...
Without rules, the raw data that is being generated by the discovery scripts is useless. The rules are defined in the /etc/shinken/discovery_rules.cfg file.
Here is an example of how to
...
set the ftp host template host for anything that is detected by nmap with the TCP/21 port open:
| Code Block |
|---|
define discoveryrule {
discoveryrule_name FtpRule
creation_type host
openports ^21$
+use ftp
} |
...
- discoveryrule_name: should be unique
- creation_type: should be host
- openports: regexp about the port that will be match. The ^ and $ is for the regexp thing, so 21 and only 21 will be match, and not 210 for example.
- +use: This mentions the template from which the generated object will inherit from. You can add as many properties as you want.
...
| Port | Host template | |
|---|---|---|
| 27017 | mongodb | |
| 53 | dns | |
| 25 | smtp | |
| 465 | smtps | |
| 3306 | mysql | |
| 22 | ssh | |
| 110 | pop3 | |
| 995 | pop3s | |
| 9100 | printer-hp | |
| 1521 | oracle | |
| 80 | http | |
| 443 | https | |
| 1433 | mssql | |
| 2301 | hp-asm | |
| 143 | imap | |
| 993 | imaps | |
| 389 | ldap | |
| 636 | ldaps |
...
Security: nmap command parameters
Here are the the parameters used by the nmap command used by this module:
- -sU
- -sT
- --min-rate 1000
- --max-retries 3
- -T4
- -O