rubysecurity.org

Cloud Architect / DevOps Engineer / SRE / Developer | /root

Home About Books Blog Portfolio Archive

Tag Cloud


Currently Reading

Certified Kubernetes Administrator (CKA) Study Guide
Certified Kubernetes Administrator (CKA) Study Guide
38 / 155 Pages


Latest Book Reviews

Latest Posts


November 1, 2012

Installing Nagios Remote Plugin Executor in CentOS and Ubuntu

by Alpha01

CentOS

yum install openssl openssl-devel gcc make autoconf xinetd

Debian/Ubuntu

apt-get install openssl build-essential libssl-dev gcc make autoconf xinetd

Create nagios user and give it a password.

/usr/sbin/useradd -m nagios
passwd nagios

Download and extract the latest stable Nagios Plugins from http://www.nagios.org/download/plugins/ Configure, compile and install the Nagios plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

Download the latest NRPE plugin from http://exchange.nagios.org/directory/Addons/Monitoring-Agents/NRPE–2D-Nagios-Remote-Plugin-Executor/details. Extract, configure, compile and install the plugin with xinetd configuration.

./configure
make all
make install-daemon
make install-xinetd

Edit the /etc/xinetd.d/nrpe file and add the IP address of the monitoring server to the only_from directive.

only_from = 127.0.0.1 <nagios_ip_address>

Add the following entry for the NRPE daemon to the /etc/services file.

nrpe 5666/tcp # NRPE

Restart the xinetd service.

/etc/init.d/xinetd restart

Copy over sample config file.

mkdir /usr/local/nagios/etc/
cp sample-config/nrpe.cfg /usr/local/nagios/etc/nrpe.cfg

Copy over check_nrpe binary to /usr/local/nagios/libexec

cp src/check_nrpe /usr/local/nagios/libexec/

Update permissions.

chown nagios.nagios /usr/local/nagios
chown -R nagios.nagios /usr/local/nagios/libexec

Update firewall.

iptables -A INPUT -p tcp -m tcp --dport 5666 -j ACCEPT

Testing Communication

Issue the following command to test communication on the Nagios monitoring server. Replace IP “192.168.0.1”, with the NRPE client’s IP.

/usr/local/nagios/libexec/check_nrpe -H 192.168.0.1

You should get a string back that tells you what version of NRPE is installed on the remote host, like this:

NRPE v2.13
Tags: [ nagios centos ubuntu ]
October 31, 2012

Installing Nagios in CentOS 6

by Alpha01

Make sure you’ve installed the following packages on your CentOS installation before continuing.

  • Apache
  • PHP
  • GCC compiler
  • GD development libraries
yum install httpd php gcc glibc glibc-common gd gd-devel make autoconf

Create nagios user and give it a password.

/usr/sbin/useradd -m nagios
passwd nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache

Download and extract the latest stable Nagios Core from http://www.nagios.org/download/core/ Run the Nagios configure script, passing the name of the group you created earlier:

./configure --with-command-group=nagcmd

Compile Nagios

make all

Install Nagios

make install

Update the email address associated with the nagiosadmin contact definition in /usr/local/nagios/etc/objects/contacts.cfg. Install the Nagios web config file in the Apache conf.d directory.

make install-webconf

Install Nagios init config

make install-init

Create htaccess user to access the Nagios web interface.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

service httpd restart

Add Nagios to the list of system services and have it automatically start when the system boots.

chkconfig --add nagios
chkconfig nagios on

Download and extract the latest stable Nagios Plugins from http://www.nagios.org/download/plugins. Configure, compile and install the Nagios plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

Update permissions

chown nagios.nagios /usr/local/nagios
chown -R nagios.nagios /usr/local/nagios/libexec

Verify the sample Nagios configuration files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

service nagios start

Post Installation

To make things easier to myself, the ncheck and nrestart aliases were created in /root/.bashrc to check the nagios configuration and restart the service respectively.

alias ncheck='/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg'
alias nrestart='service nagios restart'

Reference

Tags: [ nagios centos ]
September 23, 2012

Kerberos - Kadmin issue NTP

by Alpha01

I stumbled onto yet another Kerberos problem.

Error

[root@afs2 log]# kadmin -p kerberosadmin/[email protected]
Authenticating as principal kerberosadmin/[email protected] with password.
Password for kerberosadmin/[email protected]: 
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface

Fix

Make sure the time is correct on your Kerberos client/server, ideally NTP should be enabled on the hosts to avoid things like these from happening. Until I rollout ntp on my local LAN, I just manually ran ntpdate

ntpdate us.pool.ntp.org
Tags: [ kerberos ntp ]
September 1, 2012

Kerberos - kadmin connection issue

by Alpha01

I was getting a communication error when trying to connect from a Kerberos client to the KDC, while I was still able to successfully be granted a ticket using kinit.

Error

[root@rubyninja etc]# kadmin -p kerberosadmin/[email protected]
Authenticating as principal kerberosadmin/[email protected] with password.
Password for kerberosadmin/[email protected]: 
kadmin: Communication failure with server while initializing kadmin interface

Fix

It turns out that iptables was blocking access to kadmind on the Master KDC, of which I simply had to allow the TCP Port 749 to fix the issue.

iptables -A INPUT -p tcp -m tcp --dport 749 -j ACCEPT
Tags: [ kerberos iptables ]
June 11, 2012

Sendmail domain masquerade problem

by Alpha01

Recently, I wanted to change my host outgoing domain email address. Since I’ve been getting into the habit of using bare minimal installs, it turns out that sendmail by default does not include sendmail-cf package needed by the m4 utility to generate a sendmail .cf configuration file.

Error

[root@bashninja mail]# m4 < sendmail.mc > sendmail.cf 
m4:stdin:10: cannot open `/usr/share/sendmail-cf/m4/cf.m4': No such file or directory

Fix

[root@bashninja mail]# yum install sendmail-cf
Tags: [ sendmail ]