From: Peter Palfrader Date: Tue, 31 Mar 2009 17:10:19 +0000 (+0200) Subject: Move stuff around X-Git-Url: https://wiki.adam-barratt.org.uk/gitweb/?a=commitdiff_plain;h=c52cf8d1190f744101fe52aa0e66c299b6bc0014;p=mirror%2Fdsa-nagios.git Move stuff around --- diff --git a/Makefile b/Makefile deleted file mode 100644 index 5b78018..0000000 --- a/Makefile +++ /dev/null @@ -1,50 +0,0 @@ -all: generated/nrpe_dsa.cfg deb - -generated/nrpe_dsa.cfg: nagios-master.cfg build-nagios - [ -d generated ] || mkdir generated - ./build-nagios - - -deb: generated/nrpe_dsa.cfg dsa-nagios-nrpe-config/debian/changelog - if ! [ -e Build-tree/dsa-nagios-nrpe-config/nrpe_dsa.cfg ] || \ - ! diff generated/nrpe_dsa.cfg Build-tree/dsa-nagios-nrpe-config/nrpe_dsa.cfg > /dev/null; then \ - cp -a generated/nrpe_dsa.cfg dsa-nagios-nrpe-config && \ - rm -rf Build-tree && \ - mkdir Build-tree && \ - cp -av dsa-nagios-nrpe-config Build-tree && \ - cd Build-tree/dsa-nagios-nrpe-config && \ - dch --newversion "$$(date --utc '+%Y%m%dT%H%M%S')" "Built on `hostname` in `pwd` by $$USER." && \ - debuild -rfakeroot -uc -us; \ - fi - -clean: - rm -rf generated - rm -rf Build-tree - rm -f dsa-nagios-nrpe-config/nrpe_dsa.cfg - -install: generated/nrpe_dsa.cfg - dh_testroot - # - install -m 644 checkcommands.cfg /etc/nagios-plugins/config/local-dsa-checkcommands.cfg - # - install -m 644 nagios-conf/contacs.cfg /etc/nagios3/conf.d - install -m 644 nagios-conf/generic-host.cfg /etc/nagios3/conf.d - install -m 644 nagios-conf/generic-service.cfg /etc/nagios3/conf.d - install -m 644 nagios-conf/timeperiods.cfg /etc/nagios3/conf.d - install -m 644 generated/auto-dependencies.cfg /etc/nagios3/conf.d - install -m 644 generated/auto-hostextinfo.cfg /etc/nagios3/conf.d - install -m 644 generated/auto-hostgroups.cfg /etc/nagios3/conf.d - install -m 644 generated/auto-hosts.cfg /etc/nagios3/conf.d - install -m 644 generated/auto-serviceextinfo.cfg /etc/nagios3/conf.d - install -m 644 generated/auto-services.cfg /etc/nagios3/conf.d - install -m 644 generated/auto-servicegroups.cfg /etc/nagios3/conf.d - # - @echo "Also run: " - @echo " cp Build-tree/*.deb /org/db.debian.org/ftp-archive/archive/pool/etch/ && " - @echo " make -C /org/db.debian.org/ftp-archive" - # - @echo - # - env -i /etc/init.d/nagios3 reload - -.PHONY: all deb diff --git a/build-nagios b/build-nagios deleted file mode 100755 index 6395e80..0000000 --- a/build-nagios +++ /dev/null @@ -1,459 +0,0 @@ -#!/usr/bin/ruby - -# build nagios and nrpe config from a single master config file - -# Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - - -require "yaml" - -ORG="dsa" -SHORTORG="dsa" -GENERATED_PREFIX="./generated/" - -nagios_filename = {}; -%w(hosts hostgroups services dependencies hostextinfo serviceextinfo servicegroups).each{ - |x| nagios_filename[x] = GENERATED_PREFIX+"auto-#{x}.cfg" -} -nagios_filename['nrpe'] = GENERATED_PREFIX+"nrpe_#{ ORG }.cfg" - - -MAX_CHECK_ATTEMPTS_DEFAULT=6 - -NRPE_CHECKNAME="#{ ORG }_check_nrpe" # check that takes one argument: service name to be checked -NRPE_CHECKNAME_HOST="#{ ORG }_check_nrpe_host" # check that takes two arguments: relay host on which to run check, service name to be checked - -HOST_TEMPLATE_NAME='generic-host' # host templates that all our host definitions use -SERVICE_TEMPLATE_NAME='generic-service' # host templates that all our host definitions use -HOST_ALIVE_CHECK='check-host-alive' # host alive check if server is pingable -NRPE_PROCESS_SERVICE='process - nrpe' # nrpe checks will depend on this one - - -def warn (msg) - STDERR.puts msg -end -def set_if_unset(hash, key, value) - hash[key] = value unless hash.has_key?(key) -end -def set_complain_if_set(hash, key, value, type, name) - throw "#{type} definition '#{name}' has '#{key}' already defined" if hash.has_key?(key) - hash[key] = value -end - -# Make an array out of something. If there is nothing, create an empty array -# if it is just a string, make a list with just that element, if it already is -# an array keep it. -def ensure_array(something) - if (something == nil) - result = [] - elsif something.kind_of?(String) - result = [ something ] - elsif something.kind_of?(Array) - result = something - else - throw "Do now know how to make an array out of #{something}: " + something.to_yaml - end - return result -end - - -# This class keeps track of the checks done via NRPE and makes sure -# each gets a unique name. -# -# Unforutunately NRPE limits check names to some 30 characters, so -# we need to mangle service names near the end. -class Nrpe - def initialize - @checks = {} - end - - def make_name( name, check ) - name = name.tr_s("^a-zA-Z", "_").gsub("process", "ps") - - result = "#{ SHORTORG }_" + name[0,19] - - hash = '' - skew = '' - while (@checks.has_key?(result + hash)) - # hash it, so that we don't lose uniqeness by cutting it off - hash = (check+skew).crypt("$1$") - hash = hash[-5,5] # 5 chars are enough - hash.tr!("/", "_") - skew += ' ' # change it a bit so the hash changes - end - result += hash - return result # max of 32 or so chars - end - - def add( name, check ) - if @checks.has_value? check - @checks.each_pair{ |key, value| - return key if value == check - } - end - key = make_name(name, check) - @checks[ key ] = check - return key - end - - def checks - return @checks - end -end -$nrpe = Nrpe.new() - - -# Prints the keys and values of hash to a file -# This is the function that prints the bodies of most our -# host/service/etc definitions -# -# It skips over such keys as are listed in exclude_keys -# and also skips private keys (those starting with an underscre) -def print_block(fd, kind, hash, exclude_keys) - fd.puts "define #{kind} {" - hash.each_pair{ |key, value| - next if key[0,1] == '_' - next if exclude_keys.include? key - fd.puts " #{key} #{value}" - } - fd.puts "}" - fd.puts -end - -def merge_contacts(host, service) - %w{contacts contact_groups}.each{ |k| - contacts = [] - [host, service].each{ |source| - contacts.push source[k] if source.has_key?(k) - } - service[k] = contacts.join(",") unless contacts.empty? - } -end - -# Add the service definition service to hosts -# f is the file for service definitions, deps the file for dependencies -def addService(hosts, service, files, servers) - - set_if_unset service, 'use' , SERVICE_TEMPLATE_NAME - set_if_unset service, 'max_check_attempts', MAX_CHECK_ATTEMPTS_DEFAULT - - service['max_check_attempts'] = MAX_CHECK_ATTEMPTS_DEFAULT + service['max_check_attempts'] if service['max_check_attempts'] < 0 - - if service['nrpe'] - throw "We already have a check_command (#{service['check_command']}) but we are in the NRPE block (nrpe: #{service['nrpe']})."+ - " This should have been caught much earlier" if service.has_key?('check_command'); - - check = $nrpe.add(service['service_description'], service['nrpe']) - service['check_command'] = "#{ NRPE_CHECKNAME }!#{ check }" - - service['depends'] = ensure_array( service['depends'] ) - service['depends'] << NRPE_PROCESS_SERVICE unless service['service_description'] == NRPE_PROCESS_SERVICE # Depend on NRPE unless we are it - end - - hosts.each{ |host| - s = service.clone - set_complain_if_set s, 'host_name', host, 'Service', s['service_description'] - merge_contacts(servers[host], s) - - print_block files['services'], 'service', s, %w(nrpe runfrom remotecheck - depends - hosts hostgroups excludehosts excludehostgroups) - } - - if service['depends'] - service['depends'].each{ |prerequisite| - hosts.each{ |host| - prerequisite_host = host - pre = prerequisite - # split off a hostname if there's one - bananasplit = prerequisite.split(':') - if bananasplit.size == 2 - prerequisite_host = bananasplit[0] - pre = bananasplit[1] - elsif bananasplit.size > 2 - throw "Cannot prase prerequisite #{prerequisite} for service #{service['service_description']} into host:service" - end - dependency = { - 'host_name' => prerequisite_host, - 'service_description' => pre, - 'dependent_host_name' => host, - 'dependent_service_description' => service['service_description'], - 'execution_failure_criteria' => 'n', - 'notification_failure_criteria' => 'w,u,c' - }; - print_block files['dependencies'], 'servicedependency', dependency, %w() - } - } - end - - - set_complain_if_set service['_extinfo'], 'service_description' , service['service_description'], 'serviceextinfo', service['service_description'] - set_complain_if_set service['_extinfo'], 'host_name' , hosts.join(',') , 'serviceextinfo', service['service_description'] - - print_block files['serviceextinfo'], 'serviceextinfo', service['_extinfo'], %w() -end - -# hostlists in services can be given as both, single hosts and hostgroups -# This functinn merges hostgroups and a simple list of hosts -# -# it also takes a prefix so that it can be used for excludelists as well -def merge_hosts_and_hostgroups(service, servers, hostgroups, prefix) - hosts = [] - hosts = service[prefix+'hosts'].split(/,/).map{ |x| x.strip } if service[prefix+'hosts'] - hosts.each{ |host| - throw "host #{host} does not exist - used in service #{service['service_description']}" unless servers[host] - }; - if service[prefix+'hostgroups'] - service[prefix+'hostgroups'].split(/,/).map{ |x| x.strip }.each{ |hg| - throw "hostgroup #{hg} does not exist - used in service #{service['service_description']}" unless hostgroups[hg] - hosts = hosts.concat hostgroups[hg]['_memberlist'] - } - end - - return hosts -end - -# Figure out the hosts a given service applies to -# -# For a given service find the list of hosts minus excluded hosts that this service runs on -def find_hosts(service, servers, hostgroups) - hosts = merge_hosts_and_hostgroups service, servers, hostgroups, '' - excludehosts = merge_hosts_and_hostgroups service, servers, hostgroups, 'exclude' - - excludehosts.each{ |host| - if hosts.delete(host) == nil - throw "Cannot remove host #{host} from service #{service['service_description']}: it's not included anyway or excluded twice." - end - } - - return hosts -end - -# Move all elements that have a key that starts with "extinfo-" -# into the _extinfo subhash -def split_away_extinfo(hash) - hash['_extinfo'] = {} - hash.keys.each{ |key| - if key[0, 8] == 'extinfo-' - hash['_extinfo'][ key[8, key.length-8] ] = hash[key] - hash.delete(key); - end - } -end - - -############################################################################################# -############################################################################################# -############################################################################################# - -# Load the config -config = YAML::load( File.open( 'nagios-master.cfg' ) ) - -files = {} -# Remove old created files -nagios_filename.each_pair{ |name, filename| - files[name] = File.new(filename, "w") -} - -################################# -# create a few hostgroups -################################# -# create the "all" and "pingable" hostgroups -config['hostgroups']['all'] = {} -config['hostgroups']['all']['alias'] = "all servers" -config['hostgroups']['all']['private'] = true -config['hostgroups']['pingable'] = {} -config['hostgroups']['pingable']['alias'] = "pingable servers" -config['hostgroups']['pingable']['private'] = true - -config['hostgroups'].each_pair{ |name, hg| - throw "Empty hostgroup or hostgroup #{name} not a hash" unless hg.kind_of?(Hash) - split_away_extinfo hg - - hg['_memberlist'] = [] -} - -config['servers'].each_pair{ |name, server| - throw "Empty server or server #{name} not a hash" unless server.kind_of?(Hash) - - split_away_extinfo server - - throw "No hostgroups defined for #{name}" unless server['hostgroups'] - server['_hostgroups'] = server['hostgroups'].split(/,/).map{ |x| x.strip }; - server['_hostgroups'] << 'all' - server['_hostgroups'] << 'pingable' unless server['pingable'] == false - - server['_hostgroups'].each{ |hg| - throw "Hostgroup #{hg} is not defined" unless config['hostgroups'].has_key?(hg) - config['hostgroups'][hg]['_memberlist'] << name - }; -} - -config['servicegroups'] = {} unless config.has_key? 'servicegroups' - -############## -# HOSTS -############## -config['servers'].each_pair{ |name, server| - # Formerly we used 'ip' instead of 'address' in our source file - # Handle this change but warn XXX - if server.has_key?('ip') - STDERR.puts("Host definition for #{name} has an 'ip' field. Please use 'address' instead"); - server['address'] = server['ip']; - server.delete('ip'); - end - - set_complain_if_set server, 'host_name' , name, 'Host', name - set_if_unset server, 'alias' , name - set_if_unset server, 'use' , HOST_TEMPLATE_NAME - set_if_unset server, 'check_command', HOST_ALIVE_CHECK unless server['pingable'] == false - - print_block files['hosts'] , 'host' , server , %w(hostgroups pingable) - - - - # Handle hostextinfo - #config['hostgroups'][ server['_hostgroups'].first ]['_extinfo'].each_pair{ |k, v| - # find the first hostgroup that has extinfo - extinfo = server['_hostgroups'].collect{ |hgname | config['hostgroups'][hgname]['_extinfo'] }.delete_if{ |ei| ei.size == 0 }.first - if extinfo then - extinfo.each_pair do |k, v| - # substitute hostname into the notes_url - v = sprintf(v,name) if k == 'notes_url' - - set_if_unset server['_extinfo'], k ,v - end - end - - set_complain_if_set server['_extinfo'], 'host_name' , name, 'hostextinfo', name - set_if_unset server['_extinfo'], 'vrml_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image') - set_if_unset server['_extinfo'], 'statusmap_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image') - - print_block files['hostextinfo'], 'hostextinfo', server['_extinfo'], %w() -} - - - -############## -# HOSTGROUPS -############## -config['hostgroups'].each_pair{ |name, hg| - next if hg['private'] - - set_complain_if_set hg, 'hostgroup_name', name , 'Hostgroup', name - set_complain_if_set hg, 'members' , hg['_memberlist'].join(","), 'Hostgroup', name - - print_block files['hostgroups'], 'hostgroup', hg, %w() -} - - -############## -# SERVICES and DEPENDENCIES -############## -config['services'].each{ |service| - throw "Empty service or service not a hash" unless service.kind_of?(Hash) - - split_away_extinfo service - - - # Both 'name' and 'service_description' are valid for a service's name - # Internally we only use service_description as that's nagios' official term - if service.has_key?('name') - throw "Service definition has both a name (#{service['name']})" + - "and a service_description (#{service['service_description']})" if service.has_key?('service_description') - #STDERR.puts("Service definition #{service['name']} has a 'name' field. Please use 'service_description' instead"); - service['service_description'] = service['name']; - service.delete('name'); - end - # Both 'check' and 'check_command' are valid for a service's check command - # Internally we only use check_command as that's nagios' official term - if service.has_key?('check') - throw "Service definition has both a check (#{service['check']})" + - "and a check_command (#{service['check_command']})" if service.has_key?('check_command') - #STDERR.puts("Service definition #{service['service_description']} has a 'check' field. Please use 'check_command' instead"); - service['check_command'] = service['check']; - service.delete('check'); - end - - - hosts = find_hosts service, config['servers'], config['hostgroups'] - throw "no hosts for service #{service['service_description']}" if hosts.empty? - - throw "nrpe, check, and remotecheck are mutually exclusive in service #{service['service_description']}" if - (service['nrpe'] ? 1 : 0) + - (service['check_command'] ? 1 : 0) + - (service['remotecheck'] ? 1 : 0) >= 2 - - if service['runfrom'] && service['remotecheck'] - # If the service check is to be run from a remote monitor server ("relay") - # add that as an NRPE check to be run on the relay and make this - # service also depend on NRPE on the relay - relay = service['runfrom'] - - hosts.each{ |host| - # how to recursively copy this thing? - hostservice = YAML::load( service.to_yaml ) - host_ip = config['servers'][host]['address'] - throw "For some reason I do not have an address for #{host}. This shouldn't be." unless host_ip - - remotecheck = hostservice['remotecheck'] - remotecheck.gsub!(/\$HOSTADDRESS\$/, host_ip) - remotecheck.gsub!(/\$HOSTNAME\$/, host) - check = $nrpe.add("#{host}_#{hostservice['service_description']}", remotecheck) - hostservice['check_command'] = "#{NRPE_CHECKNAME_HOST}!#{ config['servers'][ relay ]['address'] }!#{ check }" - - # Make sure dependencies are an array. If there are none, create an empty array - # if depends is just a string, make a list with just that element - hostservice['depends'] = ensure_array( hostservice['depends'] ) - # And append this new dependency - hostservice['depends'] << "#{ relay }:#{ NRPE_PROCESS_SERVICE }"; - - addService( [ host ], hostservice, files, config['servers']) - } - elsif service['runfrom'] || service['remotecheck'] - throw "runfrom and remotecheck must either appear both or not at all in service #{service['service_description']}" - throw "must not remotecheck without runfrom" if service['remotecheck'] - else - addService(hosts, service, files, config['servers']) - end -} - - - -############## -# SERVICEGROUPS -############## -config['servicegroups'].each_pair{ |name, sg| - set_complain_if_set sg, 'servicegroup_name', name , 'Servicegroup', name - - print_block files['servicegroups'], 'servicegroup', sg, %w() -} - - -############## -# NRPE config file -############## -$nrpe.checks.each_pair{ |name, check| - files['nrpe'].puts "command[#{ name }]=#{ check }" -} - - diff --git a/checkcommands.cfg b/checkcommands.cfg deleted file mode 100644 index 9811089..0000000 --- a/checkcommands.cfg +++ /dev/null @@ -1,62 +0,0 @@ -# if you read this in /etc/nagios-plugins/config/local-dsa-checkcommands.cfg -# please note: this file is maintained in bzr and overwritten in the -# make install target -# -# edit the copy in bzr instead, see /etc/nagios3/README-DSA -# -define command { - command_name dsa_check_nrpe - command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $HOSTADDRESS$ -t 50 -c $ARG1$ -} -define command { - command_name dsa_check_nrpe_host - command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $ARG1$ -c $ARG2$ -} -define command{ - command_name dsa_check_cert - command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -p $ARG1$ -S -C 14 -} -define command{ - command_name dsa_check_http_port - command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$ -p $ARG1$ -} -define command{ - command_name dsa_check_smtp - command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -} -define command{ - command_name dsa_check_smtp_port - command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p $ARG1$ -} -define command{ - command_name dsa_check_ssh - command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -} -define command{ - command_name dsa_check_ssh_port - command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$ -} -define command{ - command_name dsa_check_ssh_port_version - command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$ -r "$ARG2$" -} -define command{ - command_name dsa_check_time - command_line /usr/lib/nagios/plugins/check_time -w 5 -c 60 -H $HOSTADDRESS$ -} -define command{ - command_name dsa_check_mirrorsync - command_line /usr/lib/nagios/plugins/dsa-check-mirrorsync --host "$ARG1$" --path "$ARG2$" -} -define command{ - command_name dsa_check_soas - command_line /usr/lib/nagios/plugins/dsa-check-soas "$ARG1$" -} -define command{ - command_name dsa_check_soas_add - command_line /usr/lib/nagios/plugins/dsa-check-soas -a "$ARG1$" "$ARG2$" -} -define command{ - command_name dsa_check_always_ok - command_line /bin/true -} diff --git a/config/build-nagios b/config/build-nagios new file mode 100755 index 0000000..6395e80 --- /dev/null +++ b/config/build-nagios @@ -0,0 +1,459 @@ +#!/usr/bin/ruby + +# build nagios and nrpe config from a single master config file + +# Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +require "yaml" + +ORG="dsa" +SHORTORG="dsa" +GENERATED_PREFIX="./generated/" + +nagios_filename = {}; +%w(hosts hostgroups services dependencies hostextinfo serviceextinfo servicegroups).each{ + |x| nagios_filename[x] = GENERATED_PREFIX+"auto-#{x}.cfg" +} +nagios_filename['nrpe'] = GENERATED_PREFIX+"nrpe_#{ ORG }.cfg" + + +MAX_CHECK_ATTEMPTS_DEFAULT=6 + +NRPE_CHECKNAME="#{ ORG }_check_nrpe" # check that takes one argument: service name to be checked +NRPE_CHECKNAME_HOST="#{ ORG }_check_nrpe_host" # check that takes two arguments: relay host on which to run check, service name to be checked + +HOST_TEMPLATE_NAME='generic-host' # host templates that all our host definitions use +SERVICE_TEMPLATE_NAME='generic-service' # host templates that all our host definitions use +HOST_ALIVE_CHECK='check-host-alive' # host alive check if server is pingable +NRPE_PROCESS_SERVICE='process - nrpe' # nrpe checks will depend on this one + + +def warn (msg) + STDERR.puts msg +end +def set_if_unset(hash, key, value) + hash[key] = value unless hash.has_key?(key) +end +def set_complain_if_set(hash, key, value, type, name) + throw "#{type} definition '#{name}' has '#{key}' already defined" if hash.has_key?(key) + hash[key] = value +end + +# Make an array out of something. If there is nothing, create an empty array +# if it is just a string, make a list with just that element, if it already is +# an array keep it. +def ensure_array(something) + if (something == nil) + result = [] + elsif something.kind_of?(String) + result = [ something ] + elsif something.kind_of?(Array) + result = something + else + throw "Do now know how to make an array out of #{something}: " + something.to_yaml + end + return result +end + + +# This class keeps track of the checks done via NRPE and makes sure +# each gets a unique name. +# +# Unforutunately NRPE limits check names to some 30 characters, so +# we need to mangle service names near the end. +class Nrpe + def initialize + @checks = {} + end + + def make_name( name, check ) + name = name.tr_s("^a-zA-Z", "_").gsub("process", "ps") + + result = "#{ SHORTORG }_" + name[0,19] + + hash = '' + skew = '' + while (@checks.has_key?(result + hash)) + # hash it, so that we don't lose uniqeness by cutting it off + hash = (check+skew).crypt("$1$") + hash = hash[-5,5] # 5 chars are enough + hash.tr!("/", "_") + skew += ' ' # change it a bit so the hash changes + end + result += hash + return result # max of 32 or so chars + end + + def add( name, check ) + if @checks.has_value? check + @checks.each_pair{ |key, value| + return key if value == check + } + end + key = make_name(name, check) + @checks[ key ] = check + return key + end + + def checks + return @checks + end +end +$nrpe = Nrpe.new() + + +# Prints the keys and values of hash to a file +# This is the function that prints the bodies of most our +# host/service/etc definitions +# +# It skips over such keys as are listed in exclude_keys +# and also skips private keys (those starting with an underscre) +def print_block(fd, kind, hash, exclude_keys) + fd.puts "define #{kind} {" + hash.each_pair{ |key, value| + next if key[0,1] == '_' + next if exclude_keys.include? key + fd.puts " #{key} #{value}" + } + fd.puts "}" + fd.puts +end + +def merge_contacts(host, service) + %w{contacts contact_groups}.each{ |k| + contacts = [] + [host, service].each{ |source| + contacts.push source[k] if source.has_key?(k) + } + service[k] = contacts.join(",") unless contacts.empty? + } +end + +# Add the service definition service to hosts +# f is the file for service definitions, deps the file for dependencies +def addService(hosts, service, files, servers) + + set_if_unset service, 'use' , SERVICE_TEMPLATE_NAME + set_if_unset service, 'max_check_attempts', MAX_CHECK_ATTEMPTS_DEFAULT + + service['max_check_attempts'] = MAX_CHECK_ATTEMPTS_DEFAULT + service['max_check_attempts'] if service['max_check_attempts'] < 0 + + if service['nrpe'] + throw "We already have a check_command (#{service['check_command']}) but we are in the NRPE block (nrpe: #{service['nrpe']})."+ + " This should have been caught much earlier" if service.has_key?('check_command'); + + check = $nrpe.add(service['service_description'], service['nrpe']) + service['check_command'] = "#{ NRPE_CHECKNAME }!#{ check }" + + service['depends'] = ensure_array( service['depends'] ) + service['depends'] << NRPE_PROCESS_SERVICE unless service['service_description'] == NRPE_PROCESS_SERVICE # Depend on NRPE unless we are it + end + + hosts.each{ |host| + s = service.clone + set_complain_if_set s, 'host_name', host, 'Service', s['service_description'] + merge_contacts(servers[host], s) + + print_block files['services'], 'service', s, %w(nrpe runfrom remotecheck + depends + hosts hostgroups excludehosts excludehostgroups) + } + + if service['depends'] + service['depends'].each{ |prerequisite| + hosts.each{ |host| + prerequisite_host = host + pre = prerequisite + # split off a hostname if there's one + bananasplit = prerequisite.split(':') + if bananasplit.size == 2 + prerequisite_host = bananasplit[0] + pre = bananasplit[1] + elsif bananasplit.size > 2 + throw "Cannot prase prerequisite #{prerequisite} for service #{service['service_description']} into host:service" + end + dependency = { + 'host_name' => prerequisite_host, + 'service_description' => pre, + 'dependent_host_name' => host, + 'dependent_service_description' => service['service_description'], + 'execution_failure_criteria' => 'n', + 'notification_failure_criteria' => 'w,u,c' + }; + print_block files['dependencies'], 'servicedependency', dependency, %w() + } + } + end + + + set_complain_if_set service['_extinfo'], 'service_description' , service['service_description'], 'serviceextinfo', service['service_description'] + set_complain_if_set service['_extinfo'], 'host_name' , hosts.join(',') , 'serviceextinfo', service['service_description'] + + print_block files['serviceextinfo'], 'serviceextinfo', service['_extinfo'], %w() +end + +# hostlists in services can be given as both, single hosts and hostgroups +# This functinn merges hostgroups and a simple list of hosts +# +# it also takes a prefix so that it can be used for excludelists as well +def merge_hosts_and_hostgroups(service, servers, hostgroups, prefix) + hosts = [] + hosts = service[prefix+'hosts'].split(/,/).map{ |x| x.strip } if service[prefix+'hosts'] + hosts.each{ |host| + throw "host #{host} does not exist - used in service #{service['service_description']}" unless servers[host] + }; + if service[prefix+'hostgroups'] + service[prefix+'hostgroups'].split(/,/).map{ |x| x.strip }.each{ |hg| + throw "hostgroup #{hg} does not exist - used in service #{service['service_description']}" unless hostgroups[hg] + hosts = hosts.concat hostgroups[hg]['_memberlist'] + } + end + + return hosts +end + +# Figure out the hosts a given service applies to +# +# For a given service find the list of hosts minus excluded hosts that this service runs on +def find_hosts(service, servers, hostgroups) + hosts = merge_hosts_and_hostgroups service, servers, hostgroups, '' + excludehosts = merge_hosts_and_hostgroups service, servers, hostgroups, 'exclude' + + excludehosts.each{ |host| + if hosts.delete(host) == nil + throw "Cannot remove host #{host} from service #{service['service_description']}: it's not included anyway or excluded twice." + end + } + + return hosts +end + +# Move all elements that have a key that starts with "extinfo-" +# into the _extinfo subhash +def split_away_extinfo(hash) + hash['_extinfo'] = {} + hash.keys.each{ |key| + if key[0, 8] == 'extinfo-' + hash['_extinfo'][ key[8, key.length-8] ] = hash[key] + hash.delete(key); + end + } +end + + +############################################################################################# +############################################################################################# +############################################################################################# + +# Load the config +config = YAML::load( File.open( 'nagios-master.cfg' ) ) + +files = {} +# Remove old created files +nagios_filename.each_pair{ |name, filename| + files[name] = File.new(filename, "w") +} + +################################# +# create a few hostgroups +################################# +# create the "all" and "pingable" hostgroups +config['hostgroups']['all'] = {} +config['hostgroups']['all']['alias'] = "all servers" +config['hostgroups']['all']['private'] = true +config['hostgroups']['pingable'] = {} +config['hostgroups']['pingable']['alias'] = "pingable servers" +config['hostgroups']['pingable']['private'] = true + +config['hostgroups'].each_pair{ |name, hg| + throw "Empty hostgroup or hostgroup #{name} not a hash" unless hg.kind_of?(Hash) + split_away_extinfo hg + + hg['_memberlist'] = [] +} + +config['servers'].each_pair{ |name, server| + throw "Empty server or server #{name} not a hash" unless server.kind_of?