Ep. 41: Monitoring iptables with Checkmk

Please accept marketing cookies to watch this video.

[0:00:00] Verify your firewall rules configuration with the iptables plugin for Checkmk.
[0:00:14] Welcome to the Checkmk Channel. When you're running Linux servers in an insecure network or even just in a network segment which you are not very fond of or very sure if it's secure enough, you might want to use iptables on your Linux systems to be sure to have local firewalling on the Linux server, so you know what's going on.
[0:00:34] And of course, you want to be sure that those rules stay the same and are not changed during runtime by anyone. In Checkmk, we can do this with the iptables plugin.
[0:00:45] Once you roll it out, it will store the initial output of the iptables listing. And once this state changes on the iptable side, Checkmk will make you aware of it.
[0:00:57] So, let's take a look at how this is configured. The configuration is as easy as it gets.
[0:01:04] We can simply search for iptables. There we have the Agent rules. We add a rule. There's no configuration here. We simply deploy the plugin. Let's save that, activate changes. Then we go to the agent bakery.
[0:01:32] They can sign the agents. And then I'm going to switch quickly to the command line to perform another update.
[0:01:47] And now we can initially discover the iptable service. And what happens now once the server shows up is that the initial state will be saved, the Checkmk server will store it and compare it to the new output when there is future output.
[0:02:05] And only if the output of the plugin on the agent side is the same as the stored values on the Checkmk server, everything is fine. 
[0:02:14] If there is just the slightest change in the configuration, the Checkmk service will make you aware of that.
[0:02:28] So, here's our new service. We can see the Status detail already tells us Initial configuration has been saved. So, that means that is stored. We can simply add that service.
[0:02:42] And that's that. We activate changes. And now in case anything changes on the firewall side, we will be notified. Okay, there's our service, and in the summary, we see no changes in filters table detected.
[0:03:06] And that means everything's all right. As soon as something changes, then we will be aware of it because the state of the service will change.
[0:03:15] And that's how you can ensure that your iptables configuration stays the same or, at least, stays in a state in which it was at the time you discovered the service. 
[0:03:26] That concludes the video for today. Thank you guys so much for watching. Be sure to subscribe and I'll see you around.

Want to know more about Checkmk? Join us for our Introduction to Checkmk Webinar

Register now

More Checkmk Videos