Monitoring our firewall's UTM rules thanks to Eicar and Centreon

Print Friendly, PDF & Email

Something that I have told you many times, is that I find in many organizations half-assembled firewalls, This is (among others), that rules that protect end-user browsing are not enabled. That is, that viruses and malware can end up being downloaded. Today I propose a hodgepodge with Eicar and Centreon that maybe can help us.

Something as simple as a script that runs Centreon, every day (For example), and that script tries to download the Eicar virus test file. What do you think? And that if you can download it, it will give us a Critical notification, and if you can't download it (since our firewall should prevent it from doing so), Well, let it be an OK. Today in this post we will see this, but in other future posts other tests that we can do to our UTM firewall rules.

#!/bin/bash

# EICAR file URL URL="https://secure.eicar.org/eicar.com.txt"

# Path where the downloaded file will be stored OUTPUT_FILE="/TMP/eicar.com.txt"

# Download the EICAR file wget -q --spider $URL

# Check if the if file could be downloaded [ $? -Eq 0 ]; then wget --no-check-certificate -q $URL -O $OUTPUT_FILE if [ -e $OUTPUT_FILE ]; Then echo "CRITICAL: The EICAR file has been downloaded successfully, Check the security of your firewall."
        exit 2
    Else done "CRITICAL: The downloaded file could not be found."
        exit 2
    Faithful else "OK: Could not download EICAR file, perfect, Your firewall is blocking it."
    exit 0
fi

As simple as creating this script '/usr/lib/centreon/plugins/check_utm_virus.sh’ with the following content.

Nothing, Remember to make it executable (with CHMOD+X). And that's it, later it will be time to register the Command in Centreon, without arguments or anything.

And finally we will create the Service associated with the Command that we have just created.

The following result is if the firewall protects us.

And this other one if you download the file, We will have to get down to work and minimally secure the organization, What is this about users being able to download viruses!

If you find it interesting, In the future I can make a similar post, but that it is not only the Centreon machine that does the testing, but every Windows or Linux machine that we have in the organization. Or, I can also think of a different check, that tests Internet connectivity and alerts us when it has Internet a server (when they shouldn't have Internet), so that they don't escape us.

As usual, hoping that it will help you and inspire you in similar ideas or whatever, if we have everything well configured and minimally secure, we will avoid many cardiac arrests in our working lives. Have a good time, Be happy and eat partridges!

Recommended Posts

Monitorizando Tareas programadas con Centreon
Read
Deploying Crowdsec on a Linux machine
Read
Monitoring Crowdsec with Centreon
Read
FortiGate metrics with Prometheus and Grafana
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Centreon Lord Commander

5 of March of 2024

Shopping list with NFC and Home Assistant

12 of March of 2024