(Hash) + + split_away_extinfo server + + throw "No hostgroups defined for #{name}" unless server['hostgroups'] + server['_hostgroups'] = server['hostgroups'].split(/,/).map{ |x| x.strip }; + server['_hostgroups'] << 'all' + server['_hostgroups'] << 'pingable' unless server['pingable'] == false + + server['_hostgroups'].each{ |hg| + throw "Hostgroup #{hg} is not defined" unless config['hostgroups'].has_key?(hg) + config['hostgroups'][hg]['_memberlist'] << name + }; +} + +config['servicegroups'] = {} unless config.has_key? 'servicegroups' + +############## +# HOSTS +############## +config['servers'].each_pair{ |name, server| + # Formerly we used 'ip' instead of 'address' in our source file + # Handle this change but warn XXX + if server.has_key?('ip') + STDERR.puts("Host definition for #{name} has an 'ip' field. Please use 'address' instead"); + server['address'] = server['ip']; + server.delete('ip'); + end + + set_complain_if_set server, 'host_name' , name, 'Host', name + set_if_unset server, 'alias' , name + set_if_unset server, 'use' , HOST_TEMPLATE_NAME + set_if_unset server, 'check_command', HOST_ALIVE_CHECK unless server['pingable'] == false + + print_block files['hosts'] , 'host' , server , %w(hostgroups pingable) + + + + # Handle hostextinfo + #config['hostgroups'][ server['_hostgroups'].first ]['_extinfo'].each_pair{ |k, v| + # find the first hostgroup that has extinfo + extinfo = server['_hostgroups'].collect{ |hgname | config['hostgroups'][hgname]['_extinfo'] }.delete_if{ |ei| ei.size == 0 }.first + if extinfo then + extinfo.each_pair do |k, v| + # substitute hostname into the notes_url + v = sprintf(v,name) if k == 'notes_url' + + set_if_unset server['_extinfo'], k ,v + end + end + + set_complain_if_set server['_extinfo'], 'host_name' , name, 'hostextinfo', name + set_if_unset server['_extinfo'], 'vrml_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image') + set_if_unset server['_extinfo'], 'statusmap_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image') + + print_block files['hostextinfo'], 'hostextinfo', server['_extinfo'], %w() +} + + + +############## +# HOSTGROUPS +############## +config['hostgroups'].each_pair{ |name, hg| + next if hg['private'] + + set_complain_if_set hg, 'hostgroup_name', name , 'Hostgroup', name + set_complain_if_set hg, 'members' , hg['_memberlist'].join(","), 'Hostgroup', name + + print_block files['hostgroups'], 'hostgroup', hg, %w() +} + + +############## +# SERVICES and DEPENDENCIES +############## +config['services'].each{ |service| + throw "Empty service or service not a hash" unless service.kind_of?(Hash) + + split_away_extinfo service + + + # Both 'name' and 'service_description' are valid for a service's name + # Internally we only use service_description as that's nagios' official term + if service.has_key?('name') + throw "Service definition has both a name (#{service['name']})" + + "and a service_description (#{service['service_description']})" if service.has_key?('service_description') + #STDERR.puts("Service definition #{service['name']} has a 'name' field. Please use 'service_description' instead"); + service['service_description'] = service['name']; + service.delete('name'); + end + # Both 'check' and 'check_command' are valid for a service's check command + # Internally we only use check_command as that's nagios' official term + if service.has_key?('check') + throw "Service definition has both a check (#{service['check']})" + + "and a check_command (#{service['check_command']})" if service.has_key?('check_command') + #STDERR.puts("Service definition #{service['service_description']} has a 'check' field. Please use 'check_command' instead"); + service['check_command'] = service['check']; + service.delete('check'); + end + + + hosts = find_hosts service, config['servers'], config['hostgroups'] + throw "no hosts for service #{service['service_description']}" if hosts.empty? + + throw "nrpe, check, and remotecheck are mutually exclusive in service #{service['service_description']}" if + (service['nrpe'] ? 1 : 0) + + (service['check_command'] ? 1 : 0) + + (service['remotecheck'] ? 1 : 0) >= 2 + + if service['runfrom'] && service['remotecheck'] + # If the service check is to be run from a remote monitor server ("relay") + # add that as an NRPE check to be run on the relay and make this + # service also depend on NRPE on the relay + relay = service['runfrom'] + + hosts.each{ |host| + # how to recursively copy this thing? + hostservice = YAML::load( service.to_yaml ) + host_ip = config['servers'][host]['address'] + throw "For some reason I do not have an address for #{host}. This shouldn't be." unless host_ip + + remotecheck = hostservice['remotecheck'] + remotecheck.gsub!(/\$HOSTADDRESS\$/, host_ip) + remotecheck.gsub!(/\$HOSTNAME\$/, host) + check = $nrpe.add("#{host}_#{hostservice['service_description']}", remotecheck) + hostservice['check_command'] = "#{NRPE_CHECKNAME_HOST}!#{ config['servers'][ relay ]['address'] }!#{ check }" + + # Make sure dependencies are an array. If there are none, create an empty array + # if depends is just a string, make a list with just that element + hostservice['depends'] = ensure_array( hostservice['depends'] ) + # And append this new dependency + hostservice['depends'] << "#{ relay }:#{ NRPE_PROCESS_SERVICE }"; + + addService( [ host ], hostservice, files, config['servers']) + } + elsif service['runfrom'] || service['remotecheck'] + throw "runfrom and remotecheck must either appear both or not at all in service #{service['service_description']}" + throw "must not remotecheck without runfrom" if service['remotecheck'] + else + addService(hosts, service, files, config['servers']) + end +} + + + +############## +# SERVICEGROUPS +############## +config['servicegroups'].each_pair{ |name, sg| + set_complain_if_set sg, 'servicegroup_name', name , 'Servicegroup', name + + print_block files['servicegroups'], 'servicegroup', sg, %w() +} + + +############## +# NRPE config file +############## +$nrpe.checks.each_pair{ |name, check| + files['nrpe'].puts "command[#{ name }]=#{ check }" +} + + diff --git a/config/checkcommands.cfg b/config/checkcommands.cfg new file mode 100644 index 0000000..9811089 --- /dev/null +++ b/config/checkcommands.cfg @@ -0,0 +1,62 @@ +# if you read this in /etc/nagios-plugins/config/local-dsa-checkcommands.cfg +# please note: this file is maintained in bzr and overwritten in the +# make install target +# +# edit the copy in bzr instead, see /etc/nagios3/README-DSA +# +define command { + command_name dsa_check_nrpe + command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $HOSTADDRESS$ -t 50 -c $ARG1$ +} +define command { + command_name dsa_check_nrpe_host + command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $ARG1$ -c $ARG2$ +} +define command{ + command_name dsa_check_cert + command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -p $ARG1$ -S -C 14 +} +define command{ + command_name dsa_check_http_port + command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$ -p $ARG1$ +} +define command{ + command_name dsa_check_smtp + command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ +} +define command{ + command_name dsa_check_smtp_port + command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p $ARG1$ +} +define command{ + command_name dsa_check_ssh + command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ +} +define command{ + command_name dsa_check_ssh_port + command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$ +} +define command{ + command_name dsa_check_ssh_port_version + command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$ -r "$ARG2$" +} +define command{ + command_name dsa_check_time + command_line /usr/lib/nagios/plugins/check_time -w 5 -c 60 -H $HOSTADDRESS$ +} +define command{ + command_name dsa_check_mirrorsync + command_line /usr/lib/nagios/plugins/dsa-check-mirrorsync --host "$ARG1$" --path "$ARG2$" +} +define command{ + command_name dsa_check_soas + command_line /usr/lib/nagios/plugins/dsa-check-soas "$ARG1$" +} +define command{ + command_name dsa_check_soas_add + command_line /usr/lib/nagios/plugins/dsa-check-soas -a "$ARG1$" "$ARG2$" +} +define command{ + command_name dsa_check_always_ok + command_line /bin/true +} diff --git a/config/nagios-conf/contacs.cfg b/config/nagios-conf/contacs.cfg new file mode 100644 index 0000000..6c36d24 --- /dev/null +++ b/config/nagios-conf/contacs.cfg @@ -0,0 +1,136 @@ +define contact{ + contact_name weasel + alias Peter Palfrader + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email debian-nagios@palfrader.org + } + +define contact{ + contact_name joerg + alias Joerg Jaspert + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email debiannagios@ganneff.de + } + +define contact{ + contact_name tjrc1 + alias Tim Cutts + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email tjrc@sanger.ac.uk + } + +define contact{ + contact_name holger + alias Holger Levsen + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email holger@layer-acht.org + } + +define contact{ + contact_name dannf + alias Dann Frazier + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email dannf@hp.com + } + +define contact{ + contact_name bzed + alias Bernd Zeimetz + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email bernd+debnagios@bzed.de + } + +define contact{ + contact_name luk + alias Luk Claes + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email luk.claes@ugent.be + } + +define contact{ + contact_name sfrost + alias Stephen Frost + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email sfrost@snowman.net + } + +define contact{ + contact_name lfilipoz + alias Luca Filipozzi + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email lucaf+dsa@ece.ubc.ca + } + +define contact{ + contact_name zobel + alias Martin Zobel-Helas + service_notification_period 24x7 + host_notification_period 24x7 + service_notification_options w,u,c,r + host_notification_options d,r + service_notification_commands notify-service-by-email + host_notification_commands notify-host-by-email + email zobel+debian-nagios@ftbfs.de + } + +############################################################################### +############################################################################### +# +# CONTACT GROUPS +# +############################################################################### +############################################################################### + +# We only have one contact in this simple configuration file, so there is +# no need to create more than one contact group. + +define contactgroup{ + contactgroup_name dsa + alias Debian System Administrators + members weasel, zobel + } diff --git a/config/nagios-conf/generic-host.cfg b/config/nagios-conf/generic-host.cfg new file mode 100644 index 0000000..02d157e --- /dev/null +++ b/config/nagios-conf/generic-host.cfg @@ -0,0 +1,19 @@ +# Generic host definition template - This is NOT a real host, just a template! + +define host{ + name generic-host ; The name of this host template + notifications_enabled 1 ; Host notifications are enabled + event_handler_enabled 1 ; Host event handler is enabled + flap_detection_enabled 1 ; Flap detection is enabled + failure_prediction_enabled 1 ; Failure prediction is enabled + process_perf_data 1 ; Process performance data + retain_status_information 1 ; Retain status information across program restarts + retain_nonstatus_information 1 ; Retain non-status information across program restarts + check_command check-host-alive + max_check_attempts 10 + notification_interval 1440 + notification_period 24x7 + notification_options d,u,r + contact_groups dsa + register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE! + } diff --git a/config/nagios-conf/generic-service.cfg b/config/nagios-conf/generic-service.cfg new file mode 100644 index 0000000..17ccbe2 --- /dev/null +++ b/config/nagios-conf/generic-service.cfg @@ -0,0 +1,26 @@ +# generic service template definition +define service{ + name generic-service ; The 'name' of this service template + active_checks_enabled 1 ; Active service checks are enabled + passive_checks_enabled 1 ; Passive service checks are enabled/accepted + parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems) + obsess_over_service 1 ; We should obsess over this service (if necessary) + check_freshness 0 ; Default is to NOT check service 'freshness' + notifications_enabled 1 ; Service notifications are enabled + event_handler_enabled 1 ; Service event handler is enabled + flap_detection_enabled 1 ; Flap detection is enabled + failure_prediction_enabled 1 ; Failure prediction is enabled + process_perf_data 1 ; Process performance data + retain_status_information 1 ; Retain status information across program restarts + retain_nonstatus_information 1 ; Retain non-status information across program restarts + notification_interval 0 ; Only send notifications on status change by default. + is_volatile 0 + check_period 24x7 + normal_check_interval 15 + retry_check_interval 2 + max_check_attempts 6 + notification_period 24x7 + notification_options w,u,c,r + contact_groups dsa + register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE! + } diff --git a/config/nagios-conf/timeperiods.cfg b/config/nagios-conf/timeperiods.cfg new file mode 100644 index 0000000..084c2f4 --- /dev/null +++ b/config/nagios-conf/timeperiods.cfg @@ -0,0 +1,24 @@ +############################################################################### +# timeperiods.cfg +############################################################################### + +# This defines a timeperiod where all times are valid for checks, +# notifications, etc. The classic "24x7" support nightmare. :-) + +define timeperiod{ + timeperiod_name 24x7 + alias 24 Hours A Day, 7 Days A Week + sunday 00:00-24:00 + monday 00:00-24:00 + tuesday 00:00-24:00 + wednesday 00:00-24:00 + thursday 00:00-24:00 + friday 00:00-24:00 + saturday 00:00-24:00 + } + +# This one is a favorite: never :) +define timeperiod{ + timeperiod_name never + alias Never + } diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg new file mode 100644 index 0000000..6307604 --- /dev/null +++ b/config/nagios-master.cfg @@ -0,0 +1,1804 @@ +# Non comment lines are YAML +# +# Strings ought to be in double quotes, but it works in most cases if they aren't :) +# +# vim:set syntax=yaml: + +# TODO +# - spohr: hpasmd +# - *: mailq +# - *: check munin stats collection works +# - *: check backups are successful +# - *: unwanted: network: auth, discard, daytime, time (on some), cvs-pserver, rsync (on some), ftp (on some), http (on some) +# - verdi: pg upgrade, openvpn +# - mundy: salinfo_decode + +# down: +# - sarti +# - leisner + +--- +############################# +# hosts +############################# +servers: + gw-man-da: + address: 82.195.75.126 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + contacts: joerg, bzed + gw-HP-ftc: + address: 192.25.206.1 + parents: samosa + hostgroups: routing-infrastructure + gw-brainfood: + address: 70.103.162.1 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-brown.edu: + address: 128.148.34.1 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-osuosl: + address: 140.211.166.1 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-scanplus-villa: + address: 212.211.132.1 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-scanplus-lobos: + address: 212.211.132.249 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-mit-csail: + address: 128.30.0.254 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-xs4all: + address: 194.109.137.217 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-umn.edu: + address: 128.101.240.222 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-dg-i.net: + address: 93.94.130.190 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + contacts: bzed + gw-freenet: + address: 62.104.23.249 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-topalis: + address: 195.243.109.254 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-sanger: + address: 193.62.202.18 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + contacts: tjrc1 + gw-lrz: + address: 129.187.0.150 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-frost: + address: 130.81.242.195 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-1und1: + address: 195.20.247.54 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + contacts: joerg + gw-1und1-karlsruhe: + address: 212.227.120.29 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-blackcat: + address: 193.201.200.129 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-xandros: + address: 67.210.160.81 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-nmmn: + address: 217.114.76.81 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-utwente: + address: 130.89.149.1 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + #gw-ughent: + # address: 157.193.39.254 + # parents: gw-HP-ftc + # hostgroups: routing-infrastructure + gw-agnesi: + address: 65.173.90.18 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-ubc: + address: 137.82.84.94 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + contacts: lfilipoz + gw-carnet: + address: 161.53.160.1 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-telegraaf: + address: 82.94.249.153 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-helsinki: + address: 128.214.173.25 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + contacts: holger + gw-telefonica: + address: 195.71.99.193 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-ball: + address: 78.32.9.209 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-cst: + address: 213.188.99.215 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-isc: + address: 149.20.20.1 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + gw-aca: + address: 130.239.18.97 + parents: gw-HP-ftc + hostgroups: routing-infrastructure + + global: + hostgroups: notacomputer + pingable: false + check_command: dsa_check_always_ok + + samosa: + address: 192.25.206.57 + hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, heavy-exim, lenny, puppet + raff: + address: 192.25.206.59 + parents: samosa + hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, rsyncd-hosts, heavy-exim, ulogd-hosts, nfs-client, lenny, puppet + gluck: + address: 192.25.206.10 + parents: samosa + hostgroups: computers, no-udev, general, dl380, apache2-hosts, bind9-hosts, heavy-exim, highload, nfs-client, ulogd-hosts, lenny, puppet + merkel: + address: 192.25.206.16 + parents: samosa + hostgroups: computers, general, apache1-hosts, apache2-hosts, rsyncd-hosts, sw-raid, postgres81-hosts, heavy-exim, nfs-client, ulogd-hosts, lenny, puppet + spohr: + address: 192.25.206.33 + parents: samosa + hostgroups: computers, service, dl380, apache2-hosts, postgres83-hosts, ulogd-hosts, nfs-server, lenny, puppet + peri: + address: 192.25.206.15 + parents: samosa + hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet + contacts: dannf + penalosa: + address: 192.25.206.68 + parents: samosa + hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet + contacts: dannf + mundy: + address: 192.25.206.62 + parents: samosa + hostgroups: computers, buildd, lenny, puppet + paer: + address: 192.25.206.11 + parents: samosa + hostgroups: computers, porterbox, lenny, hasbootfs, puppet + merulo: + address: 192.25.206.58 + parents: samosa + hostgroups: computers, porterbox, lenny, puppet + + bartok: + address: 82.195.75.91 + parents: gw-man-da + hostgroups: computers, service, dl385, bind9-hosts, lenny, puppet + contacts: joerg, bzed + morales: + address: 82.195.75.97 + parents: gw-man-da + hostgroups: computers, porterbox, single-cpu, no-samhain, hasbootfs + contacts: bzed + sperger: + address: 82.195.75.98 + parents: gw-man-da + hostgroups: computers, porterbox, sw-raid, hasbootfs, lenny, puppet + contacts: bzed + agricola: + address: 82.195.75.86 + parents: gw-man-da + hostgroups: computers, porterbox, sw-raid, single-cpu, lenny, puppet + contacts: bzed + arcadelt: + address: 82.195.75.87 + parents: gw-man-da + hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet + contacts: bzed + liszt: + address: 82.195.75.100 + parents: gw-man-da + hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts, dl385, acpid-hosts + contacts: bzed +# auber: +# address: 82.195.75.101 +# parents: gw-man-da +# hostgroups: computers, no-udev, buildd, sw-raid +# contacts: bzed + unger: + address: 82.195.75.102 + parents: gw-man-da + hostgroups: computers, service, dl360, rsyslog-hosts, acpid-hosts, lenny, puppet + handel: + address: 82.195.75.104 + parents: unger + hostgroups: computers, service, rsyslog-hosts, acpid-hosts, lenny, hasbootfs, puppet + + geo1: + address: 82.195.75.105 + parents: unger + hostgroups: computers, service, acpid-hosts, lenny, hasbootfs, puppet + + master: + address: 70.103.162.29 + parents: gw-brainfood + hostgroups: computers, general, apache2-hosts, bind9-hosts, heavy-exim, highload, lenny, puppet + murphy: + address: 70.103.162.31 + parents: gw-brainfood + hostgroups: computers, general, postfix-hosts, dl380, acpid-hosts, lenny, puppet + + ries: + address: 128.148.34.103 + parents: gw-brown.edu + hostgroups: computers, service, apache2-hosts, bind9-hosts, ftpd-hosts, dl385, rsyncd-hosts, postgres83-hosts, heavy-exim, acpid-hosts, lenny, puppet + + mayer: + address: 140.211.166.78 + parents: gw-osuosl + hostgroups: computers, buildd, hasbootfs, lenny, puppet + mayr: + address: 140.211.166.58 + parents: gw-osuosl + hostgroups: computers, buildd, hasbootfs, lenny, puppet + malo: + address: 140.211.166.27 + parents: gw-osuosl + hostgroups: computers, buildd, lenny, puppet, smart + rietz: + address: 140.211.166.43 + parents: gw-osuosl + hostgroups: computers, no-udev, service, apache2-hosts, bind9-hosts, rsyncd-hosts, dl385, heavy-exim, highload, hasbootfs + rietz2: + address: 140.211.166.44 + parents: rietz + hostgroups: secondary-IPs + + villa: + address: 212.211.132.32 + parents: gw-scanplus-villa + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet + lobos: + address: 212.211.132.250 + parents: gw-scanplus-lobos + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet + + steffani: + address: 128.31.0.36 + parents: gw-mit-csail + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, sw-raid, bind9-hosts, acpid-hosts, hasbootfs, lenny, puppet + mahler: + address: 128.31.0.46 + parents: gw-mit-csail + hostgroups: computers, single-cpu, lenny, porterbox, rsyslog-hosts, puppet + + klecker: + address: 194.109.137.218 + parents: gw-xs4all + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, bind9-hosts, dl385, postgres83-hosts, heavy-exim, lenny, puppet + + saens: + address: 128.101.240.212 + parents: gw-umn.edu + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet + + argento: + address: 93.94.130.160 + parents: gw-dg-i.net + hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet + contacts: bzed + + widor: + address: 93.94.130.161 + parents: gw-dg-i.net + hostgroups: computers, apache2-hosts, sw-raid, single-cpu, lenny, puppet, rsyslog-hosts, acpid-hosts + contacts: bzed + + pergolesi: + address: 62.104.23.252 + parents: gw-freenet + hostgroups: computers, porterbox, sw-raid, lenny, puppet + + raptor: + address: 195.243.109.162 + parents: gw-topalis + hostgroups: computers, porterbox, postfix-hosts, lenny + + albeniz: + address: 193.62.202.27 + parents: gw-sanger + # SMP kernel doesn't run stable + hostgroups: computers, porterbox, sw-raid, single-cpu, hasbootfs, lenny, puppet + contacts: tjrc1 + goetz: + address: 193.62.202.26 + parents: gw-sanger + # SMP kernel doesn't run stable + hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet + contacts: tjrc1 + smetana: + address: 193.62.202.29 + parents: gw-sanger + hostgroups: computers, porterbox, sw-raid, lenny, puppet + contacts: tjrc1 + + verdi: + address: 192.54.42.193 + parents: gw-lrz + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, postgres81-hosts, postfix-hosts + + voltaire: + address: 72.66.115.54 + parents: gw-frost + hostgroups: computers, buildd, puppet, lenny + contacts: sfrost + + puccini: + address: 87.106.4.56 + parents: gw-1und1 + hostgroups: computers, buildd, lenny, rsyslog-hosts, ulogd-hosts, puppet + contacts: joerg + powell: + address: 87.106.64.223 + parents: gw-1und1 + hostgroups: computers, service, heavy-exim, rsyncd-hosts, ulogd-hosts, acpid-hosts, lenny, puppet + contacts: joerg + + schumann: + address: 212.227.126.54 + parents: gw-1und1-karlsruhe + hostgroups: computers, acpid-hosts, ulogd-hosts, lenny, puppet + wieck: + address: 195.20.242.89 + parents: gw-1und1-karlsruhe + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, ulogd-hosts, lenny, puppet + chopin: + address: 195.20.242.124 + parents: schumann + hostgroups: computers, ulogd-hosts, lenny, puppet, rsyslog-hosts + + caballero: + address: 193.201.200.200 + parents: gw-blackcat + hostgroups: computers, no-udev, buildd, sw-raid, lenny, puppet + + elara: + address: 67.210.160.90 + parents: gw-xandros + hostgroups: deadslow + europa: + address: 67.210.160.89 + parents: gw-xandros + hostgroups: deadslow + + kullervo: + address: 217.114.76.82 + parents: gw-nmmn + hostgroups: deadslow + contacts: luk + crest: + address: 217.114.76.83 + parents: gw-nmmn + hostgroups: deadslow + contacts: luk + pescetti: + address: 217.114.76.85 + parents: gw-nmmn + hostgroups: computers, porterbox, single-cpu, smart, lenny, puppet + + kassia: + address: 130.89.149.224 + parents: gw-utwente + hostgroups: computers, service, postfix-hosts, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl360, acpid-hosts, ulogd-hosts, lenny, puppet + kassia-sec: + address: 130.89.149.225 + parents: kassia + hostgroups: secondary-IPs + kassia-ftp: + address: 130.89.149.226 + parents: kassia + hostgroups: secondary-IPs + kassia4: + address: 130.89.149.227 + parents: kassia + hostgroups: secondary-IPs + + allegri: + address: 157.193.39.233 + parents: gw-HP-ftc + hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu, lenny, puppet + contacts: luk + + agnesi: + address: 65.173.90.83 + parents: gw-agnesi + hostgroups: deadslow, lenny + + spontini: + address: 137.82.84.65 + parents: gw-ubc + hostgroups: computers, buildd, hasbootfs, lenny, puppet + contacts: lfilipoz + ravel: + address: 137.82.84.66 + parents: gw-ubc + hostgroups: computers, general, dl385, apache2-hosts, acpid-hosts, ftpd-hosts, hasbootfs, lenny, puppet + dijkstra: + address: 137.82.84.70 + parents: gw-ubc + hostgroups: computers, bl460, rsyslog-hosts, acpid-hosts, lenny, puppet + + lebrun: + address: 193.198.184.10 + parents: gw-carnet + hostgroups: computers, buildd, sw-raid, lenny, rsyslog-hosts, puppet + schroeder: + address: 193.198.184.11 + parents: gw-carnet + hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet + + tartini: + address: 82.94.249.158 + parents: gw-telegraaf + hostgroups: computers, sw-raid, apache2-hosts, mysql-hosts, hasbootfs + + piatti: + address: 193.167.161.225 + parents: gw-helsinki + hostgroups: computers, postfix-hosts, dl385, ulogd-hosts, acpid-hosts, apache2-hosts, postgres83-hosts, lenny, hasbootfs, puppet + contacts: holger + + rem: + address: 195.71.99.217 + parents: gw-telefonica + hostgroups: computers, buildd, hasbootfs, lenny, puppet + + ball: + address: 78.32.9.213 + parents: gw-ball + hostgroups: computers, buildd, no-udev, dialup, hasbootfs, lenny, puppet + + zelenka: + address: 80.245.147.40 + parents: gw-HP-ftc + hostgroups: computers, porterbox, lenny, puppet + + escher: + address: 213.188.99.215 + parents: gw-cst + hostgroups: computers, single-cpu, hasbootfs + goedel: + address: 213.188.99.214 + parents: gw-cst + hostgroups: computers, single-cpu, hasbootfs, lenny, puppet + + schein: + address: 149.20.20.6 + parents: gw-isc + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, lenny, rsyslog-hosts, puppet, dl360 + + praetorius: + address: 130.239.18.121 + parents: gw-aca + hostgroups: computers, buildd, rsyslog-hosts, lenny, puppet + +############################# +# host groups +# +# hostgroups ircd and all are automatically defined +# +############################# +hostgroups: + computers: + alias: computers + private: 1 + routing-infrastructure: + alias: Internet routers and friends + extinfo-icon_image: base/switch40.png + extinfo-icon_image_alt: router + notacomputer: + alias: Systems that are not really systems. Yeah :) + private: 1 + deadslow: + alias: Systems too slow to run any real checks + dialup: + alias: Systems with slow network + + porterbox: + alias: developer accessible porter machines + extinfo-icon_image: base/debian.png + extinfo-icon_image_alt: Debian GNU/Linux + extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s + service: + alias: machines running services + extinfo-icon_image: base/debian.png + extinfo-icon_image_alt: Debian GNU/Linux + extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s + buildd: + alias: buildd systems + extinfo-icon_image: base/debian.png + extinfo-icon_image_alt: Debian GNU/Linux + extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s + general: + alias: general purpose developer accessible machines + extinfo-icon_image: base/debian.png + extinfo-icon_image_alt: Debian GNU/Linux + extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s + puppet: + alias: Hosts running puppet + extinfo-icon_image: base/debian.png + extinfo-icon_image_alt: Debian GNU/Linux + extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s + + dl380: + alias: HP DL380 hosts + private: 1 + dl385: + alias: HP DL385 hosts + private: 1 + dl360: + alias: HP DL360 hosts + private: 1 + bl460: + alias: HP BL460 blades + private: 1 + sw-raid: + alias: Hosts with Linux software raid + private: 1 + single-cpu: + alias: Hosts with only one CPU + private: 1 + + lenny: + alias: Hosts running lenny, not etch + private: 1 + + no-samhain: + alias: hosts not running samhain properly + private: 1 + + #syslog-ng-hosts: + # alias: hosts running syslog-ng instead of sysklogd + # private: 1 + rsyslog-hosts: + alias: hosts running rsyslogd instead of sysklogd + private: 1 + postfix-hosts: + alias: hosts running postfix instead of exim + private: 1 + heavy-exim: + alias: "hosts running the full mail stuff, including clamav, SA, and postgrey" + private: 1 + heavy-postfix: + alias: "postfix hosts running the full mail stuff, including clamav, SA, postgrey, policyd-weight" + private: 1 + apache2-hosts: + alias: hosts running apache2 + private: 1 + apache1-hosts: + alias: hosts running apache1 + private: 1 + bind9-hosts: + alias: hosts running bind9 + private: 1 + amavis-hosts: + alias: hosts running amavis + private: 1 + ftpd-hosts: + alias: hosts running vsftpd + private: 1 + #tftpd-hosts: + # alias: hosts running a tftpd (tftpd-hpa as a daemon) + # private: 1 + rsyncd-hosts: + alias: hosts providing rsync services via xinetd + private: 1 + postgres81-hosts: + alias: hosts running postgres81 + private: 1 + postgres83-hosts: + alias: hosts running postgres83 + private: 1 + mysql-hosts: + alias: hosts running mysql + private: 1 + no-udev: + alias: hosts not using udev + private: 1 + ulogd-hosts: + alias: hosts running ulogd + private: 1 + acpid-hosts: + alias: hosts running acpid + private: 1 + + nfs-client: + alias: hosts mounting filesystems using NFS + private: 1 + nfs-server: + alias: hosts serving filesystems using NFS + private: 1 + + highload: + alias: "hosts on which high load is normal" + private: 1 + + secondary-IPs: + alias: secondary IP addresses + private: 1 + + smart: + alias: hosts with smartd + private: 1 + hasbootfs: + alias: hosts with a /boot + private: 1 + + +############################# +# servicegroups +############################# +servicegroups: + diskspace: + alias: diskusage checks + buildd: + alias: buildd checks + raid: + alias: raid checks + kernel: + alias: kernel checks + weaksshkeys: + alias: weak ssh keys + apt: + alias: apt upgrade status + samhain: + alias: samhain integrity status + security: + alias: security + servicegroup_members: apt, weaksshkeys, kernel, samhain + +############################# +# services +############################# +services: + - + name: PING + check: "check_ping!300.0,20%!600.0,40%" + hostgroups: pingable + excludehostgroups: routing-infrastructure, dialup + normal_check_interval: 5 + max_check_attempts: 4 + retry_check_interval: 1 + - + name: PING + check: "check_ping!2000.0,60%!3000.0,80%" + hostgroups: routing-infrastructure, dialup + normal_check_interval: 5 + max_check_attempts: 4 + retry_check_interval: 1 + + ############ Services ############ + ### + + ############ Disk Usage ############ + #### + - + name: disk usage - all + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk -X devpts -X proc 90 95" + hostgroups: computers + - + name: disk usage on / + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /" + hostgroups: computers + excludehosts: ries, klecker + - + name: disk usage on / + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /" + hosts: ries, klecker + - + name: disk usage on /boot + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /boot" + hostgroups: hasbootfs + - + name: disk usage on /var + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var" + hosts: bartok, samosa, raff, lobos, villa, gluck, saens, voltaire, tartini, morales, powell, escher + - + name: disk usage on /org + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org" + hosts: sperger, samosa, raff, lobos, villa, steffani, saens, pergolesi, verdi, spontini, ravel, mahler, schroeder, piatti, pescetti, widor, schein, lebrun + - + name: disk usage on /org + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /org" + hosts: merkel, bartok + - + name: disk usage on /srv + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /srv" + hosts: agricola, arcadelt, argento, allegri, tartini, morales, powell, puccini, zelenka, chopin + - + name: disk usage on /org/scratch + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org/scratch" + hosts: merkel + - + name: disk usage on /tmp + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 60 80 /tmp" + hosts: samosa, raff, gluck, saens, puccini, merkel, tartini, powell, piatti, escher + - + name: disk usage on /usr + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /usr" + hosts: samosa, raff, lobos, villa, gluck, saens, pergolesi, merulo, tartini, morales, powell + - + name: disk usage on /home + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home" + hosts: raptor, voltaire, rem, ball, paer, escher + - + name: disk usage on /home + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /home" + hosts: gluck + - + name: disk usage on /chroot + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /chroot" + hosts: raptor + - + name: disk usage on /mnt/hdc + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/hdc" + hosts: voltaire + - + name: disk usage on /mnt/sdb1 + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/sdb1" + hosts: spontini + - + name: disk usage on /x + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /x" + hosts: caballero + + ############ All Computers ############ + #### + - + name: apt - security updates + servicegroups: apt + nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/apt" + hostgroups: computers + normal_check_interval: 60 + retry_check_interval: 15 + #### + - + name: backup + nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-dabackup" + hostgroups: computers + normal_check_interval: 180 + max_check_attempts: 2 + retry_check_interval: 5 + - + name: backup server config + nrpe: "/usr/lib/nagios/plugins/dsa-check-dabackup-server" + hosts: bartok + normal_check_interval: 180 + max_check_attempts: 2 + retry_check_interval: 5 + + #### + - + name: running kernel + servicegroups: kernel + nrpe: "/usr/lib/nagios/plugins/dsa-check-running-kernel" + hostgroups: computers + normal_check_interval: 180 + retry_check_interval: 5 + + #### + - + name: process - puppet + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C ruby -a 'ruby /usr/sbin/puppetd -w 5 --factsync'" + hostgroups: puppet + + - + name: puppet + nrpe: "/usr/lib/nagios/plugins/dsa-check-puppet" + hostgroups: puppet + + #### + - + name: process - samhain + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C samhain -a '/usr/sbin/samhain'" + hostgroups: computers + excludehostgroups: no-samhain + - + name: samhain + servicegroups: samhain + nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/samhain" + hostgroups: computers + excludehostgroups: no-samhain + depends: process - samhain + normal_check_interval: 60 + retry_check_interval: 5 + + #### + - + name: users + nrpe: "/usr/lib/nagios/plugins/check_users 30 35" + hostgroups: computers + #### + - + name: load + nrpe: "/usr/lib/nagios/plugins/check_load -w 30,28,26 -c 50,45,50" + hostgroups: computers + excludehostgroups: highload + - + name: load + nrpe: "/usr/lib/nagios/plugins/check_load -w 140,120,100 -c 240,220,200" + hostgroups: highload + excludehosts: rietz + - + name: load + nrpe: "/usr/lib/nagios/plugins/check_load -w 200,200,200 -c 350,350,350" + hosts: rietz + #### + - + name: processes - zombies + nrpe: "/usr/lib/nagios/plugins/check_procs 5 10 -s Z" + hostgroups: computers + #### + - + name: processes - total + nrpe: "/usr/lib/nagios/plugins/check_procs 620 700" + hostgroups: computers + #### + - + name: swap usage - percent + nrpe: "/usr/lib/nagios/plugins/check_swap -w 20% -c 10%" + hostgroups: computers + #### + - + name: swap usage - mb + nrpe: "/usr/lib/nagios/plugins/check_swap -w 20000 -c 5000" + hostgroups: computers + #### + - + name: process - getty + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C getty -a /sbin/getty" + hostgroups: computers + excludehosts: zelenka + #### + - + name: process - sshd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1: -u root -C sshd -a '/usr/sbin/sshd'" + hostgroups: computers + - + name: "network service - sshd" + check: dsa_check_ssh + hostgroups: computers + depends: process - sshd + normal_check_interval: 60 + notification_interval: 1440 + + - + name: "network service - sshd" + check: dsa_check_ssh + hostgroups: deadslow + excludehosts: agnesi + normal_check_interval: 180 + - + name: "network service - sshd - 2260" + check: dsa_check_ssh_port!2260 + hosts: agnesi + normal_check_interval: 180 + - + name: "network service - sshd - 443" + check: dsa_check_ssh_port!443 + hosts: gluck + normal_check_interval: 180 + + - + name: "network service - sshd - version" + check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch3" + depends: network service - sshd + hostgroups: computers, deadslow + excludehosts: crest, kullervo + excludehostgroups: lenny + normal_check_interval: 60 + - + name: "network service - sshd - version" + check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch2+m68k1" + depends: network service - sshd + hosts: crest, kullervo + normal_check_interval: 60 + - + name: "network service - sshd - version" + check: "dsa_check_ssh_port_version!22!OpenSSH_5.1p1 Debian-5" + depends: network service - sshd + hostgroups: lenny + excludehosts: agnesi + normal_check_interval: 60 + - + name: "network service - sshd - version - 2260" + check: "dsa_check_ssh_port_version!2260!OpenSSH_5.1p1 Debian-5" + depends: network service - sshd - 2260 + hosts: agnesi + normal_check_interval: 60 + # + - + name: ssh - weak keys + servicegroups: weaksshkeys + nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/weak-ssh-keys" + hostgroups: computers + normal_check_interval: 60 + #### + - + name: network service - nrpe + check: check_tcp!5666 + hostgroups: computers + max_check_attempts: -2 + notification_interval: 1440 + - + name: process - nrpe + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u nagios -C nrpe -a '/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d'" + hostgroups: computers + max_check_attempts: -1 + depends: network service - nrpe + ### + - + name: process - munin-node + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C munin-node -a '/usr/sbin/munin-node'" + hostgroups: computers + - + name: network service - munin-node + check: check_tcp!4949 + hostgroups: computers + depends: process - munin-node + ### + - + name: process - ntpd + # sarge: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'" + # etch: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ntp -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'" + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'" + hostgroups: computers + excludehosts: raptor, zelenka + - + name: network service - ntp + check: check_ntp + hostgroups: computers + depends: process - ntpd + excludehosts: raptor, allegri, zelenka + # + - + name: network service - time + check: dsa_check_time + hosts: raptor, allegri, zelenka + depends: process - xinetd + + ### + - + name: process - atd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C atd -a /usr/sbin/atd" + hostgroups: computers + ### + - + name: process - cron + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C cron -a /usr/sbin/cron" + hostgroups: computers + + ### + # - + # name: process - syslog-ng + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslog-ng -a '/sbin/syslog-ng -p /var/run/syslog-ng.pid'" + # hostgroups: syslog-ng-hosts + ### + - + name: process - rsyslogd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rsyslogd -a '/usr/sbin/rsyslogd -c3'" + hostgroups: rsyslog-hosts + ### + - + name: process - syslogd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslogd -a '/sbin/syslogd'" + hostgroups: computers + excludehostgroups: rsyslog-hosts + - + name: process - klogd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C klogd -a '/sbin/klogd -x'" + hostgroups: computers + excludehostgroups: rsyslog-hosts + + ### MAIL STUFF + ### + - + name: process - exim + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u Debian-exim -C exim4 -a '/usr/sbin/exim4 -bd -q'" + hostgroups: computers + excludehostgroups: postfix-hosts + excludehosts: master, rietz, merkel, gluck + - + name: process - exim - total + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1: -C exim4" + hostgroups: computers + excludehostgroups: postfix-hosts + excludehosts: master, rietz, merkel, gluck + - + name: process - exim + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:300 -c 1:500 -C exim4 -a '/usr/sbin/exim4'" + hosts: master, rietz, merkel, gluck + ### + - + name: process - clamav - clamd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u clamav -C clamd -a '/usr/sbin/clamd'" + hostgroups: heavy-exim, heavy-postfix + - + name: service - clamav + nrpe: "/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl" + hostgroups: heavy-exim, heavy-postfix + depends: process - clamav - clamd + - + name: process - clamav - freshclam + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --quiet'" + hostgroups: heavy-exim, heavy-postfix + - + name: process - clamav - getsigs + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C getclamsigs -a 'getclamsigs'" + hostgroups: heavy-exim, heavy-postfix + # + - + name: unwanted process - clamav + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C clamd" + hostgroups: computers + excludehostgroups: heavy-exim, heavy-postfix + - + name: unwanted process - freshclam + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C freshclam" + hostgroups: computers + excludehostgroups: heavy-exim, heavy-postfix + - + name: unwanted process - clamav - getsigs + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C getclamsigs" + hostgroups: computers + excludehostgroups: heavy-exim, heavy-postfix + ### + - + name: process - spamd - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid'" + hostgroups: heavy-exim + excludehosts: rietz, merkel, raff + - + name: process - spamd - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 10 --helper-home-dir -d --pidfile=/var/run/spamd.pid'" + hosts: liszt + - + name: process - spamd - child + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:11 -c 1: -C spamd -a 'spamd child'" + hosts: liszt + hostgroups: heavy-exim + depends: process - spamd - master + excludehosts: rietz, merkel, raff + # + - + name: process - spamd - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u debbugs -C spamd -a '/usr/sbin/spamd -d '" + hosts: rietz + - + name: process - spamd - child + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1: -u debbugs -C spamd -a 'spamd child'" + hosts: rietz + # + - + name: unwanted process - spamd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd" + hostgroups: computers + excludehostgroups: heavy-exim + excludehosts: liszt + - + name: unwanted process - spamd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd" + hosts: merkel, raff + + ### + #- + # name: process - greylistd + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u greylist -C greylistd -a '/usr/bin/python /usr/sbin/greylistd'" + # hostgroups: heavy-exim + # + - + name: unwanted process - greylistd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C greylistd" + hostgroups: computers + + ### + - + name: process - postgrey + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'" + hostgroups: heavy-exim + - + name: process - postgrey + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'" + hostgroups: heavy-postfix + # + - + name: unwanted process - postgrey + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C postgrey" + hostgroups: computers + excludehostgroups: heavy-postfix, heavy-exim + ### + - + name: process - amavis - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u amavis -C amavisd-new -a 'amavisd (master)'" + hostgroups: amavis-hosts + - + name: process - amavis - all + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1:10 -u amavis -C amavisd-new -a 'amavisd '" + hostgroups: amavis-hosts + depends: process - amavis - master + # + - + name: unwanted process - amavis + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C amavisd-new" + hostgroups: computers + excludehostgroups: amavis-hosts + ### + - + name: process - weightd - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (master)'" + hostgroups: heavy-postfix + - + name: process - weightd - cache + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (cache)'" + hostgroups: heavy-postfix + depends: process - weightd - master + - + name: process - weightd - child + nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:50 -c 1: -u polw -C policyd-weight -a 'policyd-weight (child)'" + hostgroups: heavy-postfix + depends: process - weightd - master + # + - + name: unwanted process - policyd-weight + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C policyd-weight" + hostgroups: computers + excludehostgroups: heavy-postfix + + + + ### + - + name: process - postfix - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C master -a '/usr/lib/postfix/master'" + hostgroups: postfix-hosts + - + name: process - postfix - qmgr + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C qmgr -a 'qmgr -l -t fifo -u'" + hostgroups: postfix-hosts + depends: process - postfix - master + #- + # name: process - postfix - tlsmgr + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C tlsmgr -a 'tlsmgr -l -t fifo -u'" + # hostgroups: postfix-hosts + # depends: process - postfix - master + - + name: process - postfix - pickup + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C pickup -a 'pickup -l -t fifo -u -c'" + hostgroups: postfix-hosts + depends: process - postfix - master + - + name: process - postfix - anvil + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:1 -c 0: -u postfix -C anvil -a 'anvil -l -t unix -u'" + hostgroups: postfix-hosts + depends: process - postfix - master + + - + name: process - postfix - trivial-rewrite + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C trivial-rewrite -a 'trivial-rewrite -n rewrite -t unix -u -c'" + hostgroups: postfix-hosts + depends: process - postfix - master + - + name: process - postfix - proxymap + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C proxymap -a 'proxymap -t unix -u'" + hostgroups: postfix-hosts + depends: process - postfix - master + - + name: process - postfix - cleanup + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C cleanup -a 'cleanup -z -t unix -u -c'" + hostgroups: postfix-hosts + depends: process - postfix - master + - + name: process - postfix - local + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C local -a 'local -t unix'" + hostgroups: postfix-hosts + depends: process - postfix - master + + - + name: process - postfix - smtpd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:40 -c 0:90 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'" + hostgroups: postfix-hosts + excludehosts: liszt + depends: process - postfix - master + - + name: process - postfix - smtp + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C smtp -a 'smtp -t unix -u -c'" + hostgroups: postfix-hosts + excludehosts: liszt + depends: process - postfix - master + + - + name: process - postfix - smtpd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:150 -c 0:200 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'" + hosts: liszt + depends: process - postfix - master + - + name: process - postfix - smtp + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:350 -c 0:500 -u postfix -C smtp -a 'smtp -t unix -u -c'" + hosts: liszt + depends: process - postfix - master + + ### + - + name: network service - smtp + check: dsa_check_smtp + hostgroups: computers + excludehostgroups: postfix-hosts + depends: process - exim + + - + name: network service - smtp + check: dsa_check_smtp + hostgroups: postfix-hosts + excludehosts: verdi, kassia, allegri, raptor, piatti + depends: process - postfix - master + - + name: network service - smtp - port 2025 + check: dsa_check_smtp_port!2025 + hosts: verdi, kassia, murphy, allegri, piatti + depends: process - postfix - master + - + name: network service - smtp - port 8080 + check: dsa_check_smtp_port!8080 + hosts: murphy + depends: process - postfix - master + - + name: network service - smtp - port 2025 + remotecheck: /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p 2025 + runfrom: murphy + hosts: raptor + depends: process - postfix - master + + - + name: network service local - smtps cert + nrpe: "/usr/lib/nagios/plugins/check_http -H localhost -p 465 -S -C 14 -t 45" + hostgroups: postfix-hosts + depends: process - postfix - master + normal_check_interval: 120 + + + - + name: setup - dsa config + nrpe: "/usr/lib/nagios/plugins/dsa-check-config" + hostgroups: computers + normal_check_interval: 120 + - + name: setup - ud-ldap freshness + nrpe: "/usr/lib/nagios/plugins/dsa-check-udldap-freshness" + hostgroups: computers + ### + - + name: process - uptimed + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C uptimed -a '/usr/sbin/uptimed'" + hostgroups: computers + ### + - + name: process - irqbalance + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C irqbalance -a '/usr/sbin/irqbalance'" + hostgroups: computers + excludehostgroups: single-cpu + - + name: unwanted process - irqbalance + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C irqbalance" + hostgroups: single-cpu + + #### + ### + #- + # name: unwanted process - system-tools-backends + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C system-tools-ba" + # hostgroups: computers + #- + # name: unwanted process - dbus-daemon + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C dbus-daemon" + # hostgroups: computers + - + name: unwanted process - gkrellmd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C gkrellmd" + hostgroups: computers + - + name: unwanted process - portmap + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C portmap" + hostgroups: computers + excludehostgroups: nfs-client, nfs-server + - + name: unwanted process - rpc.statd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C rpc.statd" + hostgroups: computers + excludehostgroups: nfs-client, nfs-server + - + name: unwanted process - inetd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C inetd" + hostgroups: computers + - + name: unwanted process - snmpd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C snmpd" + hostgroups: computers + + + ############ Processes/Services that only run on some computers ############ + #### + ### + - + name: process - rngd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rngd -a '/usr/sbin/rngd -r /dev/hwrng'" + hostgroups: dl385 + ### + - + name: process - mdadm monitor + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C mdadm -a '/sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan'" + hostgroups: sw-raid + - + name: RAID - sw raid + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-sw" + hostgroups: sw-raid + + ### + - + name: process - cpqarrayd + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C cpqarrayd -a '/usr/sbin/cpqarrayd'" + hostgroups: dl385, dl380, dl360, bl460 + - + name: RAID - arrayprobe + servicegroups: raid + nrpe: "sudo /usr/bin/arrayprobe" + hostgroups: dl385, dl380, dl360, bl460 + - + name: HW - hpacucli status + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/dsa-check-hpacucli" + normal_check_interval: 120 + hostgroups: dl385, dl380, dl360, bl460 + ### + - + name: RAID - areca + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-areca" + hosts: powell + ### + - + name: RAID - DAC960 + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-dac960" + hosts: verdi + ### + - + name: RAID - 3ware + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-3ware" + hosts: puccini + ### + - + name: RAID - MPT + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-mpt" + hosts: master + + ### + - + name: process - slapd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1:50 -u openldap -C slapd -a '/usr/sbin/slapd -h ldap:/// ldaps:/// -g openldap -u openldap'" + hosts: samosa + ### + - + name: process - ulogd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ulogd -a '/usr/sbin/ulogd -d'" + hostgroups: ulogd-hosts + - + name: unexpected process - ulogd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C ulogd" + hostgroups: computers + excludehostgroups: ulogd-hosts + ### + - + name: process - udevd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C udevd -a 'udevd'" + hostgroups: computers + excludehostgroups: no-udev + - + name: unexpected process - udev + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C udevd" + hostgroups: no-udev + ### + - + name: process - acpid + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C acpid -a '/usr/sbin/acpid'" + hostgroups: acpid-hosts + - + name: unexpected process - acpid + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C acpid" + hostgroups: computers + excludehostgroups: acpid-hosts + + ### + - + name: process - xinetd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xinetd -a '/usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive'" + hosts: samosa, raptor, allegri, gluck, zelenka + hostgroups: rsyncd-hosts + - + name: unwanted process - xinetd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C xinetd" + hostgroups: computers + excludehosts: samosa, raptor, allegri, gluck, zelenka + excludehostgroups: rsyncd-hosts + ### + - + name: network service - finger + check: check_tcp!79 + hosts: samosa + depends: process - xinetd + ### + - + name: network service - rsync + check: check_tcp!873 + hostgroups: rsyncd-hosts + depends: process - xinetd + + - + name: network service - rsync + check: check_tcp!873 + hosts: rietz2 + depends: rietz:process - xinetd + + - + name: network service - rsync + check: check_tcp!873 + hosts: kassia-sec + depends: kassia:process - xinetd + + ### + - + name: process - nagios3 + # there is always one extra process per check currently running.. + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:30 -c 1: -u nagios -C nagios3 -a '/usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg'" + hosts: samosa + + ### + - + name: process - apache2 - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache2 -a /usr/sbin/apache2" + hostgroups: apache2-hosts + - + name: process - apache2 - worker + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1:100 -u www-data -C apache2 -a /usr/sbin/apache2" + hostgroups: apache2-hosts + depends: process - apache2 - master + - + name: network service - http + check: check_http + hostgroups: apache2-hosts + excludehosts: kassia + depends: process - apache2 - master + - + name: network service - http + check: check_http + depends: kassia:process - apache2 - master + hosts: kassia-sec, kassia-ftp + + + - + name: process - apache - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache -a /usr/sbin/apache" + hostgroups: apache1-hosts + - + name: process - apache - worker + nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:75 -c 1:150 -u www-data -C apache -a /usr/sbin/apache" + hostgroups: apache1-hosts + depends: process - apache - master + - + name: network service - http + check: check_http + hostgroups: apache1-hosts + depends: process - apache - master + + - + name: network service - http keyserver + check: dsa_check_http_port!11371 + hosts: raff + depends: process - apache2 - master + + - + name: network service - https + check: check_https + hosts: samosa, ries, klecker + depends: "process - apache2 - master" + normal_check_interval: 120 + - + name: network service - https cert + check: dsa_check_cert!443 + hosts: samosa, ries, klecker + depends: network service - https + normal_check_interval: 60 + #### + - + name: process - named + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:15 -c 1: -u bind -C named -a '/usr/sbin/named -u bind'" + hostgroups: bind9-hosts + - + name: network service - dns + check: check_dns + hostgroups: bind9-hosts + depends: process - named + - + name: unwanted process - named + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C named" + hostgroups: computers + excludehostgroups: bind9-hosts + + #### + - + name: process - vsftp - listener + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C vsftpd -a 'vsftpd: LISTENER'" + hostgroups: ftpd-hosts + excludehosts: kassia + - + name: process - vsftp - instance + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:80 -c 0:100 -u ftp -C vsftpd -a 'vsftpd: '" + hostgroups: ftpd-hosts + excludehosts: kassia + - + name: network service - ftp + check: check_ftp + hostgroups: ftpd-hosts + excludehosts: kassia + depends: process - vsftp - listener + - + name: network service - ftp + check: check_ftp + hosts: kassia-sec, kassia-ftp + depends: kassia:process - xinetd + + #### + - + name: process - debianqueued + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u dak -C debianqueued" + hosts: ries, ravel, klecker + + ### + - + name: process - postresql81 - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a '/usr/lib/postgresql/8.1/bin/postmaster -D /var/lib/postgresql/8.1/main -c config_file=/etc/postgresql/8.1/main/postgresql.conf'" + hostgroups: postgres81-hosts + - + name: process - postresql81 - writer + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: writer process'" + hostgroups: postgres81-hosts + depends: process - postresql81 - master + - + name: process - postresql81 - buffer + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats buffer process'" + hostgroups: postgres81-hosts + depends: process - postresql81 - master + - + name: process - postresql81 - collector + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats collector process'" + hostgroups: postgres81-hosts + depends: process - postresql81 - master + #### + - + name: process - postresql83 - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf'" + hostgroups: postgres83-hosts + excludehosts: piatti, klecker + - + name: process - postresql83 - master udd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/udd -c config_file=/etc/postgresql/8.3/udd/postgresql.conf'" + hosts: piatti + - + name: process - postresql83 - dak master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak -c config_file=/etc/postgresql/8.3/dak/postgresql.conf'" + hosts: ries, klecker + - + name: process - postresql83 - dak-dev master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak-dev -c config_file=/etc/postgresql/8.3/dak-dev/postgresql.conf'" + hosts: ries + #### + - + name: process - mysql - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C mysqld_safe -a '/bin/sh /usr/bin/mysqld_safe'" + hostgroups: mysql-hosts + - + name: process - mysql - workers + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u mysql -C mysqld -a /usr/sbin/mysqld" + hostgroups: mysql-hosts + depends: process - mysql - master + + #### + - + name: process - stunnel4 - postgres-udd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd-server.conf'" + hosts: piatti + - + name: process - stunnel4 - postgres-udd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd.conf'" + hosts: merkel, master + + #### + #- + # name: process - xenconsoled + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenconsoled -a 'xenconsoled'" + # hosts: piatti + #- + # name: process - xenstored + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenstored -a '/usr/lib/xen-3.0.3-1/bin/xenstored --pid-file /var/run/xenstore.pid'" + # hosts: piatti + #- + # name: process - xend + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 2: -u root -C python -a 'python /usr/lib/xen-3.0.3-1/bin/xend start'" + # hosts: piatti +# + #### + - + name: process - libvirtd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C libvirtd -a '/usr/sbin/libvirtd -d'" + hosts: unger + + ### + - + name: process - buildd + servicegroups: buildd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u buildd -C buildd '/usr/bin/perl /usr/bin/buildd'" + hostgroups: buildd + contacts: luk + + ### + - + name: process - iscsid + nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 1: -u root -C iscsid '/usr/sbin/iscsid'" + hosts: raptor + + ### + #- + # name: process - tftpd + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C in.tftpd -a '/usr/sbin/in.tftpd -l -B 1450 -s /var/lib/tftpboot'" + # hostgroups: tftpd-hosts + ### +# - +# name: process - dhcpd +# nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C dhcpd3 -a '/usr/sbin/dhcpd3 -q eth0'" +# hosts: paer + ### + - + name: process - smartd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C smartd -a '/usr/sbin/smartd --pidfile /var/run/smartd.pid --interval=1800'" + hostgroups: smart + + ############ NFS Stuff ############ + #### + - + name: process - portmap + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C portmap -a '/sbin/portmap'" + hostgroups: nfs-client, nfs-server + - + name: process - statd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u statd -C rpc.statd -a '/sbin/rpc.statd'" + hostgroups: nfs-client, nfs-server + - + name: process - nfsd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u root -C nfsd -a '[nfsd]'" + hostgroups: nfs-server + - + name: process - lockd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C lockd -a '[lockd]'" + hostgroups: nfs-server + - + name: process - mountd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rpc.mountd -a '/sbin/rpc.mountd'" + hostgroups: nfs-server + # see if the nfs stuff works and doesn't hang. + # the df check all script will also hang, but we don't appear to pay attention to that + - + name: nfs mount ftp archive + nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /home/org/ftp.root/debian" + hosts: gluck + - + name: nfs mount ftp archive + nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /org/mirrors/ftp.debian.org/ftp" + hosts: merkel, raff + + ############ MISC OTHER Stuff ############ + ##### + - + name: mirror sync - security + check: "dsa_check_mirrorsync!security.debian.org!project/trace/security-master.debian.org" + hosts: global + - + name: mirror sync - security.eu + check: "dsa_check_mirrorsync!security.eu.debian.org!project/trace/security-master.debian.org" + hosts: global + - + name: mirror sync - security.us + check: "dsa_check_mirrorsync!security.us.debian.org!project/trace/security-master.debian.org" + hosts: global + - + name: DNS SOA sync - debian.org + check: "dsa_check_soas_add!samosa.debian.org!debian.org" + hosts: global + - + name: DNS SOA sync - debian.net + check: "dsa_check_soas_add!samosa.debian.org!debian.net" + hosts: global + - + name: DNS SOA sync - debian.com + check: "dsa_check_soas_add!samosa.debian.org!debian.com" + hosts: global + - + name: DNS SOA sync - mirror.debian.net + check: "dsa_check_soas_add!samosa.debian.org!mirror.debian.net" + hosts: global + - + name: DNS SOA sync - 144-28.118.59.86.in-addr.arpa + check: "dsa_check_soas_add!samosa.debian.org!144-28.118.59.86.in-addr.arpa" + hosts: global + - + name: DNS SOA sync - alioth.debian.org + check: "dsa_check_soas_add!alioth.debian.org!alioth.debian.org" + hosts: global diff --git a/dsa-nagios-checks/apt-status-check b/dsa-nagios-checks/apt-status-check new file mode 100755 index 0000000..1d4ac92 --- /dev/null +++ b/dsa-nagios-checks/apt-status-check @@ -0,0 +1,231 @@ +#!/usr/bin/perl -Tw + +# $Id: nagios-check-apt-updates 352 2008-05-20 21:36:54Z weasel $ + +# nagios check for debian (security) updates, +# based on net-snmp glue to security updates via apt-get. +# Copyright (C) 2004 SILVER SERVER Gmbh +# Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA + +use strict; +use English; +use Getopt::Long; +use IO::Handle; +use IPC::Open2; +use IPC::Open3; + +$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; +delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; + +my $APT = '/usr/bin/apt-get'; +my $VERBOSE; + +sub do_check($$$$$$) { + my ($pre_command, $timeout, $noupdate, $name, $updates_security, $updates_other) = @_; + my $fh; + my $pid; + my @command; + + unless ($noupdate) { + print STDERR "Running $APT update in $name\n" if $VERBOSE; + @command = ($APT, 'update'); + unshift @command, @$pre_command; + $fh = new IO::Handle; + $pid = open3(\*STDIN, $fh, $fh, @command) or die ("Cannot run $APT update in $name: $!\n"); + local $SIG{ALRM} = sub { die "Timeout for apt-get update.\n" }; + alarm $timeout; + my @ignore=<$fh>; + alarm 0; + close $fh; + waitpid $pid, 0; + if ($CHILD_ERROR) { # program failed + die("$APT update returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n"); + }; + }; + + print STDERR "Running $APT --simulate upgrade in $name\n" if $VERBOSE; + @command = ($APT, qw{--simulate upgrade}); + unshift @command, @$pre_command; + $fh = new IO::Handle; + $pid = open2($fh, \*STDIN, @command) or die ("Cannot run $APT --simulate upgrade | sort -u in $name: $!\n"); + local $SIG{ALRM} = sub { die "Timeout for apt-get --simulate upgrade.\n" }; + alarm $timeout; + my @lines=<$fh>; + close $fh; + alarm 0; + waitpid $pid, 0; + if ($CHILD_ERROR) { # program failed + die("$APT --simulate upgrade | sort -u returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n"); + }; + + @lines = sort {$a cmp $b} @lines; + my %uniq; + @lines = grep {!$uniq{$_}++} @lines; + + print STDERR "Processing information for $name\n" if $VERBOSE; + for my $line (@lines) { + if ($line =~ m/^Inst\s+(\S+)\s+/) { + my $package = $1; + if ($line =~ m/^Inst\s+\S+\s+.*security/i) { + push @$updates_security, $package.($name ne '/' ? "($name)" : ''); + } else { + push @$updates_other, $package.($name ne '/' ? "($name)" : ''); + }; + } + } +} + + + +my $VERSION = '0.0.3 - $Rev: 352 $'; +my $use_sudo = 1; +my $params; + +# nagios exit codes +my $OK = 0; +my $WARNING = 1; +my $CRITICAL = 2; +my $UNKNOWN = 3; + +$params->{'chroots'} = []; +$params->{'vservers'} = []; +$params->{'timeout'} = 20; +Getopt::Long::config('bundling'); +if (!GetOptions ( + '--help' => \$params->{'help'}, + '--version' => \$params->{'version'}, + '--sudo' => \$params->{'sudo'}, + '--noupdate' => \$params->{'noupdate'}, + '--nosudo' => \$params->{'nosudo'}, + '--verbose' => \$params->{'verbose'}, + '--warnifupdates' => \$params->{'warnifupdates'}, + '--timeout=i' => \$params->{'timeout'}, + '--chroot=s' => $params->{'chroots'}, + '--vserver=s' => $params->{'vservers'} + )) { + die ("Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--timeout=] [--verbose]\n"); +}; +if ($params->{'help'}) { + print "nagios-check-apt-updates $VERSION\n"; + print "Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--verbose]\n"; + print "Reports packages to upgrade, updating the list if necessary.\n"; + print "\n"; + print " --help Print this short help.\n"; + print " --version Report version number.\n"; + print " --sudo Use sudo to call apt-get (default).\n"; + print " --noupdate Do not run apt-get update first.\n"; + print " --nosudo Do not use sudo to call apt-get.\n"; + print " --warnifupdates Exit with a WARNING status if any updates are available.\n"; + print " --timeout= Timeout in seconds for each of the two apt-get runs.\n"; + print " --verbose Be a little verbose.\n"; + print " --chroot= Run check in path.\n"; + print " --vserver= Run check in vserver.\n"; + print "\n"; + print "Note that for --sudo (default) you will need entries in /etc/sudoers like these:\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get update\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate upgrade\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get update\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get --simulate upgrade\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get update\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get --simulate upgrade\n"; + print "\n"; + exit (0); +}; +if ($params->{'version'}) { + print "nagios-check-apt-updates $VERSION\n"; + print "nagios check for availability of debian (security) updates\n"; + print "Copyright (c) 2004 SILVER SERVER Gmbh\n"; + print "Copyright (c) 2004,2005 Peter Palfrader \n"; + exit (0); +}; +if ($params->{'sudo'} && $params->{'nosudo'}) { + die ("$PROGRAM_NAME: --sudo and --nosudo are mutually exclusive.\n"); +}; +if ($params->{'sudo'}) { + $use_sudo = 1; +}; +if ($params->{'nosudo'}) { + $use_sudo = 0; +}; +if (scalar @{$params->{'chroots'}} == 0 && scalar @{$params->{'vservers'}} == 0) { + $params->{'chroots'} = ['/']; +}; +$VERBOSE = $params->{'verbose'}; + + +$SIG{'__DIE__'} = sub { + print STDERR @_; + exit $UNKNOWN; +}; + + +my @updates_security; +my @updates_other; + + +# Make sure chroot paths are nice; +my @chroots = (); +for my $root (@{$params->{'chroots'}}) { + if ($root =~ m#^(/[a-zA-Z0-9/.-]*)$#) { + push @chroots, $1; + } else { + die ("Chroot path $root is not nice.\n"); + }; +}; +for my $root (@chroots) { + my @pre_command = (); + unshift @pre_command, 'chroot', $root if ($root ne '/'); + unshift @pre_command, 'sudo' if $use_sudo; + do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $root, \@updates_security, \@updates_other); +} + +# Make sure vserver names are nice; +my @vservers = (); +for my $vserver (@{$params->{'vservers'}}) { + if ($vserver =~ m#^([a-zA-Z0-9.-]+)$#) { + push @vservers, $1; + } else { + die ("Vserver name $vserver is not nice.\n"); + }; +}; +for my $vserver (@vservers) { + my @pre_command = (); + unshift @pre_command, '/usr/sbin/vserver', $vserver, 'exec'; + unshift @pre_command, 'sudo' if $use_sudo; + do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $vserver, \@updates_security, \@updates_other); +} + + + + +my $exit = $OK; + +my $updateinfo; +if (@updates_security) { + $updateinfo .= 'Security updates ('.(scalar @updates_security).'): '.join(', ', @updates_security)."; "; + $exit = $CRITICAL; +} +if (@updates_other) { + $updateinfo .= 'Other Updates ('.(scalar @updates_other).'): '.join(', ', @updates_other)."; "; + $exit = $WARNING if ($params->{'warnifupdates'} and $exit == $OK); +}; +$updateinfo = 'No updates available' unless defined $updateinfo; + + +print $updateinfo,"\n"; +exit $exit; diff --git a/dsa-nagios-checks/debian/README.Debian b/dsa-nagios-checks/debian/README.Debian new file mode 100644 index 0000000..d500cc8 --- /dev/null +++ b/dsa-nagios-checks/debian/README.Debian @@ -0,0 +1,7 @@ +dsa-nagios-nrpe-config for Debian +--------------------------------- + +This package is automatically created from the debian.org nagios +config. + + -- Peter Palfrader Wed, 2 Apr 2008 22:19:07 +0200 diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog new file mode 100644 index 0000000..2e58aba --- /dev/null +++ b/dsa-nagios-checks/debian/changelog @@ -0,0 +1,329 @@ +dsa-nagios-nrpe-config (68) unstable; urgency=low + + * dsa-update-apt-status: Ensure apt-get update is quiet even when stuff + goes wrong. + + -- Peter Palfrader Wed, 11 Feb 2009 21:59:55 +0100 + +dsa-nagios-nrpe-config (67) unstable; urgency=low + + * Minor tweak to dsa-check-packages: reorder ok and obs(ign), change + long text for obs(ign). + + -- Peter Palfrader Wed, 4 Feb 2009 09:40:26 +0000 + +dsa-nagios-nrpe-config (66) unstable; urgency=low + + * Add dsa-check-packages + * Make apt-status-check use dsa-check-packages. + * And install obsolete-packages-ignore into etc/nagios. + + -- Peter Palfrader Tue, 03 Feb 2009 20:39:01 +0100 + +dsa-nagios-nrpe-config (65) unstable; urgency=low + + * Add dsa-check-soas + + -- Peter Palfrader Tue, 23 Dec 2008 23:11:19 +0000 + +dsa-nagios-nrpe-config (64) unstable; urgency=low + + * dsa-check-mirrorsync: make it work in embedded perl again. + + -- Peter Palfrader Tue, 23 Dec 2008 22:59:06 +0000 + +dsa-nagios-nrpe-config (63) unstable; urgency=low + + * dsa-check-mirrorsync: print help if additional args are given (we don't + support any) + + -- Peter Palfrader Tue, 23 Dec 2008 22:14:44 +0000 + +dsa-nagios-nrpe-config (62) unstable; urgency=low + + * Add check_securitymirror by formorer. + + -- Peter Palfrader Tue, 23 Dec 2008 21:59:47 +0000 + +dsa-nagios-nrpe-config (61) unstable; urgency=low + + * dsa-check-hpacucli: Do not create the 'Failed' array while checking if an + entry is in there. If it doesn't exist that's also good. + + -- Peter Palfrader Mon, 06 Oct 2008 14:08:30 +0200 + +dsa-nagios-nrpe-config (60) unstable; urgency=low + + * Add dsa-check-raid-areca. + + -- Peter Palfrader Wed, 01 Oct 2008 16:23:33 +0200 + +dsa-nagios-nrpe-config (59) unstable; urgency=low + + * apt-status-check: Ignore stderr during apt-get update. + + -- Peter Palfrader Tue, 30 Sep 2008 19:58:36 +0200 + +dsa-nagios-nrpe-config (58) unstable; urgency=low + + * Rename dsa-check-da-in-aliases to dsa-check-config. + * dsa-check-config: check if ldap.conf is configured correctly. + + -- Peter Palfrader Fri, 26 Sep 2008 15:02:53 +0200 + +dsa-nagios-nrpe-config (57) unstable; urgency=low + + * dsa-check-hpacucli: Do not inspect drives in detail when they are + listed as Failed in the overview already. + + -- Peter Palfrader Wed, 24 Sep 2008 16:02:31 +0200 + +dsa-nagios-nrpe-config (56) unstable; urgency=low + + * fix dsa-check-samhain. + sudo is not in $PATH. + + -- Martin Zobel-Helas Mon, 22 Sep 2008 06:45:19 +0000 + +dsa-nagios-nrpe-config (55) unstable; urgency=low + + * And another one, weasel should sleep. + + -- Peter Palfrader Mon, 22 Sep 2008 00:29:15 +0000 + +dsa-nagios-nrpe-config (54) unstable; urgency=low + + * dsa-check-dabackup-server fixes. + + -- Peter Palfrader Mon, 22 Sep 2008 00:27:41 +0000 + +dsa-nagios-nrpe-config (53) unstable; urgency=low + + * Add dsa-check-dabackup-server. + + -- Peter Palfrader Mon, 22 Sep 2008 00:19:28 +0000 + +dsa-nagios-nrpe-config (52) unstable; urgency=low + + * The nagios _check_ package should probably not be the one that + depends on the stuff we want on most or all hosts, thus removing + dependency on samhain, which should probably get pulled in via + debian.org. + + -- Peter Palfrader Sun, 21 Sep 2008 23:41:01 +0000 + +dsa-nagios-nrpe-config (51) unstable; urgency=low + + * Add check for samhain. + + -- Martin Zobel-Helas Sat, 20 Sep 2008 07:29:23 +0000 + +dsa-nagios-nrpe-config (50) unstable; urgency=low + + * dsa-check-hpacucli: Handle 'pd all show' output with failed arrays. + + -- Peter Palfrader Sat, 09 Aug 2008 11:39:55 +0200 + +dsa-nagios-nrpe-config (49) unstable; urgency=low + + * dsa-check-hpacucli: Learn correct transfer speed for Ultra 3 Wide (160mb/s) + + -- Peter Palfrader Wed, 23 Jul 2008 00:56:54 +0200 + +dsa-nagios-nrpe-config (48) unstable; urgency=low + + * Don't just print the sudoers lines to stdout, tell the admin to add them + also. + + -- Peter Palfrader Tue, 22 Jul 2008 21:25:56 +0000 + +dsa-nagios-nrpe-config (47) unstable; urgency=low + + * dsa-check-hpacucli: Check transfer speed of disks. + + -- Peter Palfrader Tue, 22 Jul 2008 23:14:50 +0200 + +dsa-nagios-nrpe-config (46) unstable; urgency=low + + * Move apt status update from cron.daily to usr/sbin/dsa-update-apt-status. + * Move script calls from cron.daily to cron.d @daily and @reboot. + * Introduce hourly runs for dsa-update-apt-status that happen if the system + changed in the meantime, that is if /var/lib/dpkg/status or + /var/cache/apt/pkgcache.bin are newer than the status file. + Also run if the status file does not exist, or if the last apt-get update + call failed, or if the last run was more than a day ago. + * No longer do @daily runs of dsa-update-apt-status + + -- Peter Palfrader Sun, 06 Jul 2008 11:51:27 +0200 + +dsa-nagios-nrpe-config (45) unstable; urgency=low + + * Add apt upgrades check. + + -- Peter Palfrader Tue, 20 May 2008 22:01:07 +0000 + +dsa-nagios-nrpe-config (44) unstable; urgency=low + + * Fix ssh-dss detection. It need not be at the start of a line + (think >from="1.2.3.4" ssh-dss< ...). + + -- Peter Palfrader Mon, 19 May 2008 14:34:23 +0000 + +dsa-nagios-nrpe-config (43) unstable; urgency=low + + * Depend on ruby. + + -- Peter Palfrader Mon, 19 May 2008 14:19:10 +0000 + +dsa-nagios-nrpe-config (42) unstable; urgency=low + + * weak-ssh-keys-check: Ignore empty lines in authorized-keys files. + * weak-ssh-keys-check: Handle servers not doing DSA in from_ssh_host(). + * Run weak-ssh-keys-check on install. + + -- Peter Palfrader Mon, 19 May 2008 14:05:10 +0000 + +dsa-nagios-nrpe-config (41) unstable; urgency=low + + * Add dsa-check-statusfile. + * Add weak-ssh-keys-check to be run from cron.daily. Depend on + libberkeleydb-perl and dsa-ssh-weak-keys now. + * Remove up /var/cache/dsa/nagios/weak-ssh-keys in postrm purge. + + -- Peter Palfrader Mon, 19 May 2008 15:55:43 +0200 + +dsa-nagios-nrpe-config (40) unstable; urgency=low + + * Teach dsa-check-hpacucli about rebuilding. + + -- Peter Palfrader Fri, 9 May 2008 12:55:07 +0000 + +dsa-nagios-nrpe-config (39) unstable; urgency=low + + * Add dsa-check-hpacucli. + * Suggest hpacucli. + + -- Peter Palfrader Wed, 7 May 2008 19:54:55 +0000 + +dsa-nagios-nrpe-config (38) unstable; urgency=low + + * Try harder to find version string. + + -- Peter Palfrader Mon, 5 May 2008 17:48:42 +0000 + +dsa-nagios-nrpe-config (37) unstable; urgency=low + + * dsa-check-running-kernel: also check /boot/vmlinux-`uname -r` + * Depend on binutils for string(1). + + -- Peter Palfrader Mon, 5 May 2008 17:41:13 +0000 + +dsa-nagios-nrpe-config (36) unstable; urgency=low + + * Add dsa-check-running-kernel + + -- Peter Palfrader Mon, 5 May 2008 17:11:54 +0000 + +dsa-nagios-nrpe-config (35) unstable; urgency=low + + * dsa-check-raid-mpt + + -- Peter Palfrader Tue, 29 Apr 2008 12:57:50 +0000 + +dsa-nagios-nrpe-config (34) unstable; urgency=low + + * dsa-check-raid-3ware + + -- Peter Palfrader Thu, 24 Apr 2008 19:37:47 +0000 + +dsa-nagios-nrpe-config (33) unstable; urgency=low + + * Add dsa-check-raid-dac960 + + -- Peter Palfrader Thu, 24 Apr 2008 19:20:57 +0000 + +dsa-nagios-nrpe-config (32) unstable; urgency=low + + * Add dsa-check-udldap-freshness. + + -- Peter Palfrader Wed, 16 Apr 2008 07:39:21 -0400 + +dsa-nagios-nrpe-config (31) unstable; urgency=low + + * dsa-check-dabackup: Use last time's log file if backup is currently running. + + -- Peter Palfrader Mon, 14 Apr 2008 17:37:54 -0400 + +dsa-nagios-nrpe-config (30) unstable; urgency=low + + * dsa-check-raid-sw: cleaner output. + + -- Peter Palfrader Mon, 14 Apr 2008 17:05:17 -0400 + +dsa-nagios-nrpe-config (29) unstable; urgency=low + + * dsa-check-dabackup: terser output. + + -- Peter Palfrader Mon, 14 Apr 2008 13:09:07 -0400 + +dsa-nagios-nrpe-config (28) unstable; urgency=low + + * dsa-check-dabackup: ignore .bak files in confdir. + + -- Peter Palfrader Mon, 14 Apr 2008 12:23:25 -0400 + +dsa-nagios-nrpe-config (27) unstable; urgency=low + + * Change OK text when da-backup not installed. + + -- Peter Palfrader Mon, 14 Apr 2008 12:19:00 -0400 + +dsa-nagios-nrpe-config (26) unstable; urgency=low + + * dsa-check-dabackup: Warn if installed but no backups configured. + + -- Peter Palfrader Mon, 14 Apr 2008 12:13:30 -0400 + +dsa-nagios-nrpe-config (25) unstable; urgency=low + + * Install dsa-check-dabackup + + -- Peter Palfrader Mon, 14 Apr 2008 12:05:11 -0400 + +dsa-nagios-nrpe-config (24) unstable; urgency=low + + * Check for dsa-check-backup sudoers entry + + -- Peter Palfrader Mon, 14 Apr 2008 11:48:48 -0400 + +dsa-nagios-nrpe-config (23) unstable; urgency=low + + * Add dsa-check-dabackup + + -- Peter Palfrader Mon, 14 Apr 2008 10:56:32 -0400 + +dsa-nagios-nrpe-config (22) unstable; urgency=low + + * Add a very easy dsa-check-da-in-aliases. + + -- Peter Palfrader Fri, 11 Apr 2008 10:25:54 -0400 + +dsa-nagios-nrpe-config (21) unstable; urgency=low + + * Add dsa-check-raid-sw. + + -- Peter Palfrader Thu, 3 Apr 2008 06:22:44 -0400 + +dsa-nagios-nrpe-config (20) unstable; urgency=low + + * Do away with a new changelog entry and version for every build of the + package - it floods us with useless commit mails - and just + increase the version to $TIMESTAMP in the build area. + + -- Peter Palfrader Thu, 3 Apr 2008 05:38:27 -0400 + +dsa-nagios-nrpe-config (1) unstable; urgency=low + + * Initial release. + + -- Peter Palfrader Wed, 2 Apr 2008 22:24:12 +0200 diff --git a/dsa-nagios-checks/debian/compat b/dsa-nagios-checks/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/dsa-nagios-checks/debian/compat @@ -0,0 +1 @@ +5 diff --git a/dsa-nagios-checks/debian/control b/dsa-nagios-checks/debian/control new file mode 100644 index 0000000..e045aec --- /dev/null +++ b/dsa-nagios-checks/debian/control @@ -0,0 +1,17 @@ +Source: dsa-nagios-nrpe-config +Section: local +Priority: extra +Maintainer: Peter Palfrader +Build-Depends: debhelper (>= 5) +Standards-Version: 3.7.2 + +Package: dsa-nagios-nrpe-config +Architecture: all +Depends: nagios-nrpe-server, nagios-plugins-basic, ${misc:Depends}, binutils, libberkeleydb-perl, dsa-ssh-weak-keys, ruby +Suggests: hpacucli +Description: debian.org nagios-nrpe-server configuration + This package provides the debian.org configuration for the + nagios-nrpe-server, automatically created from the debian.org + nagios setup. + . + It also ships a few nagios checks. diff --git a/dsa-nagios-checks/debian/copyright b/dsa-nagios-checks/debian/copyright new file mode 100644 index 0000000..300ca52 --- /dev/null +++ b/dsa-nagios-checks/debian/copyright @@ -0,0 +1,82 @@ +This package was debianized by Peter Palfrader on +Wed, 2 Apr 2008 22:19:07 +0200. + +The config file shipped with this package is generated automatically +from the debian.org nagios config. + + +######################################################################## +dsa-check-raid-sw: + Copied from http://svn.noreply.org/svn/weaselutils/trunk/nagios-check-raid.pl at r330 + Copyright 2003 Thomas Nilsen + Copyright 2004, 2007, 2008 Peter Palfrader + License: GPL + +######################################################################## +dsa-check-dabackup: + Copyright: 2007 Stephen Gran + Copyright: 2008 Peter Palfrader + License: MIT + +######################################################################## +dsa-check-dabackup-server: + Copyright: 2008 Peter Palfrader + License: MIT + +######################################################################## +dsa-check-raid-3ware: + Copyright: 2006 Peter Palfrader + License: MIT + +######################################################################## +dsa-check-running-kernel: + Copyright: 2008 Peter Palfrader + License: MIT + +######################################################################## +dsa-check-hpacucli: + Copyright: 2008 Peter Palfrader + License: MIT + +######################################################################## +dsa-check-statusfile: + Copyright: 2008 Peter Palfrader + License: MIT + +######################################################################## +weak-ssh-keys-check: + Copyright: 2008 Florian Weimer, Alexander Wirt + License: ISC + +######################################################################## +apt-status-check: + Copyright (C) 2004 SILVER SERVER Gmbh + Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader + License: GPL + +######################################################################## +dsa-check-samhain: + Copyright: 2004 Rainer Wichmann + Copyright: 2008 Martin Zobel-Helas + License: GPL + +######################################################################## +dsa-check-raid-areca: + Copyright: 2007, 2008 Erinn Looney-Triggs + License: GPL + +######################################################################## +dsa-check-mirrorsync: + Copyright: 2008: Alexander Wirt + Copyright: 2008: Peter Palfrader + License: GPL + +######################################################################## +dsa-check-packages: + Copyright: 2008,2009 Peter Palfrader + License: MIT + +######################################################################## +dsa-check-soas: + Copyright: 2006 Peter Palfrader + License: MIT diff --git a/dsa-nagios-checks/debian/cron.d b/dsa-nagios-checks/debian/cron.d new file mode 100644 index 0000000..031d3d5 --- /dev/null +++ b/dsa-nagios-checks/debian/cron.d @@ -0,0 +1,7 @@ +@reboot root sleep 10m && [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys +@daily root [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys + +@hourly root [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status +13 */4 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && /usr/sbin/dsa-update-samhain-status + +# vim:ft=crontab: diff --git a/dsa-nagios-checks/debian/dirs b/dsa-nagios-checks/debian/dirs new file mode 100644 index 0000000..6ee56fe --- /dev/null +++ b/dsa-nagios-checks/debian/dirs @@ -0,0 +1,5 @@ +etc/nagios +usr/lib/nagios/plugins +usr/share/dsa +var/cache/dsa/nagios +usr/sbin diff --git a/dsa-nagios-checks/debian/postinst b/dsa-nagios-checks/debian/postinst new file mode 100644 index 0000000..0749532 --- /dev/null +++ b/dsa-nagios-checks/debian/postinst @@ -0,0 +1,87 @@ +#!/bin/sh + +set -e + +NAGIOS_MASTER=192.25.206.57 + +if [ -e /etc/nagios/nrpe.cfg ] ; then + if ! grep '^include=/etc/nagios/nrpe_dsa.cfg$' /etc/nagios/nrpe.cfg > /dev/null; then + echo + echo "WARNING: /etc/nagios/nrpe.cfg does not include /etc/nagios/nrpe_dsa.cfg. Please fix." + echo + fi + if ! grep '^allowed_hosts=' /etc/nagios/nrpe.cfg > /dev/null; then + echo + echo "WARNING: /etc/nagios/nrpe.cfg does not define allowed_hosts. Please fix (set allowed_hosts=$NAGIOS_MASTER)." + echo + else + found=0 + for host in `grep '^allowed_hosts=' /etc/nagios/nrpe.cfg | sed -e 's/.*=//' | tr ',' "\n"`; do + if [ "$host" = "$NAGIOS_MASTER" ]; then + found=1 + break + fi + done + if [ "$found" = "0" ]; then + echo + echo "WARNING: /etc/nagios/nrpe.cfg does not have $NAGIOS_MASTER in allowed_hosts. Please fix." + echo + fi + fi +fi + +if [ -e /etc/default/nagios-nrpe-server ] ; then + if ! grep '^DAEMON_OPTS="--no-ssl"$' /etc/default/nagios-nrpe-server > /dev/null; then + echo + echo "WARNING: /etc/default/nagios-nrpe-server probably does not set DAEMON_OPTS=\"--no-ssl\". Please fix." + echo + fi +fi + +if [ -e /etc/sudoers ] ; then + if ! grep '^nagios.