Category: GNU/Linux@en

Nagios, Nconf and Nrpe Debian/Ubuntu part 3/3

NRPE configuration

Configuration in remote machine:
Create a new nagios user account and give it a password.
/usr/sbin/useradd nagios
passwd nagios

Download and extract nagios plugins
wget https://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz

apt-get install libssl-dev
tar zxvf nagios-plugins-1.5.tar.gz
cd nagios-plugins-1.5

Compile and install the plugins.
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

The permissions on the plugin directory and the plugins will need to be fixed at this point, so run the following commands.
chown nagios.nagios /usr/local/nagios
chown -R nagios.nagios /usr/local/nagios/libexec

Install the NRPE daemon as a service under xinetd.
apt-get install xinetd

wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
tar zxvf nrpe-2.15.tar.gz
cd nrpe-2.15

./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu/
make all

for 64bit users:
ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so
./configure
make all

Install the NRPE plugin (for testing), daemon, and sample daemon config file.
make install-plugin
make install-daemon
make install-daemon-config

Install the NRPE daemon as a service under xinetd.
make install-xinetd

Edit the /etc/xinetd.d/nrpe file and add the IP address of the monitoring server to the only_from directive.
only_from = 127.0.0.1 <nagios_ip_address>

save and exit
:wq

Add the following entry for the NRPE daemon to the /etc/services file.
nrpe 5666/tcp # NRPE

save and exit
:wq

Restart the xinetd service.
service xinetd restart

Test NRPE locally
Make sure the nrpe daemon is running under xinetd.
netstat -at | grep nrpe

The output out this command should show something like this:
tcp 0 0 *:nrpe *:* LISTEN

Configuration in Nagios Machine:
Install nrpe plugin in the machine that runs Nagios
wget http://sourceforge.net/projects/nagios/files/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
tar zxvf nrpe-2.15.tar.gz
cd nrpe-2.15

./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/i386-linux-gnu/
make all
make install-plugin

for 64bit users:
ln -s /usr/lib/x86_64-linux-gnu/libssl.so /usr/lib/libssl.so
./configure
make all
make install-plugin

Test the communication between host and remote machine.
/usr/local/nagios/libexec/check_nrpe -H <ip_address_remote_machine>

You should get a string like this:
NRPE v2.15

Configure Nconf with nrpe commands (some of them)
Inside the file /usr/local/nagios/etc/nrpe.cfg it is possible to see the following lines:

#Check current users
command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10      

#Current Load
command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,5 -c 30,25,20

#Root Partition
command[check_sda1]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /dev/sda1

#Zombie Processes
command[check_zombie_procs]=/usr/local/nagios/libexec/check_procs -w 5 -c 10 -s Z

#Total Processes
command[check_total_procs]=/usr/local/nagios/libexec/check_procs -w 150 -c 200

#Swap Usage
command[check_remote_swap]=/usr/local/nagios/libexec/check_swap -w 70% -c 90%

Before use the string check_disk make sure that /dev/xxx is same as you have for example:

df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       109G   18G   86G  17% /

Configure nconf to use nrpe:
In nconf menu click on add in checkcommands option and write:

check command name: check_users
default service name: Check Users
check command line: $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_users

Default service template: generic_service

then click on submit.

Now the command is ready and can be add as service in the configuration.

Nagios, Nconf and Nrpe Debian/Ubuntu part 2/3

installation and configuration of nconf 1.3.0

move to directory /var/www

cd /var/www
wget http://sourceforge.net/projects/nconf/files/nconf/1.3.0-0/nconf-1.3.0-0.tgz
tar zxvf nconf-1.3.0-0.tgz

cd /var/www/nconf
chmod 777 config/
chmod 777 output/
chmod 777 static_cfg/
chmod 777 temp/

on the browser type:

http://server_ip/nconf

Start Nconf configuration

Input the database configuration

Nconf path: /var/www/nconf

Nagios path: /usr/local/nagios/bin/nagios

For a better security enable "auth_enabled" and type a password.

