Monitoring our firewall's web UTM rules thanks to Centreon

Print Friendly, PDF & Email

A short time ago we put One post very similar, where we checked the UTM rules to see if a virus would sneak in. Today it is time to supervise that certain web content to which our dear users should not have access, Well, don't have it. This is, monitor that betting sites are effectively inaccessible, Pornographic, Social Media…

What I said, Today we will see something very useful, and it is nothing more than the idea of having a script that runs with the periodicity that interests us, and what this script does is try to visit websites that are prohibited in the organization. In this post we will use 1 script that will be executed from Centreon's own server, but we can extrapolate it to other remote Windows or Linux servers, who or should not have internet, or they must have it capped. And with this have the navigation assured.

To see this quick example, We can create this script /usr/lib/centreon/plugins/check_utm_web.sh:

#!/bin/bash

# The URL is passed as an argument when executing the script

# Make an HTTP HEAD request to the URL and capture the header in a response=$ variable(curl -k -s -I $1)

# Extract the HTTP header status code status_code=$(ECHO "$response" | grep HTTP | awk '{print $2}')

# Verify the status code of the if response [ "$status_code" == "200" ]; Then echo "CRITICAL: The website can be accessed $1."
    exit 2
Else done "OK: The UTM rule works perfectly and the $URL site cannot be accessed."
    exit 0
fi

If we look closely, the script will receive as an argument the website that it must visit, it will alert with CRITICAL if the website is accessible and with an OK if it cannot open the website.

So, in Centreon we can create a Commando (Configuration > Commands > Checks) where in the Command Line we put the path of the script to be executed, with 1 argument that it will be the website that we will check.

Once the Command is created, as you know we will create the N services we want, for example one that checks access to a sports website, or betting, or social networks, or pornographic… Each service will have its name and the argument filled in with the website that must be visited.

After recording and exporting your Centreon settings, if our machine is protected and does NOT navigate where it should NOT, Well, we'll have everything OK, The sites will not be accessible.

But, Like someone take the UTM, Protection in the firewall, Or some shit, Here we will find out and it will warn us that we can enter any website that we should not, or the organization does not allow us to, go.

A quick way to verify that our servers are not accessing where they should not, even with NRPE we could deploy it massively on the rest of the servers in our organization, and ensure that what has been said, Don't go to the internet, or at least to places not allowed…

As usual, We wish you all the best, A hug, Happy week, That goes great!!!

Recommended Posts

Monitoring Crowdsec with Centreon
Read
Monitorizando Tareas programadas con Centreon
Read
FortiGate metrics with Prometheus and Grafana
Read
Allowing specific users to escape Fortigate's web filtering
Read

Author

by Héctor Herrero 
nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Automated backup of Fortigate configuration

16 of May de 2024

Calendar management with Radicale

23 of May de 2024