(No Ratings Yet)
Loading...Sometimes our Pandora server (accessible from the Internet) is plagued with unexpected security and access violations. These include: API ACL violations, failed console logons and attempted console access without a session. Pandora logs these but they not easily accessible for analysis nor available for rapid response. These modules provide an explicit monitoring capability of these items.
To configure, place the mysql password in /usr/share/pandora/my.cnf file. There could be security concerns with this approach. Research for yourself.
my.cnf file example content (exactly 2 lines):
[client] password='fgjzsdmu'
* In the module sql strings below the spaces in ‘API access Failed’, ‘No session’, ‘Logon Failed’, need to be replaced with ‘\&\#x20;’ but remove the backslashes and outer quotes.
Module data
module_begin module_name APIACLViolations module_type generic_data module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(),INTERVAL - 5 MINUTE) AND (accion='API access Failed')" | tail -1 module_description API ACL violations at Pandora FMS server module_end
module_begin module_name NoSessionViolations module_type generic_data module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(), INTERVAL -5 MINUTE) AND (accion='No session')" | tail -1 module_description Console calls to Pandora FMS server without a valid session module_end
module_begin module_name FailedLogons module_type generic_data module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(), INTERVAL -5 MINUTE) AND (accion='Logon Failed')" | tail -1 module_description Failed browser logons to Pandora FMS server. module_end