Welcome to the Pandora FMS Module Library

 
This is a library with modules, documentation and tools for Pandora FMS users, both public Open Source and Enterprise. Please use your support credentials (same as used to enter support/ticketing system) in the menu to your right. You will be granted access to a resourceful module library, such as Oracle, VMware, JBoss and others, ready to be used in production enviroments, with official professional support from Artica. If you do not own an enterprise account, you still can browse and download lots of modules, you can even register a free account and contribute with your own modules/tools for other public users.

Home > Security monitoring

Pandora Server Access Violations

Author: pmcdaid Create in: 05/17/2013 Update in: 05/17/2013
Rating:
Module type : Local module


Sometimes our Pandora server (accessible from the Internet) is plagued with unexpected security and access violations. These include: API ACL violations, failed console logons and attempted console access without a session. Pandora logs these but they not easily accessible for analysis nor available for rapid response. These modules provide an explicit monitoring capability of these items.
To configure, place the mysql password in /usr/share/pandora/my.cnf file. There could be security concerns with this approach. Research for yourself.
my.cnf file example content (exactly 2 lines):
[client]
password='fgjzsdmu'

* In the module sql strings below the spaces in 'API access Failed', 'No session', 'Logon Failed', need to be replaced with '\&\#x20;' but remove the backslashes and outer quotes.

Module data

module_begin
module_name APIACLViolations
module_type generic_data
module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(),INTERVAL - 5 MINUTE) AND (accion='API access Failed')" | tail -1
module_description API ACL violations at Pandora FMS server
module_end

module_begin
module_name NoSessionViolations
module_type generic_data
module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(), INTERVAL -5 MINUTE) AND (accion='No session')" | tail -1
module_description Console calls to Pandora FMS server without a valid session
module_end

module_begin
module_name FailedLogons
module_type generic_data
module_exec mysql --defaults-extra-file=/usr/share/pandora/my.cnf -upandora 'pandora' -s -e "SELECT COUNT(*) FROM tsesion WHERE fecha >= DATE_ADD(NOW(), INTERVAL -5 MINUTE) AND (accion='Logon Failed')" | tail -1
module_description Failed browser logons to Pandora FMS server.
module_end