1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
:

Sometimes our Pandora server (accessible from the Internet) is plagued with unexpected security and access violations. These include: API ACL violations, failed console logons and attempted console access without a session. Pandora logs these but they not easily accessible for analysis nor available for rapid response. These modules provide an explicit monitoring capability of these items.

To configure, place the mysql password in /usr/share/pandora/my.cnf file. There could be security concerns with this approach. Research for yourself.

my.cnf file example content (exactly 2 lines):

[client]
password='fgjzsdmu'

* In the module sql strings below the spaces in ‘API access Failed’, ‘No session’, ‘Logon Failed’, need to be replaced with ‘\&\#x20;’ but remove the backslashes and outer quotes.

Module data

module_begin
module_name APIACLViolations
module_type generic_data
module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(),INTERVAL - 5 MINUTE) AND (accion='API access Failed')" | tail -1
module_description API ACL violations at Pandora FMS server
module_end
module_begin
module_name NoSessionViolations
module_type generic_data
module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(), INTERVAL -5 MINUTE) AND (accion='No session')" | tail -1
module_description Console calls to Pandora FMS server without a valid session
module_end
module_begin
module_name FailedLogons
module_type generic_data
module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(), INTERVAL -5 MINUTE) AND (accion='Logon Failed')" | tail -1
module_description Failed browser logons to Pandora FMS server.
module_end
(Visited 88 times, 1 visits today)