Recently one of our web servers got screwed up by accidentally disabling the PHP module.

As far as our Nagios was concerned everything was fine, because the main web page still gave back a nice 200 OK (wink)

To add insult to injury, the page that were served were unparsed PHP files, including all kinds of sensitive information such as database logins, file locations etc.

So, not good.

I came up with this check in commands.cfg (note that there are separate checks for HTTP and HTTPS):

 

define command{
        command_name    check_unparsed_php_http
        command_line    /usr/lib/nagios/plugins/check_http -I $HOSTADDRESS$ -H $ARG1$ -u $ARG2$ --invert-regex -r '^\s*<\?(php)?\s+'
}
define command{
        command_name    check_unparsed_php_https
        command_line    /usr/lib/nagios/plugins/check_http -I $HOSTADDRESS$ --ssl -H $ARG1$ -u $ARG2$ --invert-regex -r '^\s*<\?(php)?\s+' 
}

 

Then use this check for pages on your web server that you know should parse PHP. The arguments are the vhost name, and the URL:

define service
        use                             generic-service         ; Name of service template to use
        host_name                       cajones
        service_description             PHP parsing on www.tienhuis.nl
        is_volatile                     0
        normal_check_interval           30
        retry_check_interval            1
        contact_groups                  server-admins
        notification_interval           60
        notification_period             24x7
        notification_options            w,u,c,r
        check_command                   check_unparsed_php_http!www.tienhuis.nl!/~visser.p.php
        }

 

 

  • No labels