*/usr/lib/nagios/plugins/dsa-check-dabackup' /etc/sudoers > /dev/null; then + echo + echo 'WARNIG: Add this line to sudoers:' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""' + echo + fi +fi + +if [ -e /etc/sudoers ] ; then + if ! grep '^nagios.*/usr/sbin/samhain' /etc/sudoers > /dev/null; then + echo + echo 'WARNIG: Add this line to sudoers:' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none' + echo + fi +fi + +if [ -e /usr/sbin/hpacucli ] && [ -e /dev/cciss/c0d0 ] ; then + if ! grep '^nagios.*hpacucli' /etc/sudoers > /dev/null; then + echo + echo 'WARNIG: Add these lines to sudoers:' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status' + echo + elif ! grep '^nagios.*hpacucli.* pd .*:.* show' /etc/sudoers > /dev/null; then + echo + echo 'WARNIG: Add these lines to sudoers:' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show' + echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show' + fi +fi + +if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d nagios-nrpe-server restart || exit $? +else + /etc/init.d/nagios-nrpe-server restart || exit $? +fi + +/usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys + +#DEBHELPER# + +exit 0 diff --git a/dsa-nagios-checks/debian/postrm b/dsa-nagios-checks/debian/postrm new file mode 100644 index 0000000..272a7cc --- /dev/null +++ b/dsa-nagios-checks/debian/postrm @@ -0,0 +1,23 @@ +#!/bin/sh +# postrm script for dsa-ssh-weak-keys +# +# see: dh_installdeb(1) + +set -e + +case "$1" in + purge) + rm -f /var/cache/dsa/nagios/weak-ssh-keys + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/dsa-nagios-checks/debian/rules b/dsa-nagios-checks/debian/rules new file mode 100755 index 0000000..f992dbc --- /dev/null +++ b/dsa-nagios-checks/debian/rules @@ -0,0 +1,61 @@ +#!/usr/bin/make -f + +clean: + dh_testdir + dh_testroot + dh_clean + +build: + +install: + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + install -m 644 nrpe_dsa.cfg $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios + install -m 755 dsa-check-hpacucli $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-raid-areca $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-raid-dac960 $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-raid-mpt $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-raid-sw $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-raid-3ware $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-running-kernel $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-config $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-dabackup $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-dabackup-server $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-udldap-freshness $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-statusfile $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-samhain $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-mirrorsync $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-soas $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + + install -m 755 dsa-check-puppet $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 755 dsa-check-packages $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins + install -m 644 obsolete-packages-ignore $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios + + install -m 755 apt-status-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa + install -m 755 weak-ssh-keys-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa + + install -m 755 dsa-update-apt-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin + install -m 755 dsa-update-samhain-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin + + +binary-indep: install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installcron + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-arch: install +binary: binary-indep binary-arch + +.PHONY: clean binary-indep binary-arch binary install build diff --git a/dsa-nagios-checks/dsa-check-config b/dsa-nagios-checks/dsa-check-config new file mode 100755 index 0000000..0d62402 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-config @@ -0,0 +1,68 @@ +#!/bin/sh + +# Check that debian-admin is in /etc/aliases for root. +# Peter Palfrader, 2008 + +#my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 ); + +set -e +err=0 + +log() { + if [ "$0" == "ok" ] && [ "$err" == 0 ]; then + err=0 + elif [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then + err=1 + elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then + err=2 + elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then + err=3 + fi + if [ "`eval echo \\$$1`" = "" ]; then + eval $1="\"$2\"" + else + eval $1="\"`eval echo \\$$1`; $2\"" + fi +} + + +check_aliases() { + if ! [ -e /etc/aliases ]; then + log unknown "/etc/aliases not found" + return + fi + + if egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then + log ok "debian-admin found in aliases" + return + fi + + log warn "debian-admin not found in root entry in aliases" +} + +check_ldap_conf() { + if ! [ -e /etc/ldap/ldap.conf ]; then + log unknown "/etc/ldap/ldap.conf not found" + return + fi + + if egrep '^URI.*ldap://db.debian.org' /etc/ldap/ldap.conf > /dev/null && + egrep '^BASE.*dc=debian,dc=org' /etc/ldap/ldap.conf > /dev/null && + egrep '^TLS_CACERT.*/etc/ssl/certs/spi-cacert-2008.pem' /etc/ldap/ldap.conf > /dev/null && + egrep '^TLS_REQCERT.*hard' /etc/ldap/ldap.conf > /dev/null ; then + log ok "ldap.conf configured properly" + return + fi + + log warn "ldap.conf does not have URI, BASE, TLS_CACERT, TLS_REQCERT all configured correctly" +} + +check_aliases +check_ldap_conf + +[ "$critical" = "" ] || echo -n "Critical: $critical; " +[ "$warn" = "" ] || echo -n "Warning: $warn; " +[ "$unknown" = "" ] || echo -n "Unknown: $unknown; " +[ "$ok" = "" ] || echo -n "OK: $ok" +echo +exit $err diff --git a/dsa-nagios-checks/dsa-check-dabackup b/dsa-nagios-checks/dsa-check-dabackup new file mode 100755 index 0000000..f400023 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-dabackup @@ -0,0 +1,179 @@ +#!/usr/bin/perl -w + +# Check the status of da-backup backups +# Copyright 2007 Stephen Gran +# Copyright 2008 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +use strict; +use warnings; +use English; +use Getopt::Long; +use Fcntl qw(:seek); + +my $DABACKUP_CONF = '/etc/da-backup.conf'; +my $MAX_AGE = 30*60*60; +my $TOO_FRESH = 5*60; +my %CODE = ( + 'UNDEF' => -1, + 'OK' => 0, + 'WARNING' => 1, + 'CRITICAL' => 2, + 'UNKNOWN' => 3 +); +$SIG{__DIE__ } = sub() { + print shift; + exit $CODE{'UNKNOWN'}; +}; + + +my $EXITCODE = 'UNDEF'; +my %MESSAGE = (); + +sub problem($$$) { + my ($code, $msg, $resource) = @_; + $MESSAGE{$msg} = [] unless defined $MESSAGE{$msg}; + push @{$MESSAGE{$msg}}, $resource; + $EXITCODE = ($CODE{$code} > $CODE{$EXITCODE}) ? $code : $EXITCODE; +}; + + +sub help($$) { + my ($exitcode, $fd) = @_; + version ($fd, 0); + print $fd "Usage: $PROGRAM_NAME --help\n"; + print $fd "Usage: $PROGRAM_NAME"; + exit $exitcode +}; + +my $params = {}; + +Getopt::Long::config('bundling'); +if (!GetOptions ( + 'h|help' => \$params->{'help'}, + )) { + die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [-fwhv]\n"); +}; + +help(0, *STDOUT) if $params->{'help'}; +help(1, *STDERR) if scalar @ARGV > 0; + + +unless (-e $DABACKUP_CONF) { + if (-e '/etc/da-backup') { + print "WARNING: No $DABACKUP_CONF, but we have /etc/da-backup/\n"; + exit $CODE{'WARNING'}; + }; + if (-e '/var/log/da-backup') { + print "WARNING: No $DABACKUP_CONF, but we have /var/log/da-backup/\n"; + exit $CODE{'WARNING'}; + }; + print "OK: da-backup not installed\n"; + exit $CODE{'OK'}; +}; + +my $confdir; +my $logdir; + +open (FH, "< $DABACKUP_CONF") or die ("Cannot open $DABACKUP_CONF: $!\n"); +while () { + if (/confdir=(.*)/) { + $confdir = $1; + } elsif (/logdir=(.*)/) { + $logdir = $1; + }; +}; + +die ("No confdir found in $DABACKUP_CONF") unless defined $confdir; +die ("No logdir found in $DABACKUP_CONF") unless defined $logdir; + +opendir(DIR, $confdir) or die ("Cannot opendir $confdir: $!\n"); +my %conffiles = map {$_ => 1} grep { !/^\./ && !/\.bak$/} readdir(DIR); +closedir(DIR); + +opendir(DIR, $logdir) or die ("Cannot opendir $logdir: $!\n"); +my %logfiles = map {$_ => 1} grep { !/^\./ && !/\.[0-9]+(\.gz)?$/} readdir(DIR); +closedir(DIR); + +if (scalar keys %conffiles == 0) { + print "WARNING: da-backup installed but no backups configured\n"; + exit $CODE{'WARNING'}; +}; + +for my $f (keys %conffiles) { + unless (exists $logfiles{$f}) { + problem('WARNING', 'no log', $f); + } +} + +FILE: +for my $f (sort {$a cmp $b} keys %logfiles) { + unless (exists $conffiles{$f}) { + problem('WARNING', 'no config', $f); + next; + } + + my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n"); + my $age = time - $stat[10]; + + if ($age < $TOO_FRESH) { # File is too new, let's use the old one + if (-e "$logdir/$f.0") { + $f .= ".0"; + my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n"); + $age = time - $stat[10]; + }; + }; + + if ($age < 0) { + problem('WARNING', 'future timestamp', $f); + next; + } elsif ($age > $MAX_AGE) { + my $hage; + + if ($age > 48 * 3600) { + $hage = sprintf("%d days", $age / 24 / 3600); + } else { + $hage = sprintf("%d hours", $age / 3600); + }; + problem('WARNING', 'old', "$f ($hage)"); + next; + }; + + open(FH, "< $logdir/$f") or die ("Cannot open $logdir/$f: $!\n"); + sysseek(FH, -1024, SEEK_END); # just try it - doesn't matter if it fails + my $last2 = ''; + my $last = ''; + while () { + chomp; + if (/^sent\s+\d+\s+bytes\s+received\s+\d+\s+bytes\s+[\d\.]+\s+bytes\/sec$/) { + problem('OK', 'probably ok', $f); + close(FH); + next FILE; + }; + $last2 = $last; + $last = $_; + }; + problem('CRITICAL', 'FAILED', "$f ($last2 $last)"); +}; + +my $msg = join("; ", map {"$_: ".join(', ', @{$MESSAGE{$_}}) } (sort {$a cmp $b} keys %MESSAGE)); +print $EXITCODE, ": ", $msg, "\n"; +exit $CODE{$EXITCODE}; diff --git a/dsa-nagios-checks/dsa-check-dabackup-server b/dsa-nagios-checks/dsa-check-dabackup-server new file mode 100755 index 0000000..c4e4884 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-dabackup-server @@ -0,0 +1,126 @@ +#!/bin/sh + +# some tests weasel uses to check if da-backup is properly configured: +# Copyright 2008 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +set -e +set -u + +err=0 + +log() { + if [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then + err=1 + elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then + err=2 + elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then + err=3 + fi +} + +cd /etc/da-backup-manager + +# check that the files have proper names +for i in *; do + s=`cat "$i" | awk -F = '$1=="source" {print $2}'` + if [ "$s" = "master.debian.org/debian" ] && [ "$i" = "listarchive" ]; then + # historical exception + continue + fi + if [ "`echo $s | tr / -`" != "$i" ]; then + log warn + echo "Mismatch: Filename $i but backup source $s" + fi +done + +# and that source == destination everywhere +for i in *; do + s=`cat $i | awk -F = '$1=="source"{print $2}'` + d=`cat $i | awk -F = '$1=="destination"{print $2}'` + if [ "$d" != "$s" ]; then + log warn + echo "source != dest in $i. ($s != $d)" + fi +done + +# check that everything that has an entry in authorized_keys has one in /etc/da-backup-manager +rsync_targets=`tempfile` +backup_manager_sources=`tempfile` +trap "rm -f '$rsync_targets' '$backup_manager_sources'" 0 1 2 5 15 +cat /root/.ssh/authorized_keys | + grep '^command=' | + sed -e 's/",no-por.*//' -e 's/.*--ignore-errors . //' -e 's#/org/backup.debian.org/staging/##' | + sort > "$rsync_targets" +grep -h source /etc/da-backup-manager/* | + sed -e 's/source=//' | + sort > "$backup_manager_sources" +if ! diff "$rsync_targets" "$backup_manager_sources" > /dev/null; then + log warn + echo "authorized_keys vs. /etc/da-backup-manage mismatch:" + diff "$rsync_targets" "$backup_manager_sources" +fi + +# check that everything listed as either source or destination by da-backup-manager does exist - if stuff is new it might still be missing tho +for i in `awk -F = '$1=="source" {print $2}' /etc/da-backup-manager/* `; do + if ! [ -d "/org/backup.debian.org/staging/$i" ]; then + log warn + echo "Warning: source $i does not exist" + fi +done +for i in ` awk -F = '$1=="destination"{print $2}' /etc/da-backup-manager/* `; do + if ! [ -d "/org/backup.debian.org/backups/$i" ]; then + log warn + echo "Warning: destination $i does not exist (if it is new, it takes a day)" + fi +done + +# check that everything that does exist has an entry in da-backup-manager +cd /org/backup.debian.org/staging +for i in */*; do + if ! [ -d "$i" ]; then + log warn + echo "WTF: staging/$i is not a dir" + continue + fi + if ! grep "source=$i" /etc/da-backup-manager/* > /dev/null; then + log warn + echo "staging/$i is not listed anywhere in /etc/da-backup-manager" + fi +done +cd /org/backup.debian.org/backups +for i in */*; do + if ! [ -d "$i" ]; then + log warn + echo "WTF: backups/$i is not a dir" + continue + fi + if ! grep "destination=$i" /etc/da-backup-manager/* > /dev/null; then + log warn + echo "backups/$i is not listed anywhere in /etc/da-backup-manager" + fi +done + +if [ "$err" = 0 ]; then + echo "da-backup seems to be properly configured" +fi +exit $err diff --git a/dsa-nagios-checks/dsa-check-hpacucli b/dsa-nagios-checks/dsa-check-hpacucli new file mode 100755 index 0000000..a347388 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-hpacucli @@ -0,0 +1,216 @@ +#!/usr/bin/perl -w + +# check _physical_ disk status of disks on HP smart array controllers +# requires hpacucli +# +# does _not_ check raid status. use arrayprobe for that. + +# Copyright (c) 2008 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +use strict; + +# nagios exit codes +my %CODE = ( + 'OK' => 0, + 'WARNING' => 1, + 'CRITICAL' => 2, + 'UNKNOWN' => 3 +); + +my $EXITCODE = 'OK'; + +$SIG{'__DIE__'} = sub { + print STDERR @_; + exit $CODE{'UNKNOWN'}; +}; + +sub runcmd($) { + my ($cmd) = @_; + $cmd = "sudo hpacucli $cmd"; + open(FH, $cmd."|") or die ("Cannot run $cmd: $!"); + my @lines = ; + close FH; + die ("no results from $cmd\n") if (scalar @lines == 0); + return \@lines; +} + +sub record($) { + my ($newexit) = @_; + die "code $newexit not defined\n" unless defined $CODE{$newexit}; + + if ($CODE{$newexit} > $CODE{$EXITCODE}) { + $EXITCODE = $newexit; + }; +} + + +my $ctrlallshow = runcmd("controller all show"); +my @controllers; +for (@$ctrlallshow) { + chomp; + next if /^$/; + if (/in Slot ([0-9]+) /) { + push @controllers, $1; + next; + }; + die ("Cannot read line '$_' gotten from hpacucli controller all show\n"); +}; + +if (scalar @controllers == 0) { + print "UNKNONW: No smartarray controllers found with hpacucli\n"; + exit $CODE{'UNKNOWN'} +}; + +my @resultstr; + +for my $slot (sort @controllers) { + my $pds = runcmd("controller slot=$slot pd all show"); + my @drives; + my $nodrives = 0; + my %status; + for (@$pds) { + chomp; + next if /^$/; + next if (/^\S.*in Slot $slot/); + next if /^ *array [A-Z]$/; + if (/^ *(array [A-Z]) \(Failed\)$/) { + record('CRITICAL'); + push @{$status{'Failed'}}, $1; + } elsif (/^Error: The specified controller does not have any physical drives on it.$/) { + $nodrives = 1; + } elsif (/^ *physicaldrive (\S+) .* (OK|Predictive Failure|Failed|Rebuilding)(?:, spare)?\)$/) { + my $drive = $1; + my $status = $2; + push @{$status{$status}}, $drive; + if ($status eq 'OK') { + } elsif ($status eq 'Predictive Failure' || + $status eq 'Rebuilding') { + record('WARNING'); + } elsif ($status eq 'Failed') { + record('CRITICAL'); + } else { + record('UNKNOWN'); + }; + push @drives, $drive; + } else { + die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot pd all show\n"); + }; + }; + + # Check that all drives have the proper transfer speed. + # sometimes stuff breaks and they fall back to 10mb/sec. + for my $drive (@drives) { + # skip drives that are known to have failed + next if (exists $status{'Failed'} && grep {$drive eq $_} @{$status{'Failed'}}); + my $type; + if ($drive =~ /^[0-9]+:[0-9]+$/) { # scsi drives + $type = 'SCSI'; + } elsif ($drive =~ /^[0-9]+I:[0-9]+:[0-9]+$/) { # SAS + $type = 'SAS'; + } else { + # I'm not going to run pass arguments of unknown form to the shell.. + warn ("Unknown diskdrive ID $drive\n"); + next; + } + + my $pd = runcmd("controller slot=$slot pd $drive show"); + while (defined $pd->[0] && !($pd->[0] =~ /physicaldrive/)) { + shift @$pd; + }; + shift @$pd; + my %value; + for (@$pd) { + if (m/^\s*(.*?):\s*(.*?)\s*$/) { + $value{$1} = $2; + } + } + + my $key; + my $expected; + if ($type eq 'SCSI') { + $key = 'Transfer Speed'; + if (!defined $value{'Transfer Mode'}) { + record('WARNING'); + push @{$status{'unknown transfer mode'}}, $drive; + next; + } elsif ($value{'Transfer Mode'} eq 'Ultra 3 Wide') { + $expected = '160 MB/Sec'; + } elsif ($value{'Transfer Mode'} eq 'Ultra 320 Wide') { + $expected = '320 MB/Sec'; + } else { + record('WARNING'); + push @{$status{'unknown transfer mode'}}, $drive."(".$value{'Transfer Mode'}.")"; + next; + }; + } elsif ($type eq 'SAS') { + $key = 'PHY Transfer Rate'; + if ($value{'PHY Count'} eq '2') { + $expected = '3.0GBPS, Unknown'; + } else { + $expected = '3.0GBPS'; + } + } else { + warn "Should not be here. Do not know what to do with type '$type'\n"; + next; + } + + if (!defined $value{$key}) { + record('WARNING'); + push @{$status{'unknown transfer speed'}}, $drive; + } elsif ($value{$key} ne $expected) { + record('WARNING'); + push @{$status{'bad transfer speed'}}, $drive."(".$value{$key}.")"; + }; + }; + + if ($nodrives && scalar keys %status > 0) { + push @resultstr, "Slot $slot: have no drives but status results?"; + record('UNKNOWN'); + next; + } elsif ($nodrives) { + push @resultstr, "Slot $slot: no drives"; + next; + }; + + my $cst = runcmd("controller slot=$slot show status"); + for (@$cst) { + chomp; + next if /^$/; + next if (/^\S.*in Slot $slot/); + if (/^ *(.*) Status: (.*)$/) { + my $system = $1; + my $status = $2; + push @{$status{$status}}, $system; + if ($status ne 'OK') { + record('WARNING'); + }; + } else { + die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot show status\n"); + }; + }; + + my $status = join(" - ", (map { $_.": ".join(", ", @{$status{$_}}) } keys %status)); + push @resultstr, "Slot $slot: $status"; +}; + +print "$EXITCODE: ", join(" --- ", @resultstr), "\n"; +exit $CODE{$EXITCODE}; diff --git a/dsa-nagios-checks/dsa-check-mirrorsync b/dsa-nagios-checks/dsa-check-mirrorsync new file mode 100755 index 0000000..4637cab --- /dev/null +++ b/dsa-nagios-checks/dsa-check-mirrorsync @@ -0,0 +1,140 @@ +#!/usr/bin/perl -w + +# nagios check for debian security sync checks +# +# Copyright (c) 2008 Alexander Wirt +# Copyright (c) 2009 Peter Palfrader +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +# USA + +use LWP::UserAgent; +use Socket; +use strict; +use Date::Parse; +use Getopt::Long; +use Date::Parse; +use Date::Format; +use File::Basename; +use English; +use warnings; + + +sub usage($$) { + my ($fh, $exit) = @_; + my $basename = basename($PROGRAM_NAME); + my $VERSION = '0.1'; + + print $fh "$basename $VERSION\n"; + print $fh "Usage: $basename [--help|--version] [--verbose]\n"; + print $fh "\n"; + print $fh " --help Print this short help.\n"; + print $fh " --version Report version number.\n"; + print $fh " --verbose Be a little verbose.\n"; + print $fh " --host hostname to check.\n"; + print $fh " --path path to tracefile.\n"; + print $fh "\n"; + exit ($exit); +}; + + +$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; +delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; + +my $params; + +$params->{'host'} = 'security.debian.org'; #which host to check +$params->{'path'} = 'project/trace/security-master.debian.org'; + +my $OK = 0; +my $WARNING = 1; +my $CRITICAL = 2; +my $UNKNOWN = 3; + +if (!GetOptions ( + '--help' => \$params->{'help'}, + '--verbose' => \$params->{'verbose'}, + '--version' => \$params->{'version'}, + '--host=s' => \$params->{'host'}, + '--path=s' => \$params->{'path'}, + )) { + usage(*STDERR,1) +}; +usage(*STDOUT,0) if ($params->{'help'}); +usage(*STDERR,1) if (scalar @ARGV); + +my $host = $params->{'host'}; +my $path = $params->{'path'}; +my @slaves; +my $status; +my @exitstatus; +my $exitcode = $OK; + +@slaves = gethostbyname($params->{'host'}) or die "Can't resolve " . $params->{'host'} .": $!\n"; +@slaves = map { inet_ntoa($_) } @slaves[4 .. $#slaves]; +print "Checking the following hosts:\n" . join("\n", @slaves) . "\n" if $params->{'verbose'}; + +my @critical; + +foreach my $slave (@slaves) { + my $ua = LWP::UserAgent->new; + $ua->proxy('http', "http://$slave"); + print "Requesting http://$host/$path from $slave\n" if $params->{'verbose'}; + my $response = $ua->get("http://$host/$path"); + + + if ($response->is_success) { + my $content = $response->content; # or whatever + my ($date, $foo, $bar) = split("\n", $content); + my $synctime = str2time($date);; + print "$slave last synced $synctime\n" if $params->{'verbose'}; + $status->{$slave}->{'synced'} = $synctime; + } + else { + push @exitstatus, "$slave broken: " . $response->status_line; + $status->{$slave}->{'error'} = $response->status_line; + $exitcode = $CRITICAL; + push @critical, $slave; + } +} + + +my %seen; +my $o_sync = scalar(grep !$seen{$_}++, map{$status->{$_}->{'synced'}} keys(%{$status})); +if ($o_sync > 1) { + $exitcode = $CRITICAL; + $o_sync -= 1; + my @mirrors = sort { $status->{$a}->{'synced'} <=> $status->{$b}->{'synced'} } keys %{$status}; + push @exitstatus, "$o_sync mirror(s) not in sync (from oldest to newest): ". + join(",", splice(@mirrors,0,$o_sync)); +} else { + print "All mirrors unique\n" if $params->{'verbose'}; +} + +if ($exitcode == $CRITICAL) { + print "CRITICAL: " . join(',',@exitstatus) . "\n"; +} elsif ($exitcode == $OK) { + print "OK: all mirrors up2date\n"; +} + +foreach my $mirror (keys(%{$status})) { + if ($status->{$mirror}->{'error'}) { + print "$mirror broken: " . $status->{$mirror}->{'error'} . "\n"; + } else { + print "$mirror last synced: " . localtime($status->{$mirror}->{'synced'}) ."\n"; + } +} + +exit $exitcode; diff --git a/dsa-nagios-checks/dsa-check-packages b/dsa-nagios-checks/dsa-check-packages new file mode 100755 index 0000000..29e7e4d --- /dev/null +++ b/dsa-nagios-checks/dsa-check-packages @@ -0,0 +1,276 @@ +#!/usr/bin/perl + +# dsa-check-packages + +# checks for obsolete/local and upgradeable packages. +# +# packages for the obsolete/local check can be ignored, by +# listing their full name in /etc/nagios/obsolete-packages-ignore +# or by having a regex (starting a line with "/") that matches +# the packagename in said file. +# +# Takes one optional argument, the location of the ignore file. + + +# Copyright (C) 2008, 2009 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +use strict; +use warnings; +use English; + +my $IGNORE = "/etc/nagios/obsolete-packages-ignore"; + +my %CODE = ( + 'OK' => 0, + 'WARNING' => 1, + 'CRITICAL' => 2, + 'UNKNOWN' => 3 +); +my $EXITCODE = 'OK'; +sub record($) { + my ($newexit) = @_; + die "code $newexit not defined\n" unless defined $CODE{$newexit}; + + if ($CODE{$newexit} > $CODE{$EXITCODE}) { + $EXITCODE = $newexit; + }; +} + + + +sub get_packages { + $ENV{'COLUMNS'} = 1000; + $ENV{'LC_ALL'} = 'C'; + open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n"); + my @lines = ; + close(F); + chomp(@lines); + + shift @lines while ($lines[0] !~ /\+\+\+/); + shift @lines; + + my %pkgs; + for my $line (@lines) { + my ($state, $pkg, $version, undef) = split(/ */, $line); + $pkgs{$state}{$pkg} = { 'installed' => $version } + } + + my $installed = $pkgs{'ii'}; + delete $pkgs{'ii'}; + + open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!"; + open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!"; + + open (F, "apt-cache policy ".(join(" ", keys(%$installed)))." |") or die ("Cannot run apt-cache policy: $!\n"); + @lines = ; + close(F); + chomp(@lines); + open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!"; + + my $line; + my $pkgname = undef; + while (defined($line = shift @lines)) { + if ($line =~ /^([^ ]*):$/) { + $pkgname = $1; + } elsif ($line =~ /^ +Installed: (.*)$/) { + # etch dpkg -l does not print epochs, so use this info, it's better + $installed->{$pkgname}{'installed'} = $1; + } elsif ($line =~ /^ +Candidate: (.*)$/) { + $installed->{$pkgname}{'candidate'} = $1; + } elsif ($line =~ /^ +\*\*\*/) { + my @l; + @l = split(/ +/, $line); + $line = shift @lines; + @l = split(/ +/, $line); + $installed->{$pkgname}{'origin'} = $l[2]; + } + } + + my (%current, %obsolete, %outofdate); + for my $pkgname (keys %$installed) { + my $pkg = $installed->{$pkgname}; + + unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) { + $obsolete{$pkgname} = $pkg; + next; + } + + if ($pkg->{'candidate'} ne $pkg->{'installed'}) { + $outofdate{$pkgname} = $pkg; + next; + }; + if ($pkg->{'origin'} eq '/var/lib/dpkg/status') { + $obsolete{$pkgname} = $pkg; + next; + } + $current{$pkgname} = $pkg; + } + + $pkgs{'current'} = \%current; + $pkgs{'outofdate'} = \%outofdate; + $pkgs{'obsolete'} = \%obsolete; + return \%pkgs; +} + +sub load_ignores { + my ($ignorefile, $require_file) = @_; + + my @ignores; + if (!$require_file and ! -e $ignorefile) { + return \@ignores; + } + + open (F, "< $ignorefile") or die ("Cannot open $ignorefile: $!\n"); + @ignores = ; + close F; + chomp(@ignores); + return \@ignores; +} + +sub check_ignore { + my ($pkg, $ignores) = @_; + + my $ignore_this = 0; + for my $ignore (@$ignores) { + my $ig = $ignore; + return 1 if ($ig eq $pkg); + if (substr($ig,0,1) eq '/') { + substr($ig, 0, 1, ''); + $ig =~ s,/$,,; + return 1 if ($pkg =~ /$ig/); + } + } + return 0 +} + +sub filter_ignored { + my ($packages, $ignores) = @_; + + my $obs = $packages->{'obsolete'}; + + my (%ignored, %bad); + for my $pkg (keys %$obs) { + if (check_ignore($pkg, $ignores)) { + $ignored{$pkg} = $obs->{$pkg}; + } else { + $bad{$pkg} = $obs->{$pkg}; + }; + } + delete $packages->{'obsolete'}; + $packages->{'obsolete'} = \%bad; + $packages->{'obsolete-ignored'} = \%ignored; +}; + +sub usage { + my ($fd, $exit) = @_; + print $fd "Usage: $PROGRAM_NAME []\n"; + exit $exit; +} + +my $ignorefile = $IGNORE; +my $ignorefile_userset = 0; +usage(\*STDERR, 1) if (@ARGV > 1); +if (@ARGV == 1) { + usage(\*STDOUT, 0) if ($ARGV[0] eq "-h"); + usage(\*STDOUT, 0) if ($ARGV[0] eq "--help"); + $ignorefile = $ARGV[0]; + $ignorefile_userset = 1; +}; + +my $ignores = load_ignores($ignorefile, $ignorefile_userset); +my $packages = get_packages(); + +filter_ignored($packages, $ignores); + + + +my @reportform = ( + { 'key' => 'obsolete', + 'listpackages' => 1, + 'long' => "%d local or obsolete packages: %s", + 'short' => "%d obs", + 'status' => 'WARNING' }, + { 'key' => 'outofdate', + 'listpackages' => 1, + 'long' => "%d out of date packages: %s", + 'short' => "%d updates", + 'status' => 'WARNING' }, + { 'key' => 'current', + 'listpackages' => 0, + 'long' => "%d packages current.", + 'short' => "%d ok", + 'status' => 'OK' }, + { 'key' => 'obsolete-ignored', + 'listpackages' => 1, + 'long' => "%d whitelisted local or obsolete packages: %s", + 'short' => "%d obs(ignored)", + 'status' => 'OK' }, + { 'key' => 'rc', + 'listpackages' => 1, + 'long' => "%d packages removed but not purged: %s", + 'short' => "%d rc", + 'status' => 'OK' }, + { 'key' => 'hi', + 'listpackages' => 1, + 'long' => "%d packages on hold: %s", + 'short' => "%d hi", + 'status' => 'OK' }, + { 'key' => 'pc', + 'listpackages' => 1, + 'long' => "%d packages requested to be purged but conffiles still installed: %s", + 'short' => "%d pc", + 'status' => 'WARNING' }, + ); + +my @longout; +my @shortout; +for my $form (@reportform) { + my $pkgs = $packages->{$form->{'key'}}; + delete $packages->{$form->{'key'}}; + my $num = scalar keys %$pkgs; + next unless ($num > 0); + if ($form->{'listpackages'}) { + my $list = join(", ", keys %$pkgs); + push @longout, sprintf($form->{'long'}, $num, $list); + } else { + push @longout, sprintf($form->{'long'}, $num); + }; + push @shortout, sprintf($form->{'short'}, $num); + record($form->{'status'}); +}; +if (scalar keys %$packages) { + record('WARNING'); + unshift @shortout, "unk: ".join(", ", keys %$packages); + for my $status (sort {$b cmp $a} keys %$packages) { + my $pkgs = $packages->{$status}; + my $list = join(", ", keys %$pkgs); + unshift @longout, "Unknown package status $status: $list"; + }; +} + +my $shortout = $EXITCODE.": ".join(", ", @shortout); +my $longout = join("\n", @longout); + +print $shortout,"\n"; +print $longout,"\n"; + +exit $CODE{$EXITCODE}; diff --git a/dsa-nagios-checks/dsa-check-puppet b/dsa-nagios-checks/dsa-check-puppet new file mode 100755 index 0000000..332261e --- /dev/null +++ b/dsa-nagios-checks/dsa-check-puppet @@ -0,0 +1,91 @@ +#!/usr/bin/env ruby + +require 'optparse' + +class CheckPuppet + + VERSION = '0.1' + script_name = File.basename($0) + + # default options + OPTIONS = { + :statefile => "/var/lib/puppet/state/state.yaml", + :interval => 60, + } + + o = OptionParser.new do |o| + o.set_summary_indent(' ') + o.banner = "Usage: #{script_name} [OPTIONS]" + o.define_head "The check_puppet Nagios plug-in checks that the specified " + + "puppet state file is no older than specified interval." + o.separator "" + o.separator "Mandatory arguments to long options are mandatory for " + + "short options too." + + o.on("-s", "--statefile=statefile", String, "The state file", + "Default: #{OPTIONS[:statefile]}") { |OPTIONS[:statefile]| } + o.on("-i", "--interval=value", Integer, + "Default: #{OPTIONS[:interval]} minutes") { |OPTIONS[:interval]| } + + o.separator "" + o.on_tail("-h", "--help", "Show this help message.") do + puts o + exit + end + + o.parse!(ARGV) + end + + def check_state + + # Set variables + curt = Time.now + intv = OPTIONS[:interval] * 60 + + # Check file time + @modt = 0 + begin + @modt = File.mtime("#{OPTIONS[:statefile]}") + rescue + @file = 3 + end + + diff = (curt - @modt).to_i + + @file = 2 + @file = 0 if diff <= intv + + end + + def output_status + + case @file + when 0 + state = "state file status okay updated on " + @modt.strftime("%m/%d/%Y at %H:%M:%S") + when 2 + state = "state file is missing or older than #{OPTIONS[:interval]} minutes" + when 3 + state = "state file status unknown" + end + + case @file + when 0 + status = "OK" + exitcode = 0 + when 2 + status = "CRITICAL" + exitcode = 2 + when 3 + status = "UNKNOWN" + exitcide = 3 + end + + puts "PUPPET " + status + ": " + state + exit(exitcode) + end +end + +cp = CheckPuppet.new +cp.check_state +cp.output_status + diff --git a/dsa-nagios-checks/dsa-check-raid-3ware b/dsa-nagios-checks/dsa-check-raid-3ware new file mode 100755 index 0000000..a9887b9 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-raid-3ware @@ -0,0 +1,111 @@ +#!/usr/bin/perl -Tw + +# Copyright (C) 2006 Peter Palfrader + +# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers: +# +# nagios ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status +# + +use strict; +use English; +use Getopt::Long; + +$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; +delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; + +my $TW_CLI = '/usr/local/bin/tw_cli'; +my $SVN_REVISION_STRING = '$Rev: 313 $'; +my ($SVN_REVISION) = ($SVN_REVISION_STRING =~ /([0-9]+)/); + $SVN_REVISION = 'unknown' unless defined $SVN_REVISION; +my $VERSION = '0.0.0.'.$SVN_REVISION; + +# nagios exit codes +my $UNKNOWN = -1; +my $OK = 0; +my $WARNING = 1; +my $CRITICAL = 2; + +my $params = { + 'no-sudo' => 0, + 'controller' => 0, + 'unit' => 0 + }; + +Getopt::Long::config('bundling'); +if (!GetOptions ( + '--help' => \$params->{'help'}, + '--version' => \$params->{'version'}, + '--verbose' => \$params->{'verbose'}, + '--controller=i' => \$params->{'controller'}, + '--unit=i' => \$params->{'unit'}, + '--no-sudo' => \$params->{'no-sudo'}, + )) { + die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=] [--unit=]\n"); +}; +if ($params->{'help'}) { + print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=] [--unit=]\n"; + print "Checks status of 3ware raid arrays.\n"; + exit (0); +}; +if ($params->{'version'}) { + print "nagios-check-raid-3ware $VERSION\n"; + print "nagios check for 3ware raids\n"; + print "Copyright (c) 2006 Peter Palfrader \n"; + exit (0); +}; + +$SIG{'__DIE__'} = sub { + print STDERR @_; + exit $UNKNOWN; +}; + +unless (-e $TW_CLI) { + print "Cannot find '$TW_CLI'.\n"; + exit $UNKNOWN; +}; + +my $sudo = $params->{'no-sudo'} ? '' : 'sudo '; +my $command = "$sudo $TW_CLI info c$params->{'controller'} u$params->{'unit'} status"; +print STDERR "Running $command\n" if $params->{'verbose'}; +open (TW, "$command|") or die ("Cannot run $command: $!\n"); +my @tw=; +close TW; +if ($CHILD_ERROR) { # program failed + die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n"); +}; + + +my $exit = $UNKNOWN; +my $msg = ''; +for my $line (@tw) { + chomp $line; + next if $line =~ /^$/; + my ($device, $status) = $line =~ m#^(/c[0-9]+/u[0-9]+) status = ([A-Z]+)$#; + unless (defined($device) && defined($status)) { + print "Cannot parse line '$line'\n"; + exit $UNKNOWN; + }; + if ($status eq 'OK' || + $status eq 'VERIFYING') { + $msg .= ($msg eq '' ? '' : '; '). "$device: $status"; + $exit = $exit > $OK ? $exit : $OK; + } elsif ($status eq 'DEGRADED') { + $msg .= ($msg eq '' ? '' : '; '). "$device: $status"; + $exit = $exit > $CRITICAL ? $exit : $CRITICAL; + } elsif ($status eq 'OFFLINE') { + $msg .= ($msg eq '' ? '' : '; '). "$device: $status"; + $exit = $exit > $CRITICAL ? $exit : $CRITICAL; + } else { + $msg .= ($msg eq '' ? '' : '; '). "$device: UNKNOWN STATUS '$status'"; + $exit = $exit > $UNKNOWN ? $exit : $UNKNOWN; + }; +}; + +if ($msg eq '') { + $msg = "No devices found"; + die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN); +} + +print $msg,"\n"; +exit $exit; diff --git a/dsa-nagios-checks/dsa-check-raid-areca b/dsa-nagios-checks/dsa-check-raid-areca new file mode 100755 index 0000000..da97c98 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-raid-areca @@ -0,0 +1,267 @@ +#!/usr/bin/perl + +# downloaded as check_areca from +# http://www.nagiosexchange.org/cgi-bin/page.cgi?g=1486.html;d=1 +# on 20081001 by weasel. +# +# local changes: fix path to areca_cli + +##################################################### +#Program to check the areca RAID controller for the status of the RAID +#Created: 2007-11-27 +#Version: 1.1.0 +#Revised: 2008-07-23 +#Revised by: Erinn Looney-Triggs +#Author: Erinn Looney-Triggs +#Changelog: +#1.1: Fixed issue with newer versions of the Areca CLI > 1.72 and +#fixed a problem where the RAID name contained spaces +#(Reported by Daniel Philipp). Also did a bit of cleanup. +##################################################### + +use Carp; +use English qw( -no_match_vars ); +use Getopt::Long; #Grab command line switches +use Pod::Usage; +use strict; #Do it right +use warnings; + +$ENV{PATH} = '/usr/local/bin:/usr/bin:'; #Safer path +my $areca_cli = '/usr/local/sbin/areca-cli'; +my $timeout = '10'; #Default timeout of 10 seconds +my $VERSION = '1.1.0'; #Version number + +#Nagios plugin return values, in english +my $OK = '0'; +my $WARNING = '1'; +my $CRITICAL = '2'; +my $UNKNOWN = '3'; + +GetOptions( 'areca_cli|A=s' => \$areca_cli, + 'man' => sub { pod2usage(3) }, + 'timeout|t=i' => \$timeout, + 'usage' => sub { pod2usage(1) }, + 'version' => sub { VersionMessage() }, + 'help' => sub { pod2usage(1) }, +); + +sanity_checks(); +parse_areca( check_areca() ); + +sub check_areca{ + my @output; + + #Timer operation. Times out after $timeout seconds. + eval { + + #Set the alarm and set the timeout + local $SIG{ALRM} = sub { die "alarm\n" }; + alarm $timeout; + + #Run the command + @output = `sudo $areca_cli vsf info`; + if ($?){ + print "Command: cli vsf info failed, " + . "$OS_ERROR $CHILD_ERROR, aborting!\n"; + exit $CRITICAL; + } + + #Reset the alarm if successful + alarm 0; + }; + + #Test return value and exit if eval caught the alarm + if ($EVAL_ERROR) { + if ( $EVAL_ERROR eq "alarm\n" ) { + print "Operation timed out after $timeout seconds.\n"; + exit $CRITICAL; + } + else { + print "An unknown error has occured: $EVAL_ERROR \n"; + exit $UNKNOWN; + } + } + + return @output; +} + +sub parse_areca{ + my @output = @_; + + my $abnormal; #Holds count of non-normal returns + + my @pertinent_lines = grep (/\s\d+\s/, @output); + + for my $line (@pertinent_lines){ + #Strip of leading spaces + $line =~ s/^\s+//; + + #Split the line into discrete parts + my ( $number, $level, $capacity, $state, ) + = (split (/\s+/, "$line"))[0,-4,-3,-1]; + + #If the state is normal continue on in loop + if (lc $state eq "normal"){ + print "|Controller number: $number RAID level: $level " + . "Capacity: $capacity State: $state| "; + } + + #If state is abnormal continue on in loop but add 1 to $abnormal + else{ + print "|Controller number: $number RAID level: $level " + . "Capacity: $capacity State: $state| "; + $abnormal++; + } + } + + #If any abnormalities exist ext with a critical error. + if ($abnormal){ + exit $CRITICAL; + } + else { + exit $OK; + } + + return; #This should never be reached +} + +sub sanity_checks{ + if (! -e $areca_cli){ + print "$areca_cli does not exist, aborting!\n"; + exit $CRITICAL; + } + if (! -x $areca_cli){ + print "$areca_cli is not executable by the running user, aborting!\n"; + exit $CRITICAL; + } + + return; #This should never be reached +} + +#Version message information displayed in both --version and --help +sub main::VersionMessage { + + print <<"EOF"; +This is version $VERSION of check_areca. + +Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs\@gmail.com). +All rights reserved. + +This module is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License. +See http://www.fsf.org/licensing/licenses/gpl.html + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +EOF + + exit 1; +} + +__END__ + +=head1 NAME + +check_areca - Checks the status of an Areca RAID via the Areca CLI utility. + +=head1 VERSION + +This documentation refers to check_areca version 1.1.0 + +=head1 USAGE + +check_areca.pl + +=head1 REQUIRED ARGUMENTS + +None + +=head1 OPTIONS + + --areca_cli (-A) Set the location of the Areca cli executable. + --help Display usage information. + --man Display the entire POD documentation + --timeout (-t) Sets the timeout, defaults to 10 seconds. + --usage Display usage information (same as --help) + --version Display the version number + + +=head1 DESCRIPTION + +This is a Nagios plugin that runs the Areca CLI to check the status of the +RAID controller. It then parses the resultant exit information and +passes the output to NRPE. + +=head1 DIAGNOSTICS + +=head2 Command: cli vsf info failed, aborting! + +For some reason the command trying to be run failed. Try running it by hand +and seeing if it runs properly. + +=head2 Operation timed out after seconds. + +Running the command failed after a certain amount of time (defaults to 10 +seconds). Try using the --timeout (-t) switch and increasing the timeout +threshold. Also try running the command by hand and see if it is hanging. + +=head2 An unknown error has occurred: + +Just what it says, running the cli command threw an unknown error and the +process died. Run the CLI command by hand and see if you receive proper +output. + +=head2 does not exist, aborting! + +The binary that the script is looking to run does not exist. By default +check_areca looks in /usr/local/areca/bin/ for the cli. However, you can +change this default by setting the --areca_cli (-A) flag from the command +line + +=head2 is not executable by the running user, aborting! + +The cli program was found but it is not executable by the current user, +usually this is the nagios user. + +=head1 CONFIGURATION AND ENVIRONMENT + +The Areca cli program should be available on the system. By default +check_areca looks in /usr/local/areca/bin/cli for the cli. You can set the +location using the --areca_cli (-A) flag from the command line. + +It is helpful to have an Areca RAID controller on the system being checked. + +=head1 DEPENDENCIES + + check_areca depends on the following modules: + POSIX Standard Perl 5.8 module + Getopt::Long Standard Perl 5.8 module + Pod::USAGE Standard Perl 5.8 module + +=head1 INCOMPATIBILITIES + +None known yet. + +=head1 BUGS AND LIMITATIONS + +Bugs, never heard of 'em ;). +If you encounter any bugs let me know. (erinn.looneytriggs@gmail.com) + +=head1 AUTHOR + +Erinn Looney-Triggs (erinn.looneytriggs@gmail.com) + +=head1 LICENCE AND COPYRIGHT + +Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs@gmail.com). +All rights reserved. + +This module is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License. +See L. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/dsa-nagios-checks/dsa-check-raid-dac960 b/dsa-nagios-checks/dsa-check-raid-dac960 new file mode 100755 index 0000000..7893365 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-raid-dac960 @@ -0,0 +1,22 @@ +#!/bin/sh + +# Nagios check for Mylex DAC960/AcceleRAID/eXtremeRAID PCI RAID Controllers +# +# Some background information on the driver is available at +# http://home.germany.net/100-120220/mylex/DAC960.README +# +# Written 2008 Peter Palfrader + +if [ -e /proc/rd/status ]; then + status=`cat /proc/rd/status` + if [ "$status" = "OK" ]; then + echo "OK: all DAC960 controllers operating normally; no (non-standby) failures have occurred" + exit 0; + else + echo "CRITICAL: proc/rd/status is $status" + exit 2; + fi; +else + echo "UNKNOWN: No DAC960 controllers in the system" + exit 3; +fi diff --git a/dsa-nagios-checks/dsa-check-raid-mpt b/dsa-nagios-checks/dsa-check-raid-mpt new file mode 100755 index 0000000..f4f3407 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-raid-mpt @@ -0,0 +1,70 @@ +#!/usr/bin/perl -Tw + +# Copyright (C) 2008 Peter Palfrader + +# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers: +# +# nagios ALL=(ALL) NOPASSWD: /usr/sbin/mpt-status -s +# + +use strict; +use English; +use Getopt::Long; + +$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; +delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; + +my $MPT_STATUS = '/usr/sbin/mpt-status'; + +# nagios exit codes +my $UNKNOWN = -1; +my $OK = 0; +my $WARNING = 1; +my $CRITICAL = 2; + +$SIG{'__DIE__'} = sub { + print STDERR @_; + exit $UNKNOWN; +}; + +unless (-e $MPT_STATUS) { + print "Cannot find '$MPT_STATUS'.\n"; + exit $UNKNOWN; +}; + +my $command = "sudo $MPT_STATUS -s"; +open (MPT, "$command|") or die ("Cannot run $command: $!\n"); +my @tw=; +close MPT; +if ($CHILD_ERROR) { # program failed + die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n"); +}; + + +my $exit = $UNKNOWN; +my $msg = ''; +for my $line (@tw) { + chomp $line; + next if $line =~ /^$/; + my ($device, $num, $status) = $line =~ m#^(log_id|vol_id|phys_id)\s+([0-9]+)\s+(.*)$#; + unless (defined($device) && defined($num) && defined($status)) { + print "Cannot parse line '$line'\n"; + exit $UNKNOWN; + }; + if ($status eq 'OPTIMAL' || + $status eq 'ONLINE') { + $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status"; + $exit = $exit > $OK ? $exit : $OK; + } else { + $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status"; + $exit = $exit > $CRITICAL ? $exit : $CRITICAL; + }; +}; + +if ($msg eq '') { + $msg = "No devices found"; + die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN); +} + +print $msg,"\n"; +exit $exit; diff --git a/dsa-nagios-checks/dsa-check-raid-sw b/dsa-nagios-checks/dsa-check-raid-sw new file mode 100755 index 0000000..0297036 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-raid-sw @@ -0,0 +1,140 @@ +#!/usr/bin/perl -w +# ------------------------------------------------------------------------------ +# File Name: chech_raid.pl +# Author: Thomas Nilsen - Norway +# Date: 14/06/2003 +# Version: 0.1 +# Description: This script will check to see if any software raid +# devices are down. +# Email: thomas.nilsen@doc-s.co.uk +# WWW: www.doc-s.co.uk +# ------------------------------------------------------------------------------ +# Copyright 2003 (c) Thomas Nilsen +# Credits go to Ethan Galstad for coding Nagios +# License GPL +# ------------------------------------------------------------------------------ +# Date Author Reason +# ---- ------ ------ +# 2008-03-31 Peter Palfrader Return warning on running resync +# 2007-11-07 Peter Palfrader Return unknown if /proc/mdstat does not exist +# 05/10/2004 Peter Palfrader Make it work without that 'use util (vars)' +# 14/06/2003 TN Initial Release +# - Format of mdstat assumed to be "2 line" per +# device with [??] on the second line. +# ------------------------------------------------------------------------------ + +use strict; +use warnings; +use Getopt::Long;; +use vars qw($opt_V $opt_h $opt_t $opt_F $PROGNAME); +use lib '/usr/local/nagios/libexec/'; +my $TIMEOUT=15; +my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 ); + + +$PROGNAME="check_raid"; + +sub print_help (); +sub print_usage (); + +$ENV{'PATH'}=''; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; +my ( $line, $stat, $state ,@device, $msg, $status, $timeout); + +$stat="/proc/mdstat"; + +#Option checking +Getopt::Long::Configure('bundling'); +$status = GetOptions( + "V" => \$opt_V, "version" => \$opt_V, + "h" => \$opt_h, "help" => \$opt_h, + "F" => \$opt_F, "filename" => \$opt_F, + "t" => \$opt_t, "timeout" => \$opt_t); +# Version +if ($opt_V) { + print($PROGNAME,': $Revision: 0.1 $'); + exit $ERRORS{'OK'}; +} +# Help +if ($opt_h) { + print_help(); + exit $ERRORS{'OK'}; +} +# Filename supplied +if ($opt_F) { + $opt_F = shift; + $stat = $1 if ($opt_F =~ /^(.*)$/); + + if ( ! -r $stat ) { + print "Invalid mdstat file: $opt_F\n"; + exit $ERRORS{'UNKNOWN'}; + } +} + +$timeout = $TIMEOUT; +($opt_t) && ($opt_t =~ /^([0-9]+)$/) && ($timeout = $1); + +# Just in case of problems, let's not hang Nagios +$SIG{'ALRM'} = sub { + print ("ERROR: No response (alarm)\n"); + exit $ERRORS{'UNKNOWN'}; +}; +alarm($timeout); + +# Start checking the file... +open (FH, $stat) or print("UNKNOWN: Cannot open $stat: $!\n"), exit $ERRORS{'UNKNOWN'}; + +my @failed = (); +my @resyncing = (); +my $device = ''; + +# Now check the mdstat file.. +while () { + $line = $_; + if ($line =~ /^(md\S*) /) { + $device = $1; + } elsif( $line =~ / \[_|_\]|U_|_U /) { + push @failed, $device; + } + elsif ( $line =~ / resync /) { + # [==>..................] resync = 10.3% (15216320/146994624) finish=2153.2min speed=1018K/sec + my ($percent) = ($line =~ m# resync = ([0-9.]+%)#); + my ($finish) = ($line =~ m# finish=([0-9.]+min)#); + my ($speed) = ($line =~ m# speed=([0-9.]+K/sec)#); + push @resyncing, "$device ($percent done, finish in $finish at $speed)"; + } +} +close (FH); + +if (scalar @failed > 0) { + if (scalar @failed == 1) { + print "CRITICAL - Device $failed[0] has failed.\n"; + } else { + print "CRITICAL - Devices ".join(", ", @failed)." have failed.\n" + }; + exit $ERRORS{'CRITICAL'}; +} elsif (scalar @resyncing > 0 ) { + print "WARNING: Resyncing: ".(join "; ", @resyncing)."\n"; + exit $ERRORS{'WARNING'}; +} else { + print "OK - All devices are online\n"; + exit $ERRORS{'OK'}; +}; + + +sub print_usage () { + print "Usage: $PROGNAME -t -F \n"; +} + +sub print_help () { + print_revision($PROGNAME,'$Revision: 0.1 $'); + print "Copyright (c) 2003 Thomas Nilsen/Karl DeBisschop\n"; + print "\n"; + print_usage(); + print "Checks the mdstat file for errors on any configured software raid.\n +-t ( --timeout=INTEGER) + Seconds before script times out (default: 10)\n +-F ( --filename=FILE) + Full path and name to mdstat file (usually '/proc/mdstat') \n\n"; +} diff --git a/dsa-nagios-checks/dsa-check-running-kernel b/dsa-nagios-checks/dsa-check-running-kernel new file mode 100755 index 0000000..818288f --- /dev/null +++ b/dsa-nagios-checks/dsa-check-running-kernel @@ -0,0 +1,107 @@ +#!/bin/bash + +# Check if the running kernel has the same version string as the on-disk +# kernel image. + +# Copyright 2008 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +OK=0; +WARNING=1; +CRITICAL=2; +UNKNOWN=3; + +get_offset() { + local file needle + + file="$1" + needle="$2" + perl -e ' + undef $/; + $i = index(<>, "'"$needle"'"); + if ($i < 0) { + exit 1; + }; + print $i,"\n"' < "$file" +} + +get_image() { + local image GZHDR1 GZHDR2 off + + image="$1" + + GZHDR1="\x1f\x8b\x08\x00" + GZHDR2="\x1f\x8b\x08\x08" + + off=`get_offset "$image" $GZHDR1` + [ "$?" != "0" ] && off="-1" + if [ "$off" -eq "-1" ]; then + off=`get_offset "$image" $GZHDR2` + [ "$?" != "0" ] && off="-1" + fi + if [ "$off" -eq "0" ]; then + zcat < "$image" + return + elif [ "$off" -ne "-1" ]; then + (dd ibs="$off" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | zcat 2>/dev/null + return + fi + + echo "ERROR: Unable to extract kernel image." 2>&1 + exit 1 +} + +searched="" +for on_disk in \ + "/boot/vmlinuz-`uname -r`"\ + "/boot/vmlinux-`uname -r`"; do + + if [ -e "$on_disk" ]; then + on_disk_version="`get_image "$on_disk" | strings | grep 'Linux version' | head -n1`" + [ -z "$on_disk_version" ] || break + on_disk_version="`cat "$on_disk" | strings | grep 'Linux version' | head -n1`" + [ -z "$on_disk_version" ] || break + + echo "UNKNOWN: Failed to get a version string from image $on_disk" + exit $UNKNOWN + fi + searched="$searched $on_disk" +done + +if ! [ -e "$on_disk" ]; then + echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running" + exit $WARNING +fi + + +running_version="`cat /proc/version`" +if [ -z "$running_version" ] ; then + echo "UNKNOWN: Failed to get a version string from running system" + exit $UNKNOWN +fi + +if [ "$running_version" != "$on_disk_version" ]; then + echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]" + exit $WARNING +else + echo "OK: Running kernel matches on disk image: [$running_version]" + exit $OK +fi diff --git a/dsa-nagios-checks/dsa-check-samhain b/dsa-nagios-checks/dsa-check-samhain new file mode 100755 index 0000000..c6b3f4f --- /dev/null +++ b/dsa-nagios-checks/dsa-check-samhain @@ -0,0 +1,216 @@ +#!/usr/bin/perl -w + +# check_samhain.pl - check to see how many policy violations are reported +# by the samhain file integrity checker. +# +# Copyright Rainer Wichmann (2004) +# Copyright Martin Zobel-Helas (2008) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +############################################################################ + +# -------------------------------------------------------------------[ Uses ]-- + +use strict; +use Getopt::Long; +use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval); +use lib "/usr/lib/nagios/plugins"; +use utils qw(%ERRORS &print_revision); + +#my $TIMEOUT = 15; +#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +#sub print_revision ($$); + +# ----------------------------------------------------[ Function Prototypes ]-- + +sub print_help (); +sub print_usage (); +sub process_arguments (); + +# ------------------------------------------------------------[ Environment ]-- + +$ENV{'PATH'}=''; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + +# -----------------------------------------------------------------[ Global ]-- + +$PROGNAME = "dsa-check-samhain"; +$SAMHAIN = "/usr/sbin/samhain"; + +# ----------------------------------------------------------------[ options ]-- + +Getopt::Long::Configure('bundling'); +$status = process_arguments(); +if ($status){ + print "ERROR: processing arguments\n"; + exit $ERRORS{"UNKNOWN"}; +} + +# ----------------------------------------------------------------[ timeout ]-- + +$SIG{'ALRM'} = sub { + print ("ERROR: timed out waiting for $SAMHAIN\n"); + exit $ERRORS{"WARNING"}; +}; +alarm($opt_t); + +# ----------------------------------------------------------[ start samhain ]-- + +if ( defined $SAMHAIN && -x $SAMHAIN ) { + if (! open (SHPIPE, "/usr/bin/sudo $SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) { + print "ERROR: could not popen $SAMHAIN \n"; + exit $ERRORS{'UNKNOWN'}; + } +}else{ + print "ERROR: Could not find samhain executable!\n"; + exit $ERRORS{'UNKNOWN'}; +} + +# ---------------------------------------------------------[ read from pipe ]-- + +$status = 0; + +while () { + if (/POLICY/) { + ++$status; + print $_ if $verbose; + } +} + +if ($status < $opt_w) { + $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)"; + $state = $ERRORS{'OK'}; +} elsif ($status >= $opt_w && $status < $opt_c) { + $msg = "WARNING: $status policy violations (threshold w=$opt_w)"; + $state = $ERRORS{'WARNING'}; +} else { + $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)"; + $state = $ERRORS{'CRITICAL'}; +} + +# -------------------------------------------------------------[ close pipe ]-- + +close (SHPIPE); + +# declare an error if we also get a non-zero return code from samhain + +if ( $? ) { + $retval = $? / 256; + if ( $! ) { + print "Error closing $SAMHAIN: $!\n" if $verbose; + } else { + print "$SAMHAIN returned exit status $retval\n" if $verbose; + } + if ($state == $ERRORS{"CRITICAL"}) { + $state = $ERRORS{"CRITICAL"}; + } else { + print "ERROR: $SAMHAIN exit status $retval\n"; + exit $ERRORS{'UNKNOWN'}; + } +} + +# -------------------------------------------------------------------[ exit ]-- + +print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n"; +exit $state; + + +# ------------------------------------------------------------[ Subroutines ]-- + +sub process_arguments(){ + GetOptions + ("V" => \$opt_V, "version" => \$opt_V, + "h" => \$opt_h, "help" => \$opt_h, + "v" => \$opt_v, "verbose" => \$opt_v, + "w=i" => \$opt_w, "warning=i" => \$opt_w, + "c=i" => \$opt_c, "critical=i" => \$opt_c, + "t=i" => \$opt_t, "timeout=i" => \$opt_t + ); + + if ($opt_V) { + print_revision($PROGNAME,'$Revision: 1.0 $ '); + exit $ERRORS{'OK'}; + } + + if ($opt_h) { + print_help(); + exit $ERRORS{'OK'}; + } + + if (defined $opt_v ){ + $verbose = $opt_v; + } + + unless (defined $opt_t) { + $opt_t = $utils::TIMEOUT ; # default timeout + # $opt_t = $TIMEOUT ; + } + + unless (defined $opt_w) { + $opt_w = 1; + } + + unless (defined $opt_c) { + $opt_c = 1; + } + + if ( $opt_w > $opt_c) { + print "Warning cannot be greater than Critical!\n"; + exit $ERRORS{'UNKNOWN'}; + } + + return $ERRORS{'OK'}; +} + +sub print_usage () { + print "Usage: $PROGNAME [-w ] [-c ] [-t ]\n"; +} + +sub print_help () { + print_revision($PROGNAME, '$Revision: 1.0 $'); + print "Copyright (c) 2004 Rainer Wichmann + +This plugin checks the number of policy violations reported by the +samhain file intgrity checker + +"; + print_usage(); + print " +-w, --warning=INTEGER + Minimum number of policy violations for which a WARNING status will result +-c, --critical=INTEGER + Minimum number of policy violations for which a CRITICAL status will result +-t, --timeout=SECONDS + The number of seconds after which a the plugin will timeout +-v, --verbose + Verbose output +-h, --help + Show this help message +-V, --version + Show the version of the plugin + +"; +} + +#sub print_revision ($$) { +# my $commandName = shift; +# my $pluginRevision = shift; +# $pluginRevision =~ s/^\$Revision: //; +# $pluginRevision =~ s/ \$\s*$//; +# print "$commandName (samhain 2.2.3) $pluginRevision\n"; +#} diff --git a/dsa-nagios-checks/dsa-check-soas b/dsa-nagios-checks/dsa-check-soas new file mode 100755 index 0000000..9d05fff --- /dev/null +++ b/dsa-nagios-checks/dsa-check-soas @@ -0,0 +1,93 @@ +#!/usr/bin/ruby + +# Copyright 2006 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +require 'resolv' +require 'optparse' +require 'yaml' + +NAGIOS_STATUS = { :OK => 0, :WARNING => 1, :CRITICAL => 2, :UNKNOWN => -1 }; +@verbose = 0; +@additional_nameservers = [] + +def show_help(parser, code=0, io=STDOUT) + program_name = File.basename($0, '.*') + io.puts "Usage: #{program_name} [options] [ ...]" + io.puts parser.summarize + exit(code) +end +ARGV.options do |opts| + opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) } + opts.on("-v", "--verbose" , String, "Be verbose") { @verbose += 1 } + opts.on("-a", "--add=HOST" , String, "Also check SOA on ") { |val| @additional_nameservers << val } + opts.parse! +end +show_help(ARGV.options, 1, STDERR) if ARGV.length == 0 + +warnings = [] +oks = [] + +dns = Resolv::DNS.new +ARGV.each{ |domain| + serial = [] + nameservers = dns.getresources(domain, Resolv::DNS::Resource::IN::NS) + nameservernames = nameservers.collect{ |ns| ns.name.to_s } + nameservernames = nameservernames.concat @additional_nameservers + nameservernames.each{ |nameserver| + puts "Testing nameserver #{nameserver} for #{domain}" if @verbose > 0 + arecords = dns.getresources(nameserver, Resolv::DNS::Resource::IN::A) + warnings << "Nameserver #{nameserver} for #{domain} has #{arecords.length} A records" if arecords.length != 1 + arecords.each{ |a| + puts " Nameserver #{nameserver} is at #{a.address}" if @verbose > 0 + begin + resolver = Resolv::DNS.new({:nameserver => a.address.to_s}) + soas = resolver.getresources(domain, Resolv::DNS::Resource::IN::SOA) + rescue SystemCallError => e + warnings << "Could not resolve #{domain} on #{nameserver}: #{e.message}" + else + resolver.close + warnings << "Nameserver #{nameserver} for #{domain} returns #{soas.length} SOAs" if soas.length != 1 + soas.each{ |soa| + puts " Nameserver #{nameserver} returns serial #{soa.serial} for #{domain}" if @verbose > 0 + serial << soa.serial unless serial.include? soa.serial + } + end + } + } + case serial.length + when 0 + warnings << "Found no serials for #{domain}" + when 1 + oks << "#{domain} is at #{serial.first}" + else + warnings << "Nameservers disagree on serials for #{domain}: found #{serial.join(', ')}" if serial.length != 1 + end +} +dns.close + +if warnings.length > 0 + puts warnings.join('; ') + exit NAGIOS_STATUS[:WARNING] +else + puts oks.join('; ') + exit NAGIOS_STATUS[:OK] +end diff --git a/dsa-nagios-checks/dsa-check-statusfile b/dsa-nagios-checks/dsa-check-statusfile new file mode 100755 index 0000000..a69d977 --- /dev/null +++ b/dsa-nagios-checks/dsa-check-statusfile @@ -0,0 +1,81 @@ +#!/usr/bin/ruby + +# Relay the status of a check that was previously run and which stored +# its result in a file to nagios. +# +# Copyright 2008 Peter Palfrader +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +require 'resolv' +require 'optparse' + +NAGIOS_STATUS = { "OK" => 0, "WARNING" => 1, "CRITICAL" => 2, "UNKNOWN" => 3 } +UNITS_TO_SECONDS = { 's' => 1, 'm' => 60, 'h' => 60*60, 'd' => 24*60*60 } + +def show_help(parser, code=0, io=STDOUT) + program_name = File.basename($0, '.*') + io.puts "Usage: #{program_name} [options] " + io.puts parser.summarize + exit(code) +end + +max_age = "26h" +ARGV.options do |opts| + opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) } + opts.on("-a", "--age=AGE" , String, "maximum age, in seconds (or use Nm, Nh or Nd) - default is 26h") { |max_age| } + opts.parse! +end +show_help(ARGV.options, 1, STDERR) if ARGV.length != 1 + +statusfile = ARGV.shift + +# find out what the max age is that we accept +unless (m = /^([0-9]+)([smhd])?$/.match max_age) + STDERR.puts "Invalid age #{age}." + show_help(ARGV.options, 1, STDERR) if ARGV.length != 1 +end +max_age = m[1].to_i * UNITS_TO_SECONDS[m[2] ? m[2] : 's'] + +# let's see if it exists +unless File.exists? statusfile + puts "UNKNOWN: #{statusfile} does not exist." + exit NAGIOS_STATUS['UNKNOWN'] +end + + +mtime = File.stat(statusfile).mtime +if mtime + max_age < Time.now + puts "WARNING: #{statusfile} is old: #{mtime}" + exit NAGIOS_STATUS['WARNING'] +end + +status = File.new(statusfile) +returnvalue = status.readline.chomp + +unless NAGIOS_STATUS.has_key? returnvalue + puts "UNKNOWN: #{statusfile} has invalid return value: #{returnvalue}" + exit NAGIOS_STATUS['UNKNOWN'] +end + +status.readlines.each do |line| + print line +end +exit NAGIOS_STATUS[returnvalue] diff --git a/dsa-nagios-checks/dsa-check-udldap-freshness b/dsa-nagios-checks/dsa-check-udldap-freshness new file mode 100755 index 0000000..be2a6da --- /dev/null +++ b/dsa-nagios-checks/dsa-check-udldap-freshness @@ -0,0 +1,50 @@ +#!/usr/bin/perl -w + +use strict; +my %CODE = ( + 'UNDEF' => -1, + 'OK' => 0, + 'WARNING' => 1, + 'CRITICAL' => 2, + 'UNKNOWN' => 3 +); + +my $f; + +$SIG{__DIE__ } = sub() { + print shift; + exit $CODE{'UNKNOWN'}; +}; + +if ( -e "/var/lib/misc/thishost/passwd.tdb" ) { + $f = "/var/lib/misc/thishost/passwd.tdb"; +} else { + my $hostname = `hostname -f`; + chomp $hostname; + $hostname =~ m/^([a-z]+(?:\.[a-z]+)+)$/; + die "Weird hostname '$hostname'\n" unless defined $1; + $hostname = $1; + if ( -e "/var/lib/misc/$hostname/passwd.tdb" ) { + $f = "/var/lib/misc/$hostname/passwd.tdb"; + }; +}; + +die "Could not find passwd.tdb" unless defined $f; + +my @stat = stat($f) or die ("Cannot stat $f: $!\n"); +my $age = time - $stat[10]; +my $hage; +if ($age > 48 * 3600) { + $hage = sprintf("%.1f days", $age / 24 / 3600); +} elsif ($age > 3600) { + $hage = sprintf("%.1f hours", $age / 3600); +} else { + $hage = sprintf("%d minutes", $age / 60); +}; + +if ($age > 60*60) { + print "WARNING: ud-ldap info is $hage old\n"; + exit $CODE{'WARNING'}; +}; +print "OK: ud-ldap info is $hage old\n"; +exit $CODE{'OK'}; diff --git a/dsa-nagios-checks/dsa-update-apt-status b/dsa-nagios-checks/dsa-update-apt-status new file mode 100755 index 0000000..3e3acef --- /dev/null +++ b/dsa-nagios-checks/dsa-update-apt-status @@ -0,0 +1,74 @@ +#!/bin/sh + +UPDATE_RUNS=3 +STATUS=/var/cache/dsa/nagios/apt +SLEEP_MAX=$(( 15 * 60 )) +MAX_AGE=$(( 23 * 60 * 60 )) + +# we want to run if any of the following things is true +# - we have never run before +# - var/lib/dpkg/status has been touched since the last run +# - var/cache/apt/pkgcache.bin has been touched since the last run +# - our last run ended with 'apt-get update failed' +# - our last run has been more than MAX_AGE (23hrs) ago +run_required() { + local run=0 + local norun=1 + + [ -e "$STATUS" ] || return $run + [ /var/lib/dpkg/status -nt "$STATUS" ] && return $run + [ /var/cache/apt/pkgcache.bin -nt "$STATUS" ] && return $run + grep "apt-get update failed" "$STATUS" > /dev/null && return $run + + local last_mod + last_mod=`stat -c "%Y" "$STATUS"` + now=`date +%s` + age=$(( $now - $last_mod )) + [ "$age" -gt "$MAX_AGE" ] && return $run + + return $norun +} + +# do stuff only when required +run_required || exit + +# sleep if called non-interactively +if [ -z "$TERM" -o "$TERM" = "dumb" ]; then + sleep $(( $RANDOM % $SLEEP_MAX )) +fi + +# run apt-get update, retry a few times if it fails +count=0 +while [ "$count" -lt "$UPDATE_RUNS" ]; do + apt-get update -qq >/dev/null >&2 + if [ "$?" = "0" ]; then break; fi + sleep $(( $RANDOM % 600 )) + count="$(( $count + 1 ))" +done +if [ "$count" -ge "$UPDATE_RUNS" ]; then + (echo "WARNING" + echo "apt-get update failed") > "$STATUS" + exit 1 +fi + +# run the apt check itself +tmp=`tempfile` +trap "rm -f '$tmp'" exit +#/usr/share/dsa/apt-status-check --noupdate --timeout=600 > "$tmp" +/usr/lib/nagios/plugins/dsa-check-packages > "$tmp" +result="$?" +case "$result" in + 0) + st="OK" + ;; + 1) + st="WARNING" + ;; + 2) + st="CRITICAL" + ;; + *) + st="UNKNOWN" + ;; +esac +(echo "$st"; cat "$tmp") > "$STATUS" diff --git a/dsa-nagios-checks/dsa-update-samhain-status b/dsa-nagios-checks/dsa-update-samhain-status new file mode 100755 index 0000000..22bd1dc --- /dev/null +++ b/dsa-nagios-checks/dsa-update-samhain-status @@ -0,0 +1,23 @@ +#!/bin/sh + +STATUS=/var/cache/dsa/nagios/samhain + +tmp=`tempfile` +trap "rm -f '$tmp'" exit +/usr/lib/nagios/plugins/dsa-check-samhain -t 1800 > "$tmp" +result="$?" +case "$result" in + 0) + st="OK" + ;; + 1) + st="WARNING" + ;; + 2) + st="CRITICAL" + ;; + *) + st="UNKNOWN" + ;; +esac +(echo "$st"; cat "$tmp") > "$STATUS" diff --git a/dsa-nagios-checks/obsolete-packages-ignore b/dsa-nagios-checks/obsolete-packages-ignore new file mode 100644 index 0000000..7dd79e5 --- /dev/null +++ b/dsa-nagios-checks/obsolete-packages-ignore @@ -0,0 +1,4 @@ +/linux-image-.*/ +/kernel-image-.*/ +buildd +sbuild diff --git a/dsa-nagios-checks/weak-ssh-keys-check b/dsa-nagios-checks/weak-ssh-keys-check new file mode 100755 index 0000000..e35a8a1 --- /dev/null +++ b/dsa-nagios-checks/weak-ssh-keys-check @@ -0,0 +1,340 @@ +#!/usr/bin/perl + +# This cheak is based on code from the Debian/OpenSSL Weak Key Detector +# written by Florian Weimer . +# The code has been modified and enhanced by Alexander Wirt +# to use it as a nagios check. +# +# Copyright (c) 2008, Florian Weimer for the original +# Debian/OpenSSL Weak Key Detector +# (http://security.debian.org/project/extra/dowkd/dowkd.pl.gz) +# +# Copyright (c) 2008, Alexander Wirt for check_weakkeys +# +# Copyright (c) 2008 Peter Palfrader +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +=pod + +=head1 NAME + +B - checks system for weak ssh keys + +=cut + +=head1 SYNOPSIS + +B [options] + +=cut + +=head1 DESCRIPTION + +B checks for all users if there id_rsa, id_dsa or +authorized_key files if they contain weak ssh keys created by a Debian with a +broken libssl (see DSA-1571 for more informations). Optionally +can spit out a warning of there are any DSA keys left in key or authorized_key +files. To work it needs a database of precomputed hashes of known weak keys. +This file is expected as an bdb database with the hash (like +03:a2:f0:46:7f:13:9f:5f:96:71:a9:b8:a0:1c:01:05) as key. See for +such a database generator. outputs his data to STDOUT or to a +file. It meaned to be picked up by an nagios check like B +from Peter Palfrader. + +=cut + +=head1 OPTIONS + +=over 4 + +=item B<-h, --help> + +Prints out a brief help + +=item B<-s, --statusfile> "statusfile" + +Use 'F' instead of 'F'. + +=item B<-f, --fprdb> "database" (default: /var/lib/dsa/ssh-weak-keys.db) + +Use 'F' instead of 'F' +as fingerprint database. + +=item B<-n, --dsa_nowarn> + +Don't warn for DSA keys + +=back + +=cut + +use strict; +use warnings; + +use File::Temp; +use BerkeleyDB; +use Pod::Usage; +use Getopt::Long; +use IPC::Open3; + +my $fprdb_fname = "/var/lib/dsa/ssh-weak-keys.db" ; +my ($outfile, $help); +my $dsa_nowarn = 0; + +GetOptions( 'help|h' => \$help, #Help function + 'statusfile|s=s' => \$outfile, + 'fprdb|f=s' => \$fprdb_fname, + 'n|dsa_nowarn' => \$dsa_nowarn, +); + +pod2usage(1) if $help; + +my $fh; +if ($outfile) { + open ($fh, '>', $outfile) + or die "Could not open statusfile '$outfile' for writing: $!"; +} else { + $fh = *STDOUT; +} + +my %fpr_hash; +tie %fpr_hash, 'BerkeleyDB::Btree', + -Filename => $fprdb_fname, + -Flags => DB_RDONLY + or die "Cannot open fingerprint db $fprdb_fname: $! $BerkeleyDB::Error\n"; + + +my ($weak_keys,$checked_keys) = 0; +my $dsa_keys = 0; +my $weird_keyfiles = 0; +my $text = ''; +my %key_sizes; + + + +#&from_user_all; +&from_debianorg_places; +&from_ssh_host(qw(localhost)); + +my $status="OK"; +if ($weak_keys) { + $status = "CRITICAL"; +} elsif ($dsa_keys && ! $dsa_nowarn || $weird_keyfiles) { + $status = "WARNING"; +} + +print $fh "$status\n"; +print $fh "Checked $checked_keys keys - $weak_keys weak - $dsa_keys dsa keys\n"; +print $fh "Sizes: "; +foreach my $size (sort(keys(%key_sizes))) { + print $fh "$size:$key_sizes{$size} "; +} + +print $fh "\n"; +print $fh "$text" if $text; + + + +sub safe_backtick (@) { + my @args = @_; + + my ($wtr, $fh, $err); + + open3($wtr,$fh,$err, @args) + or die "error: failed to spawn $args[0]: $!\n"; + my @result; + if (wantarray) { + @result = <$fh>; + } else { + local $/; + @result = scalar(<$fh>); + } + close $fh; + $? == 0 or return undef; + if (wantarray) { + return @result; + } else { + return $result[0]; + } +} + +sub ssh_fprint_file ($) { + my $name = shift; + my $data = safe_backtick qw/ssh-keygen -l -f/, $name; + defined $data or return (); + my @data = $data =~ /^(\d+) ([0-9a-f]{2}(?::[0-9a-f]{2}){15})/; + return @data if @data == 2; + return (); +} + +sub ssh_fprint_check ($$$) { + my ($name, $length, $hash) = @_; + if (exists $key_sizes{$length}) { + $key_sizes{$length}++; + } else { + $key_sizes{$length}=1; + } + $checked_keys++; + if (exists $fpr_hash{$hash}) { + $weak_keys++; + $text .= "$name weak ($hash)\n"; + } +} + + +sub from_ssh_key_file ($) { + my $name = shift; + if (open (my $FH, '<', $name)) { + my $key = <$FH>; + if (! defined $key) { + $weird_keyfiles++; + $text .= "cannot read $name properly - empty?\n"; + } elsif ($key =~ m/ssh-dss/) { + $dsa_keys++; + $text .= "$name is a DSA key\n"; + } + } else { + $text .= "Could not open $name: $!"; + } + my ($length, $hash) = ssh_fprint_file $name; + if ($length && $hash) { + ssh_fprint_check "$name:1", $length, $hash; + } else { + $text .= "$name:1: warning: failed to parse SSH key file\n"; + } +} + +sub clear_tmp ($) { + my $tmp = shift; + seek $tmp, 0, 0 or die "seek: $!"; + truncate $tmp, 0 or die "truncate: $!"; +} + +sub from_ssh_auth_file ($) { + my $name = shift; + my $auth; + unless (open $auth, '<', $name) { + warn "$name:0: error: open failed: $!\n"; + return; + } + my $tmp = new File::Temp; + while (my $line = <$auth>) { + chomp $line; + my $lineno = $.; + clear_tmp $tmp; + next if $line =~ m/^$/; # ignore empty lines + next if $line =~ m/^#/; # ignore comments + if ($line =~ m/ssh-dss/) { + $dsa_keys++; + $text .= "$name:$lineno is a DSA key\n"; + } + print $tmp "$line\n" or die "print: $!"; + $tmp->flush; + my ($length, $hash) = ssh_fprint_file "$tmp"; + if ($length && $hash) { + ssh_fprint_check "$name:$lineno", $length, $hash; + } else { + $text .= "$name:$lineno: warning: unparsable line\n"; + } + } +} + +sub from_ssh_host (@) { + my @names = @_; + my @lines; + push @lines, safe_backtick qw|ssh-keyscan -t rsa|, @names; + push @lines, safe_backtick qw|ssh-keyscan -t dsa|, @names; + + my $tmp = new File::Temp; + for my $line (@lines) { + next if $line =~ /^#/; + next if $line =~ /^no hostkey alg/; + my ($host, $data) = $line =~ /^(\S+) (.*)$/; + clear_tmp $tmp; + print $tmp "$data\n" or die "print: $!"; + $tmp->flush; + my ($length, $hash) = ssh_fprint_file "$tmp"; + if ($length && $hash) { + ssh_fprint_check "$host", $length, $hash; + } else { + $text .= "$host: warning: unparsable line\n"; + } + } +} + +sub from_user ($) { + my $user = shift; + my ($name,$passwd,$uid,$gid, + $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user); + my $file = "$dir/.ssh/authorized_keys"; + from_ssh_auth_file $file if -r $file; + $file = "$dir/.ssh/authorized_keys2"; + from_ssh_auth_file $file if -r $file; + $file = "$dir/.ssh/id_rsa.pub"; + from_ssh_key_file $file if -r $file; + $file = "$dir/.ssh/id_dsa.pub"; + from_ssh_key_file $file if -r $file; +} + +sub from_user_all () { + setpwent; + while (my $name = getpwent) { + from_user $name; + } + endpwent; +} + + +sub from_debianorg_places () { + open(F, "/etc/ssh/sshd_config") or die ("Cannot open /etc/ssh/sshd_config: $!\n"); + my @lines = ; + close(F); + + my @ak = grep { /^AuthorizedKeysFile\s/i } @lines; + my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines; + + if (scalar @ak != 1) { + print $fh "UNKNOWN\n"; + print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n"; + exit + } + if (scalar @ak2 != 1) { + print $fh "UNKNOWN\n"; + print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n"; + exit + } + unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) { + print $fh "UNKNOWN\n"; + print $fh "The AuthorizedKeysFile definition has an unexpected value. Should be /etc/ssh/userkeys/%u\n"; + exit + } + unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) { + print $fh "UNKNOWN\n"; + print $fh "The AuthorizedKeysFile2 definition has an unexpected value. Should be /var/lib/misc/userkeys/%u\n"; + exit + } + + for my $d (qw{/etc/ssh/userkeys /var/lib/misc/userkeys}) { + next unless (-d $d); + opendir(D, $d) or die "Cannot opendir $d: $!\n"; + for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) { + next if ($file eq 'README-DSA-BUILDD'); + my $f = $d.'/'.$file; + from_ssh_key_file $f if -r $f; + }; + }; +} + + diff --git a/dsa-nagios-nrpe-config/apt-status-check b/dsa-nagios-nrpe-config/apt-status-check deleted file mode 100755 index 1d4ac92..0000000 --- a/dsa-nagios-nrpe-config/apt-status-check +++ /dev/null @@ -1,231 +0,0 @@ -#!/usr/bin/perl -Tw - -# $Id: nagios-check-apt-updates 352 2008-05-20 21:36:54Z weasel $ - -# nagios check for debian (security) updates, -# based on net-snmp glue to security updates via apt-get. -# Copyright (C) 2004 SILVER SERVER Gmbh -# Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 -# USA - -use strict; -use English; -use Getopt::Long; -use IO::Handle; -use IPC::Open2; -use IPC::Open3; - -$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; -delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - -my $APT = '/usr/bin/apt-get'; -my $VERBOSE; - -sub do_check($$$$$$) { - my ($pre_command, $timeout, $noupdate, $name, $updates_security, $updates_other) = @_; - my $fh; - my $pid; - my @command; - - unless ($noupdate) { - print STDERR "Running $APT update in $name\n" if $VERBOSE; - @command = ($APT, 'update'); - unshift @command, @$pre_command; - $fh = new IO::Handle; - $pid = open3(\*STDIN, $fh, $fh, @command) or die ("Cannot run $APT update in $name: $!\n"); - local $SIG{ALRM} = sub { die "Timeout for apt-get update.\n" }; - alarm $timeout; - my @ignore=<$fh>; - alarm 0; - close $fh; - waitpid $pid, 0; - if ($CHILD_ERROR) { # program failed - die("$APT update returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n"); - }; - }; - - print STDERR "Running $APT --simulate upgrade in $name\n" if $VERBOSE; - @command = ($APT, qw{--simulate upgrade}); - unshift @command, @$pre_command; - $fh = new IO::Handle; - $pid = open2($fh, \*STDIN, @command) or die ("Cannot run $APT --simulate upgrade | sort -u in $name: $!\n"); - local $SIG{ALRM} = sub { die "Timeout for apt-get --simulate upgrade.\n" }; - alarm $timeout; - my @lines=<$fh>; - close $fh; - alarm 0; - waitpid $pid, 0; - if ($CHILD_ERROR) { # program failed - die("$APT --simulate upgrade | sort -u returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n"); - }; - - @lines = sort {$a cmp $b} @lines; - my %uniq; - @lines = grep {!$uniq{$_}++} @lines; - - print STDERR "Processing information for $name\n" if $VERBOSE; - for my $line (@lines) { - if ($line =~ m/^Inst\s+(\S+)\s+/) { - my $package = $1; - if ($line =~ m/^Inst\s+\S+\s+.*security/i) { - push @$updates_security, $package.($name ne '/' ? "($name)" : ''); - } else { - push @$updates_other, $package.($name ne '/' ? "($name)" : ''); - }; - } - } -} - - - -my $VERSION = '0.0.3 - $Rev: 352 $'; -my $use_sudo = 1; -my $params; - -# nagios exit codes -my $OK = 0; -my $WARNING = 1; -my $CRITICAL = 2; -my $UNKNOWN = 3; - -$params->{'chroots'} = []; -$params->{'vservers'} = []; -$params->{'timeout'} = 20; -Getopt::Long::config('bundling'); -if (!GetOptions ( - '--help' => \$params->{'help'}, - '--version' => \$params->{'version'}, - '--sudo' => \$params->{'sudo'}, - '--noupdate' => \$params->{'noupdate'}, - '--nosudo' => \$params->{'nosudo'}, - '--verbose' => \$params->{'verbose'}, - '--warnifupdates' => \$params->{'warnifupdates'}, - '--timeout=i' => \$params->{'timeout'}, - '--chroot=s' => $params->{'chroots'}, - '--vserver=s' => $params->{'vservers'} - )) { - die ("Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--timeout=] [--verbose]\n"); -}; -if ($params->{'help'}) { - print "nagios-check-apt-updates $VERSION\n"; - print "Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--verbose]\n"; - print "Reports packages to upgrade, updating the list if necessary.\n"; - print "\n"; - print " --help Print this short help.\n"; - print " --version Report version number.\n"; - print " --sudo Use sudo to call apt-get (default).\n"; - print " --noupdate Do not run apt-get update first.\n"; - print " --nosudo Do not use sudo to call apt-get.\n"; - print " --warnifupdates Exit with a WARNING status if any updates are available.\n"; - print " --timeout= Timeout in seconds for each of the two apt-get runs.\n"; - print " --verbose Be a little verbose.\n"; - print " --chroot= Run check in path.\n"; - print " --vserver= Run check in vserver.\n"; - print "\n"; - print "Note that for --sudo (default) you will need entries in /etc/sudoers like these:\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get update\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate upgrade\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get update\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get --simulate upgrade\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get update\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get --simulate upgrade\n"; - print "\n"; - exit (0); -}; -if ($params->{'version'}) { - print "nagios-check-apt-updates $VERSION\n"; - print "nagios check for availability of debian (security) updates\n"; - print "Copyright (c) 2004 SILVER SERVER Gmbh\n"; - print "Copyright (c) 2004,2005 Peter Palfrader \n"; - exit (0); -}; -if ($params->{'sudo'} && $params->{'nosudo'}) { - die ("$PROGRAM_NAME: --sudo and --nosudo are mutually exclusive.\n"); -}; -if ($params->{'sudo'}) { - $use_sudo = 1; -}; -if ($params->{'nosudo'}) { - $use_sudo = 0; -}; -if (scalar @{$params->{'chroots'}} == 0 && scalar @{$params->{'vservers'}} == 0) { - $params->{'chroots'} = ['/']; -}; -$VERBOSE = $params->{'verbose'}; - - -$SIG{'__DIE__'} = sub { - print STDERR @_; - exit $UNKNOWN; -}; - - -my @updates_security; -my @updates_other; - - -# Make sure chroot paths are nice; -my @chroots = (); -for my $root (@{$params->{'chroots'}}) { - if ($root =~ m#^(/[a-zA-Z0-9/.-]*)$#) { - push @chroots, $1; - } else { - die ("Chroot path $root is not nice.\n"); - }; -}; -for my $root (@chroots) { - my @pre_command = (); - unshift @pre_command, 'chroot', $root if ($root ne '/'); - unshift @pre_command, 'sudo' if $use_sudo; - do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $root, \@updates_security, \@updates_other); -} - -# Make sure vserver names are nice; -my @vservers = (); -for my $vserver (@{$params->{'vservers'}}) { - if ($vserver =~ m#^([a-zA-Z0-9.-]+)$#) { - push @vservers, $1; - } else { - die ("Vserver name $vserver is not nice.\n"); - }; -}; -for my $vserver (@vservers) { - my @pre_command = (); - unshift @pre_command, '/usr/sbin/vserver', $vserver, 'exec'; - unshift @pre_command, 'sudo' if $use_sudo; - do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $vserver, \@updates_security, \@updates_other); -} - - - - -my $exit = $OK; - -my $updateinfo; -if (@updates_security) { - $updateinfo .= 'Security updates ('.(scalar @updates_security).'): '.join(', ', @updates_security)."; "; - $exit = $CRITICAL; -} -if (@updates_other) { - $updateinfo .= 'Other Updates ('.(scalar @updates_other).'): '.join(', ', @updates_other)."; "; - $exit = $WARNING if ($params->{'warnifupdates'} and $exit == $OK); -}; -$updateinfo = 'No updates available' unless defined $updateinfo; - - -print $updateinfo,"\n"; -exit $exit; diff --git a/dsa-nagios-nrpe-config/debian/README.Debian b/dsa-nagios-nrpe-config/debian/README.Debian deleted file mode 100644 index d500cc8..0000000 --- a/dsa-nagios-nrpe-config/debian/README.Debian +++ /dev/null @@ -1,7 +0,0 @@ -dsa-nagios-nrpe-config for Debian ---------------------------------- - -This package is automatically created from the debian.org nagios -config. - - -- Peter Palfrader Wed, 2 Apr 2008 22:19:07 +0200 diff --git a/dsa-nagios-nrpe-config/debian/changelog b/dsa-nagios-nrpe-config/debian/changelog deleted file mode 100644 index 2e58aba..0000000 --- a/dsa-nagios-nrpe-config/debian/changelog +++ /dev/null @@ -1,329 +0,0 @@ -dsa-nagios-nrpe-config (68) unstable; urgency=low - - * dsa-update-apt-status: Ensure apt-get update is quiet even when stuff - goes wrong. - - -- Peter Palfrader Wed, 11 Feb 2009 21:59:55 +0100 - -dsa-nagios-nrpe-config (67) unstable; urgency=low - - * Minor tweak to dsa-check-packages: reorder ok and obs(ign), change - long text for obs(ign). - - -- Peter Palfrader Wed, 4 Feb 2009 09:40:26 +0000 - -dsa-nagios-nrpe-config (66) unstable; urgency=low - - * Add dsa-check-packages - * Make apt-status-check use dsa-check-packages. - * And install obsolete-packages-ignore into etc/nagios. - - -- Peter Palfrader Tue, 03 Feb 2009 20:39:01 +0100 - -dsa-nagios-nrpe-config (65) unstable; urgency=low - - * Add dsa-check-soas - - -- Peter Palfrader Tue, 23 Dec 2008 23:11:19 +0000 - -dsa-nagios-nrpe-config (64) unstable; urgency=low - - * dsa-check-mirrorsync: make it work in embedded perl again. - - -- Peter Palfrader Tue, 23 Dec 2008 22:59:06 +0000 - -dsa-nagios-nrpe-config (63) unstable; urgency=low - - * dsa-check-mirrorsync: print help if additional args are given (we don't - support any) - - -- Peter Palfrader Tue, 23 Dec 2008 22:14:44 +0000 - -dsa-nagios-nrpe-config (62) unstable; urgency=low - - * Add check_securitymirror by formorer. - - -- Peter Palfrader Tue, 23 Dec 2008 21:59:47 +0000 - -dsa-nagios-nrpe-config (61) unstable; urgency=low - - * dsa-check-hpacucli: Do not create the 'Failed' array while checking if an - entry is in there. If it doesn't exist that's also good. - - -- Peter Palfrader Mon, 06 Oct 2008 14:08:30 +0200 - -dsa-nagios-nrpe-config (60) unstable; urgency=low - - * Add dsa-check-raid-areca. - - -- Peter Palfrader Wed, 01 Oct 2008 16:23:33 +0200 - -dsa-nagios-nrpe-config (59) unstable; urgency=low - - * apt-status-check: Ignore stderr during apt-get update. - - -- Peter Palfrader Tue, 30 Sep 2008 19:58:36 +0200 - -dsa-nagios-nrpe-config (58) unstable; urgency=low - - * Rename dsa-check-da-in-aliases to dsa-check-config. - * dsa-check-config: check if ldap.conf is configured correctly. - - -- Peter Palfrader Fri, 26 Sep 2008 15:02:53 +0200 - -dsa-nagios-nrpe-config (57) unstable; urgency=low - - * dsa-check-hpacucli: Do not inspect drives in detail when they are - listed as Failed in the overview already. - - -- Peter Palfrader Wed, 24 Sep 2008 16:02:31 +0200 - -dsa-nagios-nrpe-config (56) unstable; urgency=low - - * fix dsa-check-samhain. - sudo is not in $PATH. - - -- Martin Zobel-Helas Mon, 22 Sep 2008 06:45:19 +0000 - -dsa-nagios-nrpe-config (55) unstable; urgency=low - - * And another one, weasel should sleep. - - -- Peter Palfrader Mon, 22 Sep 2008 00:29:15 +0000 - -dsa-nagios-nrpe-config (54) unstable; urgency=low - - * dsa-check-dabackup-server fixes. - - -- Peter Palfrader Mon, 22 Sep 2008 00:27:41 +0000 - -dsa-nagios-nrpe-config (53) unstable; urgency=low - - * Add dsa-check-dabackup-server. - - -- Peter Palfrader Mon, 22 Sep 2008 00:19:28 +0000 - -dsa-nagios-nrpe-config (52) unstable; urgency=low - - * The nagios _check_ package should probably not be the one that - depends on the stuff we want on most or all hosts, thus removing - dependency on samhain, which should probably get pulled in via - debian.org. - - -- Peter Palfrader Sun, 21 Sep 2008 23:41:01 +0000 - -dsa-nagios-nrpe-config (51) unstable; urgency=low - - * Add check for samhain. - - -- Martin Zobel-Helas Sat, 20 Sep 2008 07:29:23 +0000 - -dsa-nagios-nrpe-config (50) unstable; urgency=low - - * dsa-check-hpacucli: Handle 'pd all show' output with failed arrays. - - -- Peter Palfrader Sat, 09 Aug 2008 11:39:55 +0200 - -dsa-nagios-nrpe-config (49) unstable; urgency=low - - * dsa-check-hpacucli: Learn correct transfer speed for Ultra 3 Wide (160mb/s) - - -- Peter Palfrader Wed, 23 Jul 2008 00:56:54 +0200 - -dsa-nagios-nrpe-config (48) unstable; urgency=low - - * Don't just print the sudoers lines to stdout, tell the admin to add them - also. - - -- Peter Palfrader Tue, 22 Jul 2008 21:25:56 +0000 - -dsa-nagios-nrpe-config (47) unstable; urgency=low - - * dsa-check-hpacucli: Check transfer speed of disks. - - -- Peter Palfrader Tue, 22 Jul 2008 23:14:50 +0200 - -dsa-nagios-nrpe-config (46) unstable; urgency=low - - * Move apt status update from cron.daily to usr/sbin/dsa-update-apt-status. - * Move script calls from cron.daily to cron.d @daily and @reboot. - * Introduce hourly runs for dsa-update-apt-status that happen if the system - changed in the meantime, that is if /var/lib/dpkg/status or - /var/cache/apt/pkgcache.bin are newer than the status file. - Also run if the status file does not exist, or if the last apt-get update - call failed, or if the last run was more than a day ago. - * No longer do @daily runs of dsa-update-apt-status - - -- Peter Palfrader Sun, 06 Jul 2008 11:51:27 +0200 - -dsa-nagios-nrpe-config (45) unstable; urgency=low - - * Add apt upgrades check. - - -- Peter Palfrader Tue, 20 May 2008 22:01:07 +0000 - -dsa-nagios-nrpe-config (44) unstable; urgency=low - - * Fix ssh-dss detection. It need not be at the start of a line - (think >from="1.2.3.4" ssh-dss< ...). - - -- Peter Palfrader Mon, 19 May 2008 14:34:23 +0000 - -dsa-nagios-nrpe-config (43) unstable; urgency=low - - * Depend on ruby. - - -- Peter Palfrader Mon, 19 May 2008 14:19:10 +0000 - -dsa-nagios-nrpe-config (42) unstable; urgency=low - - * weak-ssh-keys-check: Ignore empty lines in authorized-keys files. - * weak-ssh-keys-check: Handle servers not doing DSA in from_ssh_host(). - * Run weak-ssh-keys-check on install. - - -- Peter Palfrader Mon, 19 May 2008 14:05:10 +0000 - -dsa-nagios-nrpe-config (41) unstable; urgency=low - - * Add dsa-check-statusfile. - * Add weak-ssh-keys-check to be run from cron.daily. Depend on - libberkeleydb-perl and dsa-ssh-weak-keys now. - * Remove up /var/cache/dsa/nagios/weak-ssh-keys in postrm purge. - - -- Peter Palfrader Mon, 19 May 2008 15:55:43 +0200 - -dsa-nagios-nrpe-config (40) unstable; urgency=low - - * Teach dsa-check-hpacucli about rebuilding. - - -- Peter Palfrader Fri, 9 May 2008 12:55:07 +0000 - -dsa-nagios-nrpe-config (39) unstable; urgency=low - - * Add dsa-check-hpacucli. - * Suggest hpacucli. - - -- Peter Palfrader Wed, 7 May 2008 19:54:55 +0000 - -dsa-nagios-nrpe-config (38) unstable; urgency=low - - * Try harder to find version string. - - -- Peter Palfrader Mon, 5 May 2008 17:48:42 +0000 - -dsa-nagios-nrpe-config (37) unstable; urgency=low - - * dsa-check-running-kernel: also check /boot/vmlinux-`uname -r` - * Depend on binutils for string(1). - - -- Peter Palfrader Mon, 5 May 2008 17:41:13 +0000 - -dsa-nagios-nrpe-config (36) unstable; urgency=low - - * Add dsa-check-running-kernel - - -- Peter Palfrader Mon, 5 May 2008 17:11:54 +0000 - -dsa-nagios-nrpe-config (35) unstable; urgency=low - - * dsa-check-raid-mpt - - -- Peter Palfrader Tue, 29 Apr 2008 12:57:50 +0000 - -dsa-nagios-nrpe-config (34) unstable; urgency=low - - * dsa-check-raid-3ware - - -- Peter Palfrader Thu, 24 Apr 2008 19:37:47 +0000 - -dsa-nagios-nrpe-config (33) unstable; urgency=low - - * Add dsa-check-raid-dac960 - - -- Peter Palfrader Thu, 24 Apr 2008 19:20:57 +0000 - -dsa-nagios-nrpe-config (32) unstable; urgency=low - - * Add dsa-check-udldap-freshness. - - -- Peter Palfrader Wed, 16 Apr 2008 07:39:21 -0400 - -dsa-nagios-nrpe-config (31) unstable; urgency=low - - * dsa-check-dabackup: Use last time's log file if backup is currently running. - - -- Peter Palfrader Mon, 14 Apr 2008 17:37:54 -0400 - -dsa-nagios-nrpe-config (30) unstable; urgency=low - - * dsa-check-raid-sw: cleaner output. - - -- Peter Palfrader Mon, 14 Apr 2008 17:05:17 -0400 - -dsa-nagios-nrpe-config (29) unstable; urgency=low - - * dsa-check-dabackup: terser output. - - -- Peter Palfrader Mon, 14 Apr 2008 13:09:07 -0400 - -dsa-nagios-nrpe-config (28) unstable; urgency=low - - * dsa-check-dabackup: ignore .bak files in confdir. - - -- Peter Palfrader Mon, 14 Apr 2008 12:23:25 -0400 - -dsa-nagios-nrpe-config (27) unstable; urgency=low - - * Change OK text when da-backup not installed. - - -- Peter Palfrader Mon, 14 Apr 2008 12:19:00 -0400 - -dsa-nagios-nrpe-config (26) unstable; urgency=low - - * dsa-check-dabackup: Warn if installed but no backups configured. - - -- Peter Palfrader Mon, 14 Apr 2008 12:13:30 -0400 - -dsa-nagios-nrpe-config (25) unstable; urgency=low - - * Install dsa-check-dabackup - - -- Peter Palfrader Mon, 14 Apr 2008 12:05:11 -0400 - -dsa-nagios-nrpe-config (24) unstable; urgency=low - - * Check for dsa-check-backup sudoers entry - - -- Peter Palfrader Mon, 14 Apr 2008 11:48:48 -0400 - -dsa-nagios-nrpe-config (23) unstable; urgency=low - - * Add dsa-check-dabackup - - -- Peter Palfrader Mon, 14 Apr 2008 10:56:32 -0400 - -dsa-nagios-nrpe-config (22) unstable; urgency=low - - * Add a very easy dsa-check-da-in-aliases. - - -- Peter Palfrader Fri, 11 Apr 2008 10:25:54 -0400 - -dsa-nagios-nrpe-config (21) unstable; urgency=low - - * Add dsa-check-raid-sw. - - -- Peter Palfrader Thu, 3 Apr 2008 06:22:44 -0400 - -dsa-nagios-nrpe-config (20) unstable; urgency=low - - * Do away with a new changelog entry and version for every build of the - package - it floods us with useless commit mails - and just - increase the version to $TIMESTAMP in the build area. - - -- Peter Palfrader Thu, 3 Apr 2008 05:38:27 -0400 - -dsa-nagios-nrpe-config (1) unstable; urgency=low - - * Initial release. - - -- Peter Palfrader Wed, 2 Apr 2008 22:24:12 +0200 diff --git a/dsa-nagios-nrpe-config/debian/compat b/dsa-nagios-nrpe-config/debian/compat deleted file mode 100644 index 7ed6ff8..0000000 --- a/dsa-nagios-nrpe-config/debian/compat +++ /dev/null @@ -1 +0,0 @@ -5 diff --git a/dsa-nagios-nrpe-config/debian/control b/dsa-nagios-nrpe-config/debian/control deleted file mode 100644 index e045aec..0000000 --- a/dsa-nagios-nrpe-config/debian/control +++ /dev/null @@ -1,17 +0,0 @@ -Source: dsa-nagios-nrpe-config -Section: local -Priority: extra -Maintainer: Peter Palfrader -Build-Depends: debhelper (>= 5) -Standards-Version: 3.7.2 - -Package: dsa-nagios-nrpe-config -Architecture: all -Depends: nagios-nrpe-server, nagios-plugins-basic, ${misc:Depends}, binutils, libberkeleydb-perl, dsa-ssh-weak-keys, ruby -Suggests: hpacucli -Description: debian.org nagios-nrpe-server configuration - This package provides the debian.org configuration for the - nagios-nrpe-server, automatically created from the debian.org - nagios setup. - . - It also ships a few nagios checks. diff --git a/dsa-nagios-nrpe-config/debian/copyright b/dsa-nagios-nrpe-config/debian/copyright deleted file mode 100644 index 300ca52..0000000 --- a/dsa-nagios-nrpe-config/debian/copyright +++ /dev/null @@ -1,82 +0,0 @@ -This package was debianized by Peter Palfrader on -Wed, 2 Apr 2008 22:19:07 +0200. - -The config file shipped with this package is generated automatically -from the debian.org nagios config. - - -######################################################################## -dsa-check-raid-sw: - Copied from http://svn.noreply.org/svn/weaselutils/trunk/nagios-check-raid.pl at r330 - Copyright 2003 Thomas Nilsen - Copyright 2004, 2007, 2008 Peter Palfrader - License: GPL - -######################################################################## -dsa-check-dabackup: - Copyright: 2007 Stephen Gran - Copyright: 2008 Peter Palfrader - License: MIT - -######################################################################## -dsa-check-dabackup-server: - Copyright: 2008 Peter Palfrader - License: MIT - -######################################################################## -dsa-check-raid-3ware: - Copyright: 2006 Peter Palfrader - License: MIT - -######################################################################## -dsa-check-running-kernel: - Copyright: 2008 Peter Palfrader - License: MIT - -######################################################################## -dsa-check-hpacucli: - Copyright: 2008 Peter Palfrader - License: MIT - -######################################################################## -dsa-check-statusfile: - Copyright: 2008 Peter Palfrader - License: MIT - -######################################################################## -weak-ssh-keys-check: - Copyright: 2008 Florian Weimer, Alexander Wirt - License: ISC - -######################################################################## -apt-status-check: - Copyright (C) 2004 SILVER SERVER Gmbh - Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader - License: GPL - -######################################################################## -dsa-check-samhain: - Copyright: 2004 Rainer Wichmann - Copyright: 2008 Martin Zobel-Helas - License: GPL - -######################################################################## -dsa-check-raid-areca: - Copyright: 2007, 2008 Erinn Looney-Triggs - License: GPL - -######################################################################## -dsa-check-mirrorsync: - Copyright: 2008: Alexander Wirt - Copyright: 2008: Peter Palfrader - License: GPL - -######################################################################## -dsa-check-packages: - Copyright: 2008,2009 Peter Palfrader - License: MIT - -######################################################################## -dsa-check-soas: - Copyright: 2006 Peter Palfrader - License: MIT diff --git a/dsa-nagios-nrpe-config/debian/cron.d b/dsa-nagios-nrpe-config/debian/cron.d deleted file mode 100644 index 031d3d5..0000000 --- a/dsa-nagios-nrpe-config/debian/cron.d +++ /dev/null @@ -1,7 +0,0 @@ -@reboot root sleep 10m && [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys -@daily root [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys - -@hourly root [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status -13 */4 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && /usr/sbin/dsa-update-samhain-status - -# vim:ft=crontab: diff --git a/dsa-nagios-nrpe-config/debian/dirs b/dsa-nagios-nrpe-config/debian/dirs deleted file mode 100644 index 6ee56fe..0000000 --- a/dsa-nagios-nrpe-config/debian/dirs +++ /dev/null @@ -1,5 +0,0 @@ -etc/nagios -usr/lib/nagios/plugins -usr/share/dsa -var/cache/dsa/nagios -usr/sbin diff --git a/dsa-nagios-nrpe-config/debian/postinst b/dsa-nagios-nrpe-config/debian/postinst deleted file mode 100644 index 0749532..0000000 --- a/dsa-nagios-nrpe-config/debian/postinst +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh - -set -e - -NAGIOS_MASTER=192.25.206.57 - -if [ -e /etc/nagios/nrpe.cfg ] ; then - if ! grep '^include=/etc/nagios/nrpe_dsa.cfg$' /etc/nagios/nrpe.cfg > /dev/null; then - echo - echo "WARNING: /etc/nagios/nrpe.cfg does not include /etc/nagios/nrpe_dsa.cfg. Please fix." - echo - fi - if ! grep '^allowed_hosts=' /etc/nagios/nrpe.cfg > /dev/null; then - echo - echo "WARNING: /etc/nagios/nrpe.cfg does not define allowed_hosts. Please fix (set allowed_hosts=$NAGIOS_MASTER)." - echo - else - found=0 - for host in `grep '^allowed_hosts=' /etc/nagios/nrpe.cfg | sed -e 's/.*=//' | tr ',' "\n"`; do - if [ "$host" = "$NAGIOS_MASTER" ]; then - found=1 - break - fi - done - if [ "$found" = "0" ]; then - echo - echo "WARNING: /etc/nagios/nrpe.cfg does not have $NAGIOS_MASTER in allowed_hosts. Please fix." - echo - fi - fi -fi - -if [ -e /etc/default/nagios-nrpe-server ] ; then - if ! grep '^DAEMON_OPTS="--no-ssl"$' /etc/default/nagios-nrpe-server > /dev/null; then - echo - echo "WARNING: /etc/default/nagios-nrpe-server probably does not set DAEMON_OPTS=\"--no-ssl\". Please fix." - echo - fi -fi - -if [ -e /etc/sudoers ] ; then - if ! grep '^nagios.*/usr/lib/nagios/plugins/dsa-check-dabackup' /etc/sudoers > /dev/null; then - echo - echo 'WARNIG: Add this line to sudoers:' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""' - echo - fi -fi - -if [ -e /etc/sudoers ] ; then - if ! grep '^nagios.*/usr/sbin/samhain' /etc/sudoers > /dev/null; then - echo - echo 'WARNIG: Add this line to sudoers:' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none' - echo - fi -fi - -if [ -e /usr/sbin/hpacucli ] && [ -e /dev/cciss/c0d0 ] ; then - if ! grep '^nagios.*hpacucli' /etc/sudoers > /dev/null; then - echo - echo 'WARNIG: Add these lines to sudoers:' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status' - echo - elif ! grep '^nagios.*hpacucli.* pd .*:.* show' /etc/sudoers > /dev/null; then - echo - echo 'WARNIG: Add these lines to sudoers:' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show' - echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show' - fi -fi - -if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d nagios-nrpe-server restart || exit $? -else - /etc/init.d/nagios-nrpe-server restart || exit $? -fi - -/usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys - -#DEBHELPER# - -exit 0 diff --git a/dsa-nagios-nrpe-config/debian/postrm b/dsa-nagios-nrpe-config/debian/postrm deleted file mode 100644 index 272a7cc..0000000 --- a/dsa-nagios-nrpe-config/debian/postrm +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# postrm script for dsa-ssh-weak-keys -# -# see: dh_installdeb(1) - -set -e - -case "$1" in - purge) - rm -f /var/cache/dsa/nagios/weak-ssh-keys - ;; - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 diff --git a/dsa-nagios-nrpe-config/debian/rules b/dsa-nagios-nrpe-config/debian/rules deleted file mode 100755 index f992dbc..0000000 --- a/dsa-nagios-nrpe-config/debian/rules +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/make -f - -clean: - dh_testdir - dh_testroot - dh_clean - -build: - -install: - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - - install -m 644 nrpe_dsa.cfg $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios - install -m 755 dsa-check-hpacucli $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-raid-areca $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-raid-dac960 $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-raid-mpt $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-raid-sw $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-raid-3ware $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-running-kernel $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-config $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-dabackup $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-dabackup-server $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-udldap-freshness $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-statusfile $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-samhain $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-mirrorsync $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-soas $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - - install -m 755 dsa-check-puppet $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 755 dsa-check-packages $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins - install -m 644 obsolete-packages-ignore $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios - - install -m 755 apt-status-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa - install -m 755 weak-ssh-keys-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa - - install -m 755 dsa-update-apt-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin - install -m 755 dsa-update-samhain-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin - - -binary-indep: install - dh_testdir - dh_testroot - dh_installchangelogs - dh_installdocs - dh_installcron - dh_compress - dh_fixperms - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -binary-arch: install -binary: binary-indep binary-arch - -.PHONY: clean binary-indep binary-arch binary install build diff --git a/dsa-nagios-nrpe-config/dsa-check-config b/dsa-nagios-nrpe-config/dsa-check-config deleted file mode 100755 index 0d62402..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-config +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/sh - -# Check that debian-admin is in /etc/aliases for root. -# Peter Palfrader, 2008 - -#my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 ); - -set -e -err=0 - -log() { - if [ "$0" == "ok" ] && [ "$err" == 0 ]; then - err=0 - elif [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then - err=1 - elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then - err=2 - elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then - err=3 - fi - if [ "`eval echo \\$$1`" = "" ]; then - eval $1="\"$2\"" - else - eval $1="\"`eval echo \\$$1`; $2\"" - fi -} - - -check_aliases() { - if ! [ -e /etc/aliases ]; then - log unknown "/etc/aliases not found" - return - fi - - if egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then - log ok "debian-admin found in aliases" - return - fi - - log warn "debian-admin not found in root entry in aliases" -} - -check_ldap_conf() { - if ! [ -e /etc/ldap/ldap.conf ]; then - log unknown "/etc/ldap/ldap.conf not found" - return - fi - - if egrep '^URI.*ldap://db.debian.org' /etc/ldap/ldap.conf > /dev/null && - egrep '^BASE.*dc=debian,dc=org' /etc/ldap/ldap.conf > /dev/null && - egrep '^TLS_CACERT.*/etc/ssl/certs/spi-cacert-2008.pem' /etc/ldap/ldap.conf > /dev/null && - egrep '^TLS_REQCERT.*hard' /etc/ldap/ldap.conf > /dev/null ; then - log ok "ldap.conf configured properly" - return - fi - - log warn "ldap.conf does not have URI, BASE, TLS_CACERT, TLS_REQCERT all configured correctly" -} - -check_aliases -check_ldap_conf - -[ "$critical" = "" ] || echo -n "Critical: $critical; " -[ "$warn" = "" ] || echo -n "Warning: $warn; " -[ "$unknown" = "" ] || echo -n "Unknown: $unknown; " -[ "$ok" = "" ] || echo -n "OK: $ok" -echo -exit $err diff --git a/dsa-nagios-nrpe-config/dsa-check-dabackup b/dsa-nagios-nrpe-config/dsa-check-dabackup deleted file mode 100755 index f400023..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-dabackup +++ /dev/null @@ -1,179 +0,0 @@ -#!/usr/bin/perl -w - -# Check the status of da-backup backups -# Copyright 2007 Stephen Gran -# Copyright 2008 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -use strict; -use warnings; -use English; -use Getopt::Long; -use Fcntl qw(:seek); - -my $DABACKUP_CONF = '/etc/da-backup.conf'; -my $MAX_AGE = 30*60*60; -my $TOO_FRESH = 5*60; -my %CODE = ( - 'UNDEF' => -1, - 'OK' => 0, - 'WARNING' => 1, - 'CRITICAL' => 2, - 'UNKNOWN' => 3 -); -$SIG{__DIE__ } = sub() { - print shift; - exit $CODE{'UNKNOWN'}; -}; - - -my $EXITCODE = 'UNDEF'; -my %MESSAGE = (); - -sub problem($$$) { - my ($code, $msg, $resource) = @_; - $MESSAGE{$msg} = [] unless defined $MESSAGE{$msg}; - push @{$MESSAGE{$msg}}, $resource; - $EXITCODE = ($CODE{$code} > $CODE{$EXITCODE}) ? $code : $EXITCODE; -}; - - -sub help($$) { - my ($exitcode, $fd) = @_; - version ($fd, 0); - print $fd "Usage: $PROGRAM_NAME --help\n"; - print $fd "Usage: $PROGRAM_NAME"; - exit $exitcode -}; - -my $params = {}; - -Getopt::Long::config('bundling'); -if (!GetOptions ( - 'h|help' => \$params->{'help'}, - )) { - die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [-fwhv]\n"); -}; - -help(0, *STDOUT) if $params->{'help'}; -help(1, *STDERR) if scalar @ARGV > 0; - - -unless (-e $DABACKUP_CONF) { - if (-e '/etc/da-backup') { - print "WARNING: No $DABACKUP_CONF, but we have /etc/da-backup/\n"; - exit $CODE{'WARNING'}; - }; - if (-e '/var/log/da-backup') { - print "WARNING: No $DABACKUP_CONF, but we have /var/log/da-backup/\n"; - exit $CODE{'WARNING'}; - }; - print "OK: da-backup not installed\n"; - exit $CODE{'OK'}; -}; - -my $confdir; -my $logdir; - -open (FH, "< $DABACKUP_CONF") or die ("Cannot open $DABACKUP_CONF: $!\n"); -while () { - if (/confdir=(.*)/) { - $confdir = $1; - } elsif (/logdir=(.*)/) { - $logdir = $1; - }; -}; - -die ("No confdir found in $DABACKUP_CONF") unless defined $confdir; -die ("No logdir found in $DABACKUP_CONF") unless defined $logdir; - -opendir(DIR, $confdir) or die ("Cannot opendir $confdir: $!\n"); -my %conffiles = map {$_ => 1} grep { !/^\./ && !/\.bak$/} readdir(DIR); -closedir(DIR); - -opendir(DIR, $logdir) or die ("Cannot opendir $logdir: $!\n"); -my %logfiles = map {$_ => 1} grep { !/^\./ && !/\.[0-9]+(\.gz)?$/} readdir(DIR); -closedir(DIR); - -if (scalar keys %conffiles == 0) { - print "WARNING: da-backup installed but no backups configured\n"; - exit $CODE{'WARNING'}; -}; - -for my $f (keys %conffiles) { - unless (exists $logfiles{$f}) { - problem('WARNING', 'no log', $f); - } -} - -FILE: -for my $f (sort {$a cmp $b} keys %logfiles) { - unless (exists $conffiles{$f}) { - problem('WARNING', 'no config', $f); - next; - } - - my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n"); - my $age = time - $stat[10]; - - if ($age < $TOO_FRESH) { # File is too new, let's use the old one - if (-e "$logdir/$f.0") { - $f .= ".0"; - my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n"); - $age = time - $stat[10]; - }; - }; - - if ($age < 0) { - problem('WARNING', 'future timestamp', $f); - next; - } elsif ($age > $MAX_AGE) { - my $hage; - - if ($age > 48 * 3600) { - $hage = sprintf("%d days", $age / 24 / 3600); - } else { - $hage = sprintf("%d hours", $age / 3600); - }; - problem('WARNING', 'old', "$f ($hage)"); - next; - }; - - open(FH, "< $logdir/$f") or die ("Cannot open $logdir/$f: $!\n"); - sysseek(FH, -1024, SEEK_END); # just try it - doesn't matter if it fails - my $last2 = ''; - my $last = ''; - while () { - chomp; - if (/^sent\s+\d+\s+bytes\s+received\s+\d+\s+bytes\s+[\d\.]+\s+bytes\/sec$/) { - problem('OK', 'probably ok', $f); - close(FH); - next FILE; - }; - $last2 = $last; - $last = $_; - }; - problem('CRITICAL', 'FAILED', "$f ($last2 $last)"); -}; - -my $msg = join("; ", map {"$_: ".join(', ', @{$MESSAGE{$_}}) } (sort {$a cmp $b} keys %MESSAGE)); -print $EXITCODE, ": ", $msg, "\n"; -exit $CODE{$EXITCODE}; diff --git a/dsa-nagios-nrpe-config/dsa-check-dabackup-server b/dsa-nagios-nrpe-config/dsa-check-dabackup-server deleted file mode 100755 index c4e4884..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-dabackup-server +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/sh - -# some tests weasel uses to check if da-backup is properly configured: -# Copyright 2008 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - - -set -e -set -u - -err=0 - -log() { - if [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then - err=1 - elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then - err=2 - elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then - err=3 - fi -} - -cd /etc/da-backup-manager - -# check that the files have proper names -for i in *; do - s=`cat "$i" | awk -F = '$1=="source" {print $2}'` - if [ "$s" = "master.debian.org/debian" ] && [ "$i" = "listarchive" ]; then - # historical exception - continue - fi - if [ "`echo $s | tr / -`" != "$i" ]; then - log warn - echo "Mismatch: Filename $i but backup source $s" - fi -done - -# and that source == destination everywhere -for i in *; do - s=`cat $i | awk -F = '$1=="source"{print $2}'` - d=`cat $i | awk -F = '$1=="destination"{print $2}'` - if [ "$d" != "$s" ]; then - log warn - echo "source != dest in $i. ($s != $d)" - fi -done - -# check that everything that has an entry in authorized_keys has one in /etc/da-backup-manager -rsync_targets=`tempfile` -backup_manager_sources=`tempfile` -trap "rm -f '$rsync_targets' '$backup_manager_sources'" 0 1 2 5 15 -cat /root/.ssh/authorized_keys | - grep '^command=' | - sed -e 's/",no-por.*//' -e 's/.*--ignore-errors . //' -e 's#/org/backup.debian.org/staging/##' | - sort > "$rsync_targets" -grep -h source /etc/da-backup-manager/* | - sed -e 's/source=//' | - sort > "$backup_manager_sources" -if ! diff "$rsync_targets" "$backup_manager_sources" > /dev/null; then - log warn - echo "authorized_keys vs. /etc/da-backup-manage mismatch:" - diff "$rsync_targets" "$backup_manager_sources" -fi - -# check that everything listed as either source or destination by da-backup-manager does exist - if stuff is new it might still be missing tho -for i in `awk -F = '$1=="source" {print $2}' /etc/da-backup-manager/* `; do - if ! [ -d "/org/backup.debian.org/staging/$i" ]; then - log warn - echo "Warning: source $i does not exist" - fi -done -for i in ` awk -F = '$1=="destination"{print $2}' /etc/da-backup-manager/* `; do - if ! [ -d "/org/backup.debian.org/backups/$i" ]; then - log warn - echo "Warning: destination $i does not exist (if it is new, it takes a day)" - fi -done - -# check that everything that does exist has an entry in da-backup-manager -cd /org/backup.debian.org/staging -for i in */*; do - if ! [ -d "$i" ]; then - log warn - echo "WTF: staging/$i is not a dir" - continue - fi - if ! grep "source=$i" /etc/da-backup-manager/* > /dev/null; then - log warn - echo "staging/$i is not listed anywhere in /etc/da-backup-manager" - fi -done -cd /org/backup.debian.org/backups -for i in */*; do - if ! [ -d "$i" ]; then - log warn - echo "WTF: backups/$i is not a dir" - continue - fi - if ! grep "destination=$i" /etc/da-backup-manager/* > /dev/null; then - log warn - echo "backups/$i is not listed anywhere in /etc/da-backup-manager" - fi -done - -if [ "$err" = 0 ]; then - echo "da-backup seems to be properly configured" -fi -exit $err diff --git a/dsa-nagios-nrpe-config/dsa-check-hpacucli b/dsa-nagios-nrpe-config/dsa-check-hpacucli deleted file mode 100755 index a347388..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-hpacucli +++ /dev/null @@ -1,216 +0,0 @@ -#!/usr/bin/perl -w - -# check _physical_ disk status of disks on HP smart array controllers -# requires hpacucli -# -# does _not_ check raid status. use arrayprobe for that. - -# Copyright (c) 2008 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -use strict; - -# nagios exit codes -my %CODE = ( - 'OK' => 0, - 'WARNING' => 1, - 'CRITICAL' => 2, - 'UNKNOWN' => 3 -); - -my $EXITCODE = 'OK'; - -$SIG{'__DIE__'} = sub { - print STDERR @_; - exit $CODE{'UNKNOWN'}; -}; - -sub runcmd($) { - my ($cmd) = @_; - $cmd = "sudo hpacucli $cmd"; - open(FH, $cmd."|") or die ("Cannot run $cmd: $!"); - my @lines = ; - close FH; - die ("no results from $cmd\n") if (scalar @lines == 0); - return \@lines; -} - -sub record($) { - my ($newexit) = @_; - die "code $newexit not defined\n" unless defined $CODE{$newexit}; - - if ($CODE{$newexit} > $CODE{$EXITCODE}) { - $EXITCODE = $newexit; - }; -} - - -my $ctrlallshow = runcmd("controller all show"); -my @controllers; -for (@$ctrlallshow) { - chomp; - next if /^$/; - if (/in Slot ([0-9]+) /) { - push @controllers, $1; - next; - }; - die ("Cannot read line '$_' gotten from hpacucli controller all show\n"); -}; - -if (scalar @controllers == 0) { - print "UNKNONW: No smartarray controllers found with hpacucli\n"; - exit $CODE{'UNKNOWN'} -}; - -my @resultstr; - -for my $slot (sort @controllers) { - my $pds = runcmd("controller slot=$slot pd all show"); - my @drives; - my $nodrives = 0; - my %status; - for (@$pds) { - chomp; - next if /^$/; - next if (/^\S.*in Slot $slot/); - next if /^ *array [A-Z]$/; - if (/^ *(array [A-Z]) \(Failed\)$/) { - record('CRITICAL'); - push @{$status{'Failed'}}, $1; - } elsif (/^Error: The specified controller does not have any physical drives on it.$/) { - $nodrives = 1; - } elsif (/^ *physicaldrive (\S+) .* (OK|Predictive Failure|Failed|Rebuilding)(?:, spare)?\)$/) { - my $drive = $1; - my $status = $2; - push @{$status{$status}}, $drive; - if ($status eq 'OK') { - } elsif ($status eq 'Predictive Failure' || - $status eq 'Rebuilding') { - record('WARNING'); - } elsif ($status eq 'Failed') { - record('CRITICAL'); - } else { - record('UNKNOWN'); - }; - push @drives, $drive; - } else { - die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot pd all show\n"); - }; - }; - - # Check that all drives have the proper transfer speed. - # sometimes stuff breaks and they fall back to 10mb/sec. - for my $drive (@drives) { - # skip drives that are known to have failed - next if (exists $status{'Failed'} && grep {$drive eq $_} @{$status{'Failed'}}); - my $type; - if ($drive =~ /^[0-9]+:[0-9]+$/) { # scsi drives - $type = 'SCSI'; - } elsif ($drive =~ /^[0-9]+I:[0-9]+:[0-9]+$/) { # SAS - $type = 'SAS'; - } else { - # I'm not going to run pass arguments of unknown form to the shell.. - warn ("Unknown diskdrive ID $drive\n"); - next; - } - - my $pd = runcmd("controller slot=$slot pd $drive show"); - while (defined $pd->[0] && !($pd->[0] =~ /physicaldrive/)) { - shift @$pd; - }; - shift @$pd; - my %value; - for (@$pd) { - if (m/^\s*(.*?):\s*(.*?)\s*$/) { - $value{$1} = $2; - } - } - - my $key; - my $expected; - if ($type eq 'SCSI') { - $key = 'Transfer Speed'; - if (!defined $value{'Transfer Mode'}) { - record('WARNING'); - push @{$status{'unknown transfer mode'}}, $drive; - next; - } elsif ($value{'Transfer Mode'} eq 'Ultra 3 Wide') { - $expected = '160 MB/Sec'; - } elsif ($value{'Transfer Mode'} eq 'Ultra 320 Wide') { - $expected = '320 MB/Sec'; - } else { - record('WARNING'); - push @{$status{'unknown transfer mode'}}, $drive."(".$value{'Transfer Mode'}.")"; - next; - }; - } elsif ($type eq 'SAS') { - $key = 'PHY Transfer Rate'; - if ($value{'PHY Count'} eq '2') { - $expected = '3.0GBPS, Unknown'; - } else { - $expected = '3.0GBPS'; - } - } else { - warn "Should not be here. Do not know what to do with type '$type'\n"; - next; - } - - if (!defined $value{$key}) { - record('WARNING'); - push @{$status{'unknown transfer speed'}}, $drive; - } elsif ($value{$key} ne $expected) { - record('WARNING'); - push @{$status{'bad transfer speed'}}, $drive."(".$value{$key}.")"; - }; - }; - - if ($nodrives && scalar keys %status > 0) { - push @resultstr, "Slot $slot: have no drives but status results?"; - record('UNKNOWN'); - next; - } elsif ($nodrives) { - push @resultstr, "Slot $slot: no drives"; - next; - }; - - my $cst = runcmd("controller slot=$slot show status"); - for (@$cst) { - chomp; - next if /^$/; - next if (/^\S.*in Slot $slot/); - if (/^ *(.*) Status: (.*)$/) { - my $system = $1; - my $status = $2; - push @{$status{$status}}, $system; - if ($status ne 'OK') { - record('WARNING'); - }; - } else { - die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot show status\n"); - }; - }; - - my $status = join(" - ", (map { $_.": ".join(", ", @{$status{$_}}) } keys %status)); - push @resultstr, "Slot $slot: $status"; -}; - -print "$EXITCODE: ", join(" --- ", @resultstr), "\n"; -exit $CODE{$EXITCODE}; diff --git a/dsa-nagios-nrpe-config/dsa-check-mirrorsync b/dsa-nagios-nrpe-config/dsa-check-mirrorsync deleted file mode 100755 index 4637cab..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-mirrorsync +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/perl -w - -# nagios check for debian security sync checks -# -# Copyright (c) 2008 Alexander Wirt -# Copyright (c) 2009 Peter Palfrader -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 -# USA - -use LWP::UserAgent; -use Socket; -use strict; -use Date::Parse; -use Getopt::Long; -use Date::Parse; -use Date::Format; -use File::Basename; -use English; -use warnings; - - -sub usage($$) { - my ($fh, $exit) = @_; - my $basename = basename($PROGRAM_NAME); - my $VERSION = '0.1'; - - print $fh "$basename $VERSION\n"; - print $fh "Usage: $basename [--help|--version] [--verbose]\n"; - print $fh "\n"; - print $fh " --help Print this short help.\n"; - print $fh " --version Report version number.\n"; - print $fh " --verbose Be a little verbose.\n"; - print $fh " --host hostname to check.\n"; - print $fh " --path path to tracefile.\n"; - print $fh "\n"; - exit ($exit); -}; - - -$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; -delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - -my $params; - -$params->{'host'} = 'security.debian.org'; #which host to check -$params->{'path'} = 'project/trace/security-master.debian.org'; - -my $OK = 0; -my $WARNING = 1; -my $CRITICAL = 2; -my $UNKNOWN = 3; - -if (!GetOptions ( - '--help' => \$params->{'help'}, - '--verbose' => \$params->{'verbose'}, - '--version' => \$params->{'version'}, - '--host=s' => \$params->{'host'}, - '--path=s' => \$params->{'path'}, - )) { - usage(*STDERR,1) -}; -usage(*STDOUT,0) if ($params->{'help'}); -usage(*STDERR,1) if (scalar @ARGV); - -my $host = $params->{'host'}; -my $path = $params->{'path'}; -my @slaves; -my $status; -my @exitstatus; -my $exitcode = $OK; - -@slaves = gethostbyname($params->{'host'}) or die "Can't resolve " . $params->{'host'} .": $!\n"; -@slaves = map { inet_ntoa($_) } @slaves[4 .. $#slaves]; -print "Checking the following hosts:\n" . join("\n", @slaves) . "\n" if $params->{'verbose'}; - -my @critical; - -foreach my $slave (@slaves) { - my $ua = LWP::UserAgent->new; - $ua->proxy('http', "http://$slave"); - print "Requesting http://$host/$path from $slave\n" if $params->{'verbose'}; - my $response = $ua->get("http://$host/$path"); - - - if ($response->is_success) { - my $content = $response->content; # or whatever - my ($date, $foo, $bar) = split("\n", $content); - my $synctime = str2time($date);; - print "$slave