Delete the following files before click on finish:

rm -rf INSTALL
rm -rf UPDATE
rm INSTALL.php
rm UPDATE.php

now click on finish and then insert username and password
username: admin
password: the one you chose

Bug: nconf has a bug. To solve it download the patch from this website:
http://forum.nconf.org/viewtopic.php?f=17&t=872#p3050

nconf-1.3.0-0_not_used_advanced_services_wont_be_written.patch.zip

unzip nconf-1.3.0-0_not_used_advanced_services_wont_be_written.patch.zip
cp nconf-1.3.0-0_not_used_advanced_services_wont_be_written.patch /var/www/nconf
patch -p0 --verbose < nconf-1.3.0-0_not_used_advanced_services_wont_be_written.patch

Hmm…  Looks like a unified diff to me…
The text leading up to this was:
————————–
|— bin/lib/NConf/ExportNagios.pm.orig    2011-12-24 13:57:38.620626845 +0100
|+++ bin/lib/NConf/ExportNagios.pm    2011-12-24 14:02:16.870751718 +0100
————————–
Patching file bin/lib/NConf/ExportNagios.pm using Plan A…
Hunk #1 succeeded at 1014.
Hunk #2 succeeded at 1078.
Hunk #3 succeeded at 1111.
done

Now copy nagios.cfg in /var/www/nconf/static_cfg
first create a backup copy of nagios.cfg

cp /usr/local/nagios/etc/nagios.cfg /usr/local/nagios/etc/nagios.cfg.orig
cp /usr/local/nagios/etc/nagios.cfg /var/www/nconf/static_cfg/

edit nconf.cfg in /var/www/nconf/static_cfg
vim nagios.cfg

comment all cfg_file e cfg_dir and insert these:

cfg_dir=/usr/local/nagios/etc/global
cfg_dir=/usr/local/nagios/etc/Default_collector

save and exit:
:wq

set the permissions etc and nagios.log
chmod 777 /usr/local/nagios/var/nagios.log
chmod -R 777 /usr/local/nagios/etc/

Another bug in nconf:

Add the line "define('CHECK_STATIC_SYNTAX', 0);" in the file /config/nconf.php

save and exit:
:wq

copy logos and images:

cp -R /var/www/nconf/img /usr/local/nagios/share/images

Configure the automatic deploy on nagios:

edit the file /var/www/nconf/config/deployment.ini
change the following lines as written here:

vim /var/www/nconf/config/deployment.ini

;; LOCAL deployment ;;

[extract config]
type        = local
source_file = "/var/www/nconf/output/NagiosConfig.tgz"
target_file = "/tmp/"
action      = extract

[copy collector config]
type        = local
source_file = "/tmp/Default_collector/"
target_file = "/usr/local/nagios/etc/Default_collector/"
action      = copy

[copy global config]
type        = local
source_file = "/tmp/global/"
target_file = "/usr/local/nagios/etc/global/"
action      = copy

[copy nagios.cfg]
type        = local
source_file = "/tmp/static_cfg/nagios.cfg"
target_file = "/usr/local/nagios/etc/nagios.cfg"
action      = copy
reload_command = "echo password | sudo /etc/init.d/nagios reload"

save and exit:
:wq

the reload of nagios must be done by the superuser, so my solution is  "echo password | sudo /etc/init.d/nagios reload"

Now Nconf is configured to interact with Nagios.

Nagios, Nconf and Nrpe Debian/Ubuntu part 1/3

Environment:
The only requirement for this guide is to have a debian or ubuntu

Install the necessary packages:
apt-get install wget build-essential apache2 php5-gd wget libgd2-xpm libgd2-xpm-dev libapache2-mod-php5

Download nagios and the plugin:

wget http://sourceforge.net/projects/nagios/files/nagios-4.x/nagios-4.0.1/nagios-4.0.1.tar.gz
wget https://www.nagios-plugins.org/download/nagios-plugins-1.5.tar.gz

# useradd nagios
groupadd nagcmd
usermod -a -G nagcmd nagios

tar zxvf nagios-4.0.1.tar.gz

Note: this Nagios version (4.0.1) has a bug in the map (statusmap.c). To solve this problem download and install the following patch before you start Nagios installation

Download the patch from this link:
http://tracker.nagios.org/view.php?id=470

Download the file: nagios-4-statusmap-2.patch

To apply the patch execute this command:

patch -p0 --verbose < patch_name

The patch fixes 2 files:
directory_nagios/cgi/statusmap.c
directory_nagios/common/objects.c

Even if this patch is for version 4.0.0, it also works for 4.0.1.
At first try the patch will fail, just manually enter the path to the source of nagios 4.0.1.

Now it is possible to install Nagios:

cd nagios-4.0.1

./configure --with-nagios-group=nagios --with-command-group=nagcmd --with-mail=/usr/bin/sendmail

make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf

cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/
chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

There is another bug in Nagios, namely in: /etc/init.d/nagios
you have to change everything with a "hack" code.
Download the code from this website and copy it inside /etc/init.d/nagios
http://support.nagios.com/forum/viewtopic.php?f=7&t=12038&start=20#p64091

Install daemon
apt-get install daemon

Now it is possible to start nagios

/etc/init.d/nagios start

You can create the admin user for nagios:

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

The plugin:

apt-get install libssl-dev

tar zxvf nagios-plugins-1.5.tar.gz

cd nagios-plugins-1.5

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Now if everything went well you should have your Nagios running on the browser:

http://<your.nagios.server.ip>/nagios

SSH and SCP without password

This is the procedure to connect through ssh or run scp between serverA and serverB without a password.

