedia not changed.
Folder: E:\Server Ordner\NETZPL~1, HASH: 3B72C1007DC1BEA81C98D10B908869E4
Permissions on folder E:\Server Ordner\NETZPL~1 not changed.
Folder: E:\Server Ordner\Normen, HASH: 9036BA187D9BDA7283D34EE30CF028EF
Permissions on folder E:\Server Ordner\Normen not changed.
Folder: E:\Server Ordner\NovelAlt, HASH: 8C83BDB53689186270300D885433DD37
Permissions on folder E:\Server Ordner\NovelAlt not changed.
Folder: E:\Server Ordner\Produktion, HASH: DA2CCEF9A1A48B5A8B6A212EFD96F6D1
Permissions on folder E:\Server Ordner\Produktion not changed.
Folder: E:\Server Ordner\Produktionsleitung, HASH: 64CEC9ABEAD9CF6E3F10A49FFC8FF
6FD
Permissions on folder E:\Server Ordner\Produktionsleitung not changed.
Folder: E:\Server Ordner\QUALIT~1, HASH: 7A62FB2348602BB358B11E4F8D0C702F
Permissions on folder E:\Server Ordner\QUALIT~1 not changed.
Folder: E:\Server Ordner\QUALIT~2, HASH: 4B4C13742E4819BBB9CA509FB941BE8E
Permissions on folder E:\Server Ordner\QUALIT~2 not changed.
Folder: E:\Server Ordner\Recht, HASH: CA3868409AB039073C1A94DE4791ABCD
Permissions on folder E:\Server Ordner\Recht not changed.
Folder: E:\Server Ordner\Schulung, HASH: 64402F6D2E94406974DBB728B17D05DA
Permissions on folder E:\Server Ordner\Schulung not changed.
Folder: E:\Server Ordner\Vertrieb, HASH: 27E27C97950A552EFE466B222CEA089F
Permissions on folder E:\Server Ordner\Vertrieb not changed.
Folder: E:\Server Ordner\Vertriebsleitung, HASH: 29F23F9A93628631E4AB60B306EF5E4
F
Permissions on folder E:\Server Ordner\Vertriebsleitung not changed.
Folder: E:\Server Ordner\Verwaltung, HASH: A1A9D7BC58296146A90A7B085D5F7AAD
Permissions on folder E:\Server Ordner\Verwaltung not changed.
Folder: E:\Server Ordner\Werkzeugeinkauf, HASH: 493E36F7272F2D92312285D7581F0352

Permissions on folder E:\Server Ordner\Werkzeugeinkauf not changed.
Folder: E:\Server Ordner\Zeichnungen, HASH: 4F32E9B8AAABE5414E72DC33BDBE409F
Permissions on folder E:\Server Ordner\Zeichnungen not changed.
Folder: E:\Server Ordner\Zeichnungen_SWT, HASH: 0CA6D17D43EA0F9024473404A2CF627A

Permissions on folder E:\Server Ordner\Zeichnungen_SWT not changed.
Folder: E:\Server Ordner\Zeiterfassung, HASH: 205AAFD72637EDB6ADA6E892834CD0D1
Permissions on folder E:\Server Ordner\Zeiterfassung not changed.
Folder: E:\Server Ordner\Testordner, HASH: 02CFD5DCAD90BAE6E6FDD65E608E6AAE
Permissions on folder E:\Server Ordner\Testordner changed.
NTFS_Permissions CRITICAL: Folder checked: 30, Folder unchanged: 29, Folder chan
ged: 1 - Permissions on folder E:\Server Ordner\Testordner changed.

Examples

Check of several Directories, things are fine:

C:> check_ntfs_permissions.exe

FS_Permissions OK: Folder checked: 29, Folder unchanged: 29, Folder changed: 0

NTFS_Permissions OK: Folder checked: 29, Folder unchanged: 29, Folder changed: 0

Checking permissions on Directories, permissions have changed, comparison to config file :

C:> check_ntfs_permissions.exe

FS_Permissions CRITICAL: Folder checked: 30, Folder unchanged: 29, Folder changed: 1 - Permissions on folder E:\Server Ordner\Testordner changed.

NTFS_Permissions CRITICAL: Folder checked: 30, Folder unchanged: 29, Folder changed: 1 – Permissions on folder C:\Temp\Testfolder changed.

Changelog

2014-12-04
1.3 – Use long directorynames

2014-10-11
1.2 – Support for german Umlaute in directorynames

2014-06-07
1.1 – Support for .Net 3.5

2013-29-07
1.0 – First version

Copyright

check_ntfs_permissions is licensed under the GNU General Public License.

Autor

Joachim Luft will answer your questions to this plugin and is happy about your donation.

Freeware name

check_ntfs_permissions

  • System: Nagios Plugins and Addons
  • Date: 02.March 2017
  • Author: Joachim Luft
  • Version: 1.3

Category: Monitoring/Nagios-Plugins

Tags: Windows-Plugin