Skip to main content

Monitoring DHCP server with check_dhcp

Setting Nagios to monitor my DHCP server using the plugin check_dhcp was a little tricky to setup.

First, the check_dhcp documentation indicates setting setuid on the check_dhcp binary in order to successfully query the dhcp server and receive a valid dhcp offer.

[email protected] libexec]# su - nagios -c '/usr/local/nagios/libexec/check_dhcp -s 192.168.1.2'
Warning: This plugin must be either run as root or setuid root.
To run as root, you can use a tool like sudo.
To set the setuid permissions, use the command:
chmod u+s yourpluginfile
Error: Could not bind socket to interface eth0. Check your privileges...

Fix:

chown root.root check_dhcp
chmod u+s check_dhcp

Secondly, since I always have all of my machines block all incoming traffic, I had to open up the UDP port 68 in order for the Nagios machine to accept the dhcp offer.

iptables -A INPUT -p udp --dport 68 -j ACCEPT

Linux: 

Awesome Applications: 

Custom WordPress auto update via FTP

When I originally migrated my blog off GoDaddy, one of the things that stopped functioning was the WordPress auto update feature. Luckily, I was able to easily overcome this using my own custom FTP settings. For its simplicity, I used vsftpd.

Install:

yum install vsftpd
chkconfig vsftpd on

Configure vsftpd to jail FTP users to their home directory in /etc/vsftpd/vsftpd.conf :

chroot_local_user=YES

Restart vftpd:

/etc/init.d/vsftpd restart

Now, I'll create the user that will be used to download and install the WordPress auto updates. :

useradd -d /PATH/TO/WORDPRESS/SITE -G apache -s /sbin/nologin apache_ftp_user
passwd apache_ftp_user

Before applying an update, update your permissions:

chown -R apache_ftp_user:apache /PATH/TO/WORDPRESS/SITE

Now use apache_ftp_user username and password on the WordPress FTP connection wizard page:

WordPress FTP Connection Information

Awesome Applications: 

Certificate validation issue during Spacewalk install

For some really annoying reason Spacewalk failed to populate the database during the initial setup.
Fix: Make sure your user's database password does not have special characters!

[[email protected] ~]# spacewalk-setup --disconnected --external-db
** Database: Setting up database connection for PostgreSQL backend.
Hostname (leave empty for local)?
Database? dbnamehere
Username? usernamehere
Password?
** Database: Populating database.
The Database has schema. Would you like to clear the database [Y]? Y
** Database: Clearing database.
** Database: Shutting down spacewalk services that may be using DB.
** Database: Services stopped. Clearing DB.
** Database: Re-populating database.
*** Progress: ##################################
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
* Performing initial configuration.
* Activating Spacewalk.
** Loading Spacewalk Certificate.
** Verifying certificate locally.
** Activating Spacewalk.
There was a problem validating the satellite certificate: 1

Databases: 

Linux: 

Awesome Applications: 

OpenBSD: PF firewall for the paranoid

Block all traffic except for ssh.

/etc/pf.conf

tcp_services = "{ 22 }"
block all
pass out on em0 proto tcp to any port $tcp_services keep state
pass in on em0 proto tcp to any port $tcp_services keep state

Enabling rules:

# pfctl -e ; pfctl -f /etc/pf.conf
pfctl: pf already enabled

Awesome Applications: 

Unix: 

Writing custom Nagios plugins: check_public-ip

Now that I think Nagios is the greatest thing since slice bread, I'm slowly but surely re-writing all my custom monitoring scripts to Nagios plugins.

The following is a Nagios plugin ready script that I used to replace my old public IP monitoring (See https://www.rubysecurity.org/ip_monitoring ).

#!/bin/bash

STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3

current_ip="YOUR-IP-ADDRESS-HERE"
ip=`curl -connect-timeout 30 -s ifconfig.me`

if [ "$current_ip" != "$ip" ] || [ -z "$ip" ]
then
        if [[ "$ip" =~ "Service Unavailable" ]] || [[ "$ip" =~ "html" ]]
        then
                echo "IP service monitoring is unavailable."
                exit $STATE_WARNING
        elif [[ "$ip"  =~ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]
        then
                echo "ALERT: Public IP has changed. NEW IP: $ip"
                exit $STATE_CRITICAL
        else
                echo "Unknown state detected."
                exit $STATE_UNKNOWN
        fi

else
        echo "Public OK: $ip"
        exit $STATE_OK
fi

Programming: 

Awesome Applications: 

Cron monitoring plugin for Nagios

#!/bin/bash
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3

CRON_CHECK=`ps aux | grep cron|grep -v grep|awk '{print $NF}'|grep -E -e '^(/usr/sbin/cron|crond)$'|wc -l`

case "${CRON_CHECK}" in
        0)  echo "Crond is not running."; exit ${STATE_CRITICAL}
        ;;
        1)  echo "Crond is running."; exit ${STATE_OK}
        ;;
        *)  echo "More than one crond process detected / crond is in an unknown state."; exit ${STATE_WARNING}
        ;;
esac

Programming: 

Awesome Applications: 

Installing Nagios Remote Plugin Executor in FreeBSD 9.1

This also installs the Nagios plugins in addition of nrpe. Follow the text-based menu install options. The installer will create and configure the nagios user account, and will install the naios and nrpe plugins in /usr/local/libexec/nagios .

cd /usr/ports/net-mgmt/nrpe2
make install clean

Update permissions.

chown -R nagios:nagios /usr/local/libexec/nagios

Create nrpe config file.

cd /usr/local/etc
cp nrpe.cfg-sample nrpe.cfg

Add the following entry to /etc/rc.conf .

nrpe2_enable="YES"

Edit nrpe.cfg (Example: 192.168.1.5 is my nagios server)

allowed_hosts=192.168.1.5

Start the nrpe daemon.

