rubysecurity.org

Cloud Architect / DevOps Engineer / SRE / Developer | /root

Home About Books Blog Portfolio Archive

Tag Cloud


Currently Reading

Certified Kubernetes Administrator (CKA) Study Guide
Certified Kubernetes Administrator (CKA) Study Guide
38 / 155 Pages


Latest Book Reviews

Latest Posts


January 13, 2013

OpenBSD: PF firewall for the paranoid

by Alpha01

Block all traffic except for ssh.

/etc/pf.conf

tcp_services = "{ 22 }"
block all
pass out on em0 proto tcp to any port $tcp_services keep state
pass in on em0 proto tcp to any port $tcp_services keep state

Enabling rules:

pfctl -e ; pfctl -f /etc/pf.conf 
pfctl: pf already enabled
Tags: [ pf ]
January 2, 2013

Writing custom Nagios plugins: check_public-ip

by Alpha01

Now that I think Nagios is the greatest thing since slice bread, I’m slowly but surely re-writing all my custom monitoring scripts to Nagios plugins.

The following is a Nagios plugin ready script that I used to replace my old public IP monitoring (See https://www.rubysecurity.org/ip_monitoring).

#!/bin/bash

STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3

current_ip="YOUR-IP-ADDRESS-HERE"
ip=`curl -connect-timeout 30 -s ifconfig.me`

if [ "$current_ip" != "$ip" ] || [ -z "$ip" ]
then
        if [[ "$ip" =~ "Service Unavailable" ]] || [[ "$ip" =~ "html" ]]
        then
                echo "IP service monitoring is unavailable."
                exit $STATE_WARNING
        elif [[ "$ip"  =~ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} ]]
        then
                echo "ALERT: Public IP has changed. NEW IP: $ip"
                exit $STATE_CRITICAL
        else
                echo "Unknown state detected."
                exit $STATE_UNKNOWN
        fi

else
        echo "Public OK: $ip"
        exit $STATE_OK
fi
Tags: [ bash nagios ]
January 2, 2013

Installing Nagios Remote Plugin Executor in FreeBSD 9.1

by Alpha01

This also installs the Nagios plugins in addition of nrpe. Follow the text-based menu install options. The installer will create and configure the nagios user account, and will install the naios and nrpe plugins in /usr/local/libexec/nagios.

cd /usr/ports/net-mgmt/nrpe2
make install clean

Update permissions.

chown -R nagios:nagios /usr/local/libexec/nagios

Create nrpe config file.

cd /usr/local/etc
cp nrpe.cfg-sample nrpe.cfg

Add the following entry to /etc/rc.conf.

nrpe2_enable="YES"

Edit nrpe.cfg (Example: 192.168.1.5 is my nagios server)

allowed_hosts=192.168.1.5

Start the nrpe daemon.

/usr/local/etc/rc.d/nrpe2 start
Tags: [ nagios freebsd ]
January 2, 2013

Cron monitoring plugin for Nagios

by Alpha01

#!/bin/bash
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3

CRON_CHECK=`ps aux | grep cron|grep -v grep|awk '{print $NF}'|grep -E -e '^(/usr/sbin/cron|crond)$'|wc -l`

case "${CRON_CHECK}" in
        0)  echo "Crond is not running."; exit ${STATE_CRITICAL}
        ;;
        1)  echo "Crond is running."; exit ${STATE_OK}
        ;;
        *)  echo "More than one crond process detected / crond is in an unknown state."; exit ${STATE_WARNING}
        ;;
esac
Tags: [ bash nagios ]
December 30, 2012

Installing Nagios Remote Plugin Executor in Solaris 11

by Alpha01

Install gcc

pkg install pkg://sfe/runtime/gcc pkg://sfe/sfe/developer/gcc

Install system headers (not really sure if all listed were necessary):

pkg install SUNWhea SUNWbinutils SUNWarc SUNWgcc SUNWgccruntime SUNWlibsigsegv SUNWgm4 SUNWgnu-automake-110 SUNWaconf

Update your PATH:

PATH=$PATH:/usr/gcc/bin:/usr/sfw/bin:/usr/ccs/bin
export PATH

Manually create nagios user account, home directory, group, and assigned him a password.

mkdir -p /usr/local/nagios
useradd -d /usr/local/nagios -m nagios
groupadd nagios
usermod -G nagios nagios
passwd nagios

Download, extract, compile and install nrpe.

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz
tar -xvf http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz
cd /opt/nrpe-2.13
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make install
make install-daemon-config
cp src/check_nrpe /usr/local/nagios/libexec

Update permissions.

chown -R nagios:nagios /usr/local/nagios/

Add the following entry to /etc/services

nrpe 5666/tcp # NRPE

Add the following entry to /etc/inetd.conf

nrpe stream tcp nowait nagios /usr/sbin/tcpd /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -i

Convert and add the new legacy inetd entry to SMF.

inetconv
inetconv -e
Tags: [ nagios solaris ]