Tag Cloud
Currently Reading
Latest Book Reviews
- Rancher Deep Dive Posted on March 31, 2023
- Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
- Automating Workflows with GitHub Actions Posted on October 13, 2022
- Deep-Dive Terraform on Azure Posted on August 30, 2022
- Effective DevOps Posted on January 5, 2022 All Book Reviews
Latest Posts
- Certificate validation issue during Spacewalk install Posted on January 20, 2013
- OpenBSD: PF firewall for the paranoid Posted on January 13, 2013
- Writing custom Nagios plugins: check_public-ip Posted on January 2, 2013
- Installing Nagios Remote Plugin Executor in FreeBSD 9.1 Posted on January 2, 2013
- Cron monitoring plugin for Nagios Posted on January 2, 2013
January 20, 2013
Certificate validation issue during Spacewalk install
by Alpha01
Error
For some really annoying reason Spacewalk failed to populate the database during the initial setup.
[root@spacewalk ~]# spacewalk-setup --disconnected --external-db
** Database: Setting up database connection for PostgreSQL backend.
Hostname (leave empty for local)?
Database? dbnamehere
Username? usernamehere
Password?
** Database: Populating database.
The Database has schema. Would you like to clear the database [Y]? Y
** Database: Clearing database.
** Database: Shutting down spacewalk services that may be using DB.
** Database: Services stopped. Clearing DB.
** Database: Re-populating database.
*** Progress: ##################################
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
* Performing initial configuration.
* Activating Spacewalk.
** Loading Spacewalk Certificate.
** Verifying certificate locally.
** Activating Spacewalk.
There was a problem validating the satellite certificate: 1
Fix
Make sure your user’s database password does not have special characters!
Tags: [centos
]
January 13, 2013
OpenBSD: PF firewall for the paranoid
by Alpha01
Block all traffic except for ssh.
/etc/pf.conf
tcp_services = "{ 22 }"
block all
pass out on em0 proto tcp to any port $tcp_services keep state
pass in on em0 proto tcp to any port $tcp_services keep state
Enabling rules:
pfctl -e ; pfctl -f /etc/pf.conf
pfctl: pf already enabled
pf
]
January 2, 2013
Writing custom Nagios plugins: check_public-ip
by Alpha01
Now that I think Nagios is the greatest thing since slice bread, I’m slowly but surely re-writing all my custom monitoring scripts to Nagios plugins.
The following is a Nagios plugin ready script that I used to replace my old public IP monitoring (See https://www.rubysecurity.org/ip_monitoring).
#!/bin/bash
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
current_ip="YOUR-IP-ADDRESS-HERE"
ip=`curl -connect-timeout 30 -s ifconfig.me`
if [ "$current_ip" != "$ip" ] || [ -z "$ip" ]
then
if [[ "$ip" =~ "Service Unavailable" ]] || [[ "$ip" =~ "html" ]]
then
echo "IP service monitoring is unavailable."
exit $STATE_WARNING
elif [[ "$ip" =~ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]
then
echo "ALERT: Public IP has changed. NEW IP: $ip"
exit $STATE_CRITICAL
else
echo "Unknown state detected."
exit $STATE_UNKNOWN
fi
else
echo "Public OK: $ip"
exit $STATE_OK
fi
bash
nagios
]
January 2, 2013
Installing Nagios Remote Plugin Executor in FreeBSD 9.1
by Alpha01
This also installs the Nagios plugins in addition of nrpe
. Follow the text-based menu install options. The installer will create and configure the nagios user account, and will install the naios
and nrpe
plugins in /usr/local/libexec/nagios
.
cd /usr/ports/net-mgmt/nrpe2
make install clean
Update permissions.
chown -R nagios:nagios /usr/local/libexec/nagios
Create nrpe config file.
cd /usr/local/etc
cp nrpe.cfg-sample nrpe.cfg
Add the following entry to /etc/rc.conf
.
nrpe2_enable="YES"
Edit nrpe.cfg
(Example: 192.168.1.5 is my nagios server)
allowed_hosts=192.168.1.5
Start the nrpe
daemon.
/usr/local/etc/rc.d/nrpe2 start
nagios
freebsd
]
January 2, 2013
Cron monitoring plugin for Nagios
by Alpha01
#!/bin/bash
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
CRON_CHECK=`ps aux | grep cron|grep -v grep|awk '{print $NF}'|grep -E -e '^(/usr/sbin/cron|crond)$'|wc -l`
case "${CRON_CHECK}" in
0) echo "Crond is not running."; exit ${STATE_CRITICAL}
;;
1) echo "Crond is running."; exit ${STATE_OK}
;;
*) echo "More than one crond process detected / crond is in an unknown state."; exit ${STATE_WARNING}
;;
esac
bash
nagios
]