Today a friend of mine had his site hacked, and when browsing to the site with Google Chrome it warned me that the site was infected with malicious code. Awhile back I provided an article regarding Monitor MythTV with Nagios. I figured I could write a Nagios check to see if a given site was listed on the Google Safe Browsing list. While this is far from sophosticated, it should provide a good start to monitoring the Google list for problems. You should also consider monitoring for posted or hidden content on your front-page, but that won't always catch malicious hackers.
I first edited /etc/nagios/checkcommands.cfg and added:
define command {
command_name check_google_safebrowsing
command_line $USER1$/check_http -H www.google.com -u /safebrowsing/diagnostic?site=http://$ARG1$ -p 80 -s "This site is not currently listed as suspicious"
}
Next I edted the services.cfg file, adding:
# Service definition
define service{
use generic-service ; Name of service template to use
host_name nagioshost1
service_description GSB_techsneeze_com
is_volatile 0
check_period 24x7
max_check_attempts 2
normal_check_interval 360
retry_check_interval 30
contact_groups system-admins
notification_interval 480
notification_period nonsleeping
notification_options w,u,c,r
check_command check_google_safebrowsing!www.techsneeze.com
}
You'll notice that this check is not running supper frequently. We don't want to abuse Google's service, and we also can expect that they aren't checking your site all that frequently either. The check simply looks in the output “This site is not currently listed as suspicious” which indicates everything is OK (in theory) from Google's point of view.