/usr/local/etc/rc.d/nrpe2 start

Awesome Applications: 

Unix: 

Installing Nagios Remote Plugin Executor in Solaris 11

Install gcc

pkg install pkg://sfe/runtime/gcc pkg://sfe/sfe/developer/gcc

Install system headers (not really sure if all listed were necessary):

pkg install SUNWhea SUNWbinutils SUNWarc SUNWgcc SUNWgccruntime SUNWlibsigsegv SUNWgm4 SUNWgnu-automake-110 SUNWaconf

Update your PATH:

PATH=$PATH:/usr/gcc/bin:/usr/sfw/bin:/usr/ccs/bin
export PATH

Manually create nagios user account, home directory, group, and assigned him a password.

mkdir -p /usr/local/nagios
useradd -d /usr/local/nagios -m nagios
groupadd nagios
usermod -G nagios nagios
passwd nagios

Download, extract, compile and install nrpe.

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz
tar -xvf http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz
cd /opt/nrpe-2.13
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make install
make install-daemon-config
cp src/check_nrpe /usr/local/nagios/libexec

Update permissions.

chown -R nagios:nagios /usr/local/nagios/

Add the following entry to /etc/services

nrpe 5666/tcp # NRPE

Add the following entry to /etc/inetd.conf

nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i

Convert and add the new legacy inetd entry to SMF.

inetconv
inetconv -e

Awesome Applications: 

Unix: 

Creating large files in Solaris for testing purposes

In the Linux world, I use the dd utility to create files that need to be a certain size. Even though it works perfectly fine, its kind of annoying figuring out the output file's size of the file. This is because the size is based on the "bs" (block size) value and the total number of block size "count" together.

For example, the following dd command creates a 300 mb file called 300mb-test-fil. Each block size will be 1000 bytes, and I want of a total of 300,000 blocks.
Formula: ( (1000 x 300000) / 1000000 )

[[email protected] ~]$ dd if=/dev/zero of=300mb-test-file bs=1000 count=300000
300000+0 records in
300000+0 records out
300000000 bytes (300 MB) copied, 2.0363 s, 147 MB/s

Luckily in the Solaris world this can be easily accomplished using the mkfile utility, without doing any conversion.
I used the mkfile utility to easily create test disk files to experiment with ZFS.

[email protected]:~# mkfile 300m testdisk1
[email protected]:~# mkfile 300m testdisk2
[email protected]:~# ln -s /root/testdisk1 /dev/dsk/testdisk1
[email protected]:~# ln -s /root/testdisk2 /dev/dsk/testdisk2
[email protected]:~# zpool create tonytestpool mirror testdisk1 testdisk2
[email protected]:~# zpool status tonytestpool
pool: tonytestpool
state: ONLINE
scan: none requested
config:

NAME STATE READ WRITE CKSUM
tonytestpool ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
testdisk1 ONLINE 0 0 0
testdisk2 ONLINE 0 0 0

errors: No known data errors

Linux: 

Awesome Applications: 

Unix: 

FreeBSD diskless PXE booting

After a couple of trial and error tests and lots of caffeine ingested, I finally managed to install FreeBSD 9.1 over my network completely diskless using ISC's DHCP, PXE, tftpd-hpa, and NFS.

Download iso image and copy over all files.

wget ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/Fr...
mount -o loop FreeBSD-9.0-RELEASE-amd64-disc1.iso /mnt
mkdir -p /srv/tftp/freebsd/amd64
cp -a /mnt/* /srv/tftp/freebsd/amd64
cp -a /mnt/.cshrc /srv/tftp/freebsd/amd64
cp -a /mnt/.profile /srv/tftp/freebsd/amd64
cp -a /mnt/.rr_moved /srv/tftp/freebsd/amd64

Create the following directories:

mkdir /srv/tftp/freebsd/amd64/jails
mkdir -p /srv/tftp/freebsd/amd64/conf/base/jails
mkdir /srv/tftp/freebsd/amd64/conf/default
chmod -R 777 /srv/tftp/freebsd/amd64/conf
chmod -R 777 /srv/tftp/freebsd/amd64/jails

Edit /srv/tftp/freebsd/amd64/etc/fstab, comment out the entry in the file:

#/dev/iso9660/FREEBSD_INSTALL / cd9660 ro 0 0

Add the following entry to /srv/tftp/freebsd/amd64/etc/rc.conf:

root_rw_mount="NO"

NFS configuration:

/srv/tftp/freebsd/amd64		192.168.1.1/24(ro,sync,no_root_squash,no_subtree_check)

dhcpd configuration (of course, IP may differ depending on your environment):
192.168.1.128 will be the IP that wil be assigned to the new FreeBSD system.
192.168.1.2 is the IP of the NFS server where the installation files are stored in.
The filename path is relative to what path you configured with tftpd-hpa.

host freebsdboot {
  hardware ethernet 08:00:27:2b:f9:f8;
  fixed-address 192.168.1.128;
  filename "freebsd/amd64/boot/pxeboot";
  option root-path "192.168.1.2:/srv/tftp/freebsd/amd64";
}

FreeBSD Diskless PXE

References:
http://forums.freebsd.org/showthread.php?t=30069
http://lists.freebsd.org/pipermail/freebsd-questions/2012-March/238969.html
http://box.matto.nl/disklessfreebsd.html

Awesome Applications: 

Unix: 

Pages

Premium Drupal Themes by Adaptivethemes