Notice:
I am not responsible for any kind of damage. You choose to follow this guide at your own risk.

ServerA
First of all, you need to generate public and private keys.
WARNING! Make sure that you do not already have the keys, otherwise they will be replaced with the new ones. Check their presence in /root/.ssh/

Generation of the key:

root@kali:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): (press enter)
Enter same passphrase again: (press enter)
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
77:c2:b2:59:7e:48:e1:bd:a9:c8:24:eb:ec:9a:18:2e root@kali
The key's randomart image is:

+–[ RSA 2048]—-+
|                 |
|                 |
|          .      |
|         o o     |
|        S B o    |
|         O + o   |
|  .   . + o +    |
|E. o o = . o     |
| .o o+= o .      |
+—————–+

The RSA public key is contained in the file /root/.ssh/id_rsa.pub

root@kali:~# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCRlQnl7KMpOviNWRf9ckQWeCx59nUpc3kiZMkd9aaAMRZaVmA8BYs3UvZRvLr7fcxKAyZPWLvSEbV5YiQqkwq7/mgpnG7UsVLjxG5q00UF/QrqT97Mzo4w1WX+6kTtPIaJwqyjXRb+dn3E8NhKuAGwyTVz5CB3zoa7NiWBG/f+c8gtAeJXreABAn3biv3FJkCFVfQLBFWT90a/C3Da9qoRhqUlYqwn06NCrlsG1zzDy0ag5V7cxIkrRrEFiLTS/fsdSqEqmBCZGI2enSZYhmaCG11p5n0HMnjizPC3BxVEcD7UrZn5CizkVw0FqXCe54b4WLtFPfjR4Mu2th1hyCr root@kali

Copy the key in the clipboard.

ServerB
Login to the serverB as root and add the serverA RSA public key to /root/.ssh/authorized_keys file.

root@serverB:~# vi /root/.ssh/authorized_keys
Paste the public key inside this file. If there is another key file, just add it in the next line.

Here is an example of how authorized_keys should look like:
root@serverB:~# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCRlQnl7KMpOviNWRf9ckQWeCx59nUpc3kiZMkd9aaAMRZaVmA8BYs3UvZRvLr7fcxKAyZPWLvSEbV5YiQqkwq7/mgpnG7UsVLjxG5q00UF/QrqT97Mzo4w1WX+6kTtPIaJwqyjXRb+dn3E8NhKuAGwyTVz5CB3zoa7NiWBG/f+c8gtAeJXreABAn3biv3FJkCFVfQLBFWT90a/C3Da9qoRhqUlYqwn06NCrlsG1zzDy0ag5V7cxIkrRrEFiLTS/fsdSqEqmBCZGI2enSZYhmaCG11p5n0HMnjizPC3BxVEcD7UrZn5CizkVw0FqXCe54b4WLtFPfjR4Mu2th1hyCr root@kali
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwWtdgN2UAgYC54h6z+g1fMeKMjQug5G27FfNtzS4Dw++Awf6hOh6QNfkMjPsGMzq4wg3l7fkz+9Baux83eT9x1Go/t0g0gi2tpssem1Vskvqqn3zwpktWPSTrZMWobK690h9RUVmdirMcLAB+iS47JQMapm+dI9AsD5tX6B4uSrZGAvXhYApj/CZrRcrrTYrdRE2WC9tFTC3XrzibxNqMqWXXkD+tqdnJSnMg/Zhbq3EyB8wPdCNd2e+QqdS3LRhYdW02Z1IskwxZp8SA6xbA5FGjCdxYyXcyijtqEAi2m+oAA1wrFtwnXWc+SGh6z32bZPFa1Fu38r4cSI7F0Cu9 root@debian

As you can see, there are 2 Public keys. It means that 2 servers can connect to ServerB without a password.

If you don't see .ssh in your root directory just create it with this command:
root@serverB:~# mkdir -p /root/.ssh/

If you don't see authorized_keys in your .ssh directory just create the one and paste the public key:
root@serverB:~# vi /root/.ssh/authorized_keys

Now it's time to test connection.
On serverA try to ssh in ServerB

root@kali:~# ssh root@serverB (or root@ip_Address)
root@serverB:~#     (this is the serverB prompt)