Is there a Nagios plugin that uses Nmap and does port checking?

I need to monitor open and closed ports on dozens of hosts. I've found a Nagios plugin that does what I need, but I would have to use this script through NRPE.

Some of the hosts are powered by Linux and they all have Perl installed. But some of them are Windows machines, and it's not convenient for me to install Perl on every one of them. That's why I can not use this plugin.

I hope that there's Nagios plugin that uses Nmap, or something similar, so it could check ports on every host remotely, without installing plugins on remote hosts, only on the server.

Well yes, I want to check for open and closed ports, but I need info for all of them, and I need to get warnings when state is changed. And, before all other things, I have to be able to run checks without plugin installation on remote hosts. check_tcp is not able to scan ALL ports on every host. At least I don't know a way to do it (except creating new command for every port, and that's too much, I'd rather make my own plugin :D) :D

What lmo suggests is absolutely the correct way to do it. You should be making a check for separate things, not writing a flakey check that will product inconsistent results. check_tcp is the proper way to check if a socket is open or closed.

I have to disagree. From a system Administration point of view, perhaps. From a security point of view, I often run point scanners and compare them against a baseline. I also don't quite know what a "flakey check" would be... Seems like a pretty simple check really. Have it do a nmap scan for each host. write to temp, compare against baseline. Error 0 if no changes, error 2 if there is.

Yeah, if you're worried that the machine has been compromised and a backdoor port has been opened a port open count/check would be useful. Infact I recall writing a small nagios plugin for that many years ago. The initial poster is a bit confused... to check a port you don't need to install nrpe or perl on remote machines. Nagios and check_tcp will check the TCP port status on as many remote machines and ports as you care to configure.

That configuration of wanted ports for performing check on them is a problem. I need to monitor ALL ports on ALL hosts. With check_tcp I would have to write 65535x4 configuration lines/host, because I need to specify every port with new command with check_tcp. That's something I don't want to do However,I started writing my own plugin that uses nmap and gets port range as a parameter. Because Im in hurry, I will do only basic functionality I need for now, but when I finish my tasks in few weeks, I hope I will improve it and upload on nagios plugins exchange. Maybe even put a link on it here...

Yes, I was already suggesting snort to my chiefs, but they did not agree for some reason. However, meanwhile I wrote my own plugin for monitoring changes on desired range of ports, using nmap. I'm thinking of uploading it to nagios exchange, but it's still rough, it needs some polishing... Maybe I upload it now and update it with new version once it's totally finished (once i have free time:D).