Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

2013-07-25 Thread Thilakraj . Shanmugam 
Hello All,

I have found the helpful fix after much of struggle, it might be useful someone 
want to configure and monitor Iptables status.

After write your own plugin, then keep it in /usr/local/nagios/libexec dir.


1.   open /etc/sudoers file and comment line as like below

#Defaultsrequiretty


2.   End of /etc/sudoers file mention the line as below



nagios servername= NOPASSWD: /sbin/iptables, 
/usr/local/nagios/libexec/check_nrpe

Note: Do remember to mention your own server name

Now you can test your plugin via check_NRPE and it will give you expected 
results.
Good Luck!

Kind Regards,
Thilakraj Shanmugam

From: Thilakraj.Shanmugam
Sent: Wednesday, 29 May 2013 3:39 PM
To: Nagios Users List
Subject: RE: Nagios Plugin for IPTABLES Monitoring

Hi Deborah et al,

I have tested with nagios user as well.. still no luck with that.  Could you 
some one update if you have any solution on this case.

Kind Regards,
Thilak

From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Ok - if I look at your output, manually,  when the plugin is run as the root 
user it produces the correct result.

But, you haven't said what the nrpe user is that is running on the remote node  
and whether the same manual run of the check produces the same output.
For example, I run remote plugins through nrpe as the nagios user so if I 
want to manually test a plugin on the remote node, I would first login as the 
nagios user to ensure I've got the same environment that would be used when 
running via nrpe. It might be that the variables you have set in the script 
only work as the root user. It's never a good idea to test as the root  user 
but only as the same user as that used by nagios or nrpe.

Regards,
Deborah

From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hi Deborah,  Thanks for the response..  please find the details below.


[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh 
  -  Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
   --  it shows firewall running   
( correct output )
[root@abc libexec]#


Client - NRPE config file

[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#


[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running 
   -  executing via check_nrpe 
  (  wrong output )
[root@abc libexec]#


NRPE Logs
-

May 14 18:52:28 abc nrpe[31158]: Added 
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p 
/db
May 14 18:52:28 abc nrpe[31158]: Added 
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p 
/app
May 14 18:52:28 abc nrpe[31158]: Added 
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic 
will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to 
be run...
May 14 18:52:28 abc nrpe[31158]: Running command: 
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and 
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running


Kind Regards,
Thilak


From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hi,
What is the wrong output being returned ? This might give us all a clue as to 
the cause of the problem.
When you run the check manually, are you doing this as the same user that 
check_nrpe will use ?

Regards,
Deborah



From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 08:43
To: 
nagios-users@lists.sourceforge.netmailto:nagios-users@lists.sourceforge.net
Subject: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Greetings!

Could someone send me nagios plugin which is tested and

Re: [Nagios-users] rpmbuild nagios-3.5.0

2013-07-25 Thread Randal, Phil 
Talking of DAG's RPMs, if you'd been using Nagios 3.2.3 from rpmforge, I've 
written a blog post on how to build Nagios 3.4.1 / 3.5.0 as a replacement, 
using same file locations.  The last postscript in the blog is the relevant 
stuff for 3.5.0.

http://www.rebee.clara.net/blog/archives/2012/05/entry_198.html

Cheers,

Phil


-Original Message-
From: Daniel Wittenberg [mailto:dwittenberg2...@gmail.com]
Sent: 24 July 2013 23:27
To: Nagios Users List
Subject: Re: [Nagios-users] rpmbuild nagios-3.5.0

FWIW - the spec file in 4.0 has been completely rewritten and should work a lot 
better, based on Dag's RPM's and merged my changes in and what I've been using 
for almost a year now.

Dan

On Jul 24, 2013, at 11:55 AM, frank ra...@they.org wrote:

 Just speaking for myself here, in my experience distro-level packaging
 usually isn't part of a project's goals and can be an extreme
 distraction considering the vast number of distros out there, all with
 their own little quirks. Spec files and other contrib items work their
 way into source trees and are useful until the 3rd party API changes
 and the original maintainers lose interest. I'd look into the checkin
 history of the spec file to see if anyone has been making regular
 updates. Or even easier, go get the SRPM from EPEL, which is known to
 work, and alter it as you see fit for your purposes.

 -f

 On Wed, 24 Jul 2013, alexus wrote:

 thank you for your recommendation) although I'd really like to know
 why it was ok on 3.2.3 and not ok going forward (seems like a bug to me that 
 needed to be reported back to nagios folks).


 On Wed, Jul 24, 2013 at 10:42 AM, Trond Hasle Amundsen 
 t.h.amund...@usit.uio.no wrote:
  alexus ale...@gmail.com writes:

 I'm unable to build RPM w/ nagios 3.5.0, last one that worked for me was 
 3.2.3.
 any ideas/suggestions?

 I'd recommend using the already prebuilt package for rhel6 which is
 available from EPEL[1]. Add the EPEL repo and you can simply do yum
 install nagios and be done :)

 [1] http://fedoraproject.org/wiki/EPEL

 Cheers,
 --
 Trond H. Amundsen t.h.amund...@usit.uio.no Center for Information
 Technology Services, University of Oslo

 -
 - See everything from the browser to the database with
 AppDynamics Get end-to-end visibility with application monitoring
 from AppDynamics Isolate bottlenecks and diagnose root cause in
 seconds.
 Start your free trial of AppDynamics Pro today!
 http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.
 clktrk ___
 Nagios-users mailing list
 Nagios-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nagios-users
 ::: Please include Nagios version, plugin version (-v) and OS when reporting 
 any issue.
 ::: Messages without supporting info will risk being sent to
 /dev/null




 --
 http://alexus.org/



 --
  See everything from the browser to the database with
 AppDynamics Get end-to-end visibility with application monitoring from
 AppDynamics Isolate bottlenecks and diagnose root cause in seconds.
 Start your free trial of AppDynamics Pro today!
 http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.c
 lktrk ___
 Nagios-users mailing list
 Nagios-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nagios-users
 ::: Please include Nagios version, plugin version (-v) and OS when reporting 
 any issue.
 ::: Messages without supporting info will risk being sent to /dev/null


--
See everything from the browser to the database with AppDynamics Get end-to-end 
visibility with application monitoring from AppDynamics Isolate bottlenecks and 
diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

Any opinion expressed in this e-mail or any attached files are those of the 
individual and not necessarily those of Hoople Ltd. You should be aware that 
Hoople Ltd. monitors its email service. This e-mail and any attached files are 
confidential and intended solely for the use of the addressee. This 
communication may contain material protected by law from being passed on. If 
you are not the intended recipient and have received this e-mail in error, you 
are advised that

Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

2013-07-25 Thread Thilakraj . Shanmugam 
Hello All,

Just to add on, I have done some readings and tested other option is


1.   open /etc/sudoers file and entry a line as like below



Defaults:nagios !requiretty

Note:  It means only nagios user not require a tty, but rest of others have.  I 
recommend, this is better option

From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: Thursday, 25 July 2013 5:37 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hello All,

I have found the helpful fix after much of struggle, it might be useful someone 
want to configure and monitor Iptables status.

After write your own plugin, then keep it in /usr/local/nagios/libexec dir.


1.   open /etc/sudoers file and comment line as like below

#Defaultsrequiretty


2.   End of /etc/sudoers file mention the line as below



nagios servername= NOPASSWD: /sbin/iptables, 
/usr/local/nagios/libexec/check_nrpe

Note: Do remember to mention your own server name

Now you can test your plugin via check_NRPE and it will give you expected 
results.
Good Luck!

Kind Regards,
Thilakraj Shanmugam

From: Thilakraj.Shanmugam
Sent: Wednesday, 29 May 2013 3:39 PM
To: Nagios Users List
Subject: RE: Nagios Plugin for IPTABLES Monitoring

Hi Deborah et al,

I have tested with nagios user as well.. still no luck with that.  Could you 
some one update if you have any solution on this case.

Kind Regards,
Thilak

From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 7:30 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Ok - if I look at your output, manually,  when the plugin is run as the root 
user it produces the correct result.

But, you haven't said what the nrpe user is that is running on the remote node  
and whether the same manual run of the check produces the same output.
For example, I run remote plugins through nrpe as the nagios user so if I 
want to manually test a plugin on the remote node, I would first login as the 
nagios user to ensure I've got the same environment that would be used when 
running via nrpe. It might be that the variables you have set in the script 
only work as the root user. It's never a good idea to test as the root  user 
but only as the same user as that used by nagios or nrpe.

Regards,
Deborah

From: Thilakraj.Shanmugam [mailto:thilakraj.shanmu...@canberra.edu.au]
Sent: 14 May 2013 09:58
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hi Deborah,  Thanks for the response..  please find the details below.


[root@abc libexec]# pwd
/usr/local/nagios/libexec
[root@abc libexec]# ./check_iptables.sh 
  -  Executing manually script
+ IPT=/sbin/iptables
+ GREP=/bin/grep
+ AWK=/bin/awk
+ EXPR=/usr/bin/expr
+ WC=/usr/bin/wc
+ A=/usr/bin/sudo
+ E_SUCCESS=0
+ E_CRITICAL=2
+ E_UNKNOWN=3
++ /usr/bin/sudo /sbin/iptables -nvL
++ /bin/grep Chain
++ /bin/awk '{ print $2 }'
++ /bin/grep Cid
++ /usr/bin/wc -l
+ CHAINS=5
+ '[' 5 -ne 0 ']'
+ echo 'Firewall is running!'
Firewall is running!
+ exit 0
   --  it shows firewall running   
( correct output )
[root@abc libexec]#


Client - NRPE config file

[root@abc libexec]# cat /usr/local/nagios/etc/nrpe.cfg |grep -i iptable
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
[root@abc libexec]#


[root@abc libexec]# ./check_nrpe -H localhost -c check_iptables
Firewall is not running 
   -  executing via check_nrpe 
  (  wrong output )
[root@abc libexec]#


NRPE Logs
-

May 14 18:52:28 abc nrpe[31158]: Added 
command[check_Partion_db]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p 
/db
May 14 18:52:28 abc nrpe[31158]: Added 
command[check_Partion_app]=/usr/local/nagios/libexec/check_disk -w 15% -c 5% -p 
/app
May 14 18:52:28 abc nrpe[31158]: Added 
command[check_iptables]=/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: INFO: SSL/TLS initialized. All network traffic 
will be encrypted.
May 14 18:52:28 abc nrpe[31158]: Handling the connection...
May 14 18:52:28 abc nrpe[31158]: Host is asking for command 'check_iptables' to 
be run...
May 14 18:52:28 abc nrpe[31158]: Running command: 
/usr/local/nagios/libexec/check_iptables.sh
May 14 18:52:28 abc nrpe[31158]: Command completed with return code 2 and 
output: Firewall is not running
May 14 18:52:28 abc nrpe[31158]: Return Code: 2, Output: Firewall is not running


Kind Regards,
Thilak


From: Deborah Martin [mailto:deborah.mar...@kognitio.com]
Sent: Tuesday, 14 May 2013 6:44 PM
To: Nagios Users List
Subject: Re: [Nagios-users] Nagios Plugin for IPTABLES Monitoring

Hi,
What is the wrong output being returned ?