title: Check IP restriction of Check_MK agent agents: linux, windows author: Mathias Kettner <mk@mathias-kettner.de> license: GPL distribution: check_mk description: This checks makes sure that the Check_MK agent on the target system has configured certain IP address based access restrictions. The check needs the agent to be configured with those restrictions. The windows agent is configured via an {.ini}-file. The Linux agent is configured via {/etc/xinetd.d/check_mk}. examples: # Expect agent to accecpt only localhost and one specific network check_mk_only_from_default = [ "192.168.56.0/30", "127.0.0.1" ] # Hosts with the tag 'dmz' should have an different configuration check_parameters += [ ( [ "10.0.0.0/8" ], [ "dmz" ], ALL_HOSTS, [ "Check_MK Agent Access" ] ), ] inventory: One check is created per host, if {check_mk_only_from_default} is explicitely set in {main.mk} and the agent provides an {OnlyFrom:} header in the section {<<<check_mk>>>}. [parameters] target_networks (list(string)): A python list of the allowed networks and IP addresses the agent should be configured for. The order of the entries is not relevant. To host addresses a {/32} will be appended automatically. [configuration] check_mk_only_from_default (list(string)): Default IP access configuration expected from agents. This variable must be set in order for the inventory to create checks, even if you configure more more specific parameters via {check_parameters}.