I made a following script that check every 5 minutes to check firewall is running or not, if firewall down that raise an alert only once, but following script generate an alert every 5 minutes according to cronjob:
FILE="/var/log/fwstatus"
CHK="/tmp/fwstatus"
service iptables status | if grep ESTABLISHED 1> /dev/null 2> /dev/null
then
rm -f $CHK
echo "Firewall Running on Server"
if test -f $CHK
then
echo "Not Sending an Email"
exit
fi
else
echo `date` | tee $FILE
echo | tee -a $FILE
echo "Firewall not Running" | tee -a $FILE
echo | tee -a $FILE
echo "Starting a Firewall Service" | tee -a $FILE
echo | tee -a $FILE
/scripts/fw-scripts/fw | tee -a $FILE (This is IPTABLES Script)
if test $? = 0
then
echo "FW Run" | tee -a $FILE
else
echo "FW Stop" | tee -a $FILE
fi
echo "Now sending mail"
$MAILPROG -s "$SUBJECT" "$EMAIL" < $FILE
echo "Creating Tmp File"
touch $CHK
fi
if test -f $CHK
then
# do nothing - it's existence means you sent an email already
# and hopefully that email made it to you :)
else
echo "Now sending mail"
$MAILPROG -s "$SUBJECT" "$EMAIL" < $FILE
echo "Creating Tmp File"
touch $CHK
fi
Also, I noticed this and don't believe these lines are required - you remove $CHK, and then do a test to see if it's there.
service iptables status | if grep ESTABLISHED 1> /dev/null 2> /dev/null
then
rm -f $CHK
echo "Firewall Running on Server"
line not needed ----> if test -f $CHK
line not needed ----> then
echo "Not Sending an Email"
exit
line not needed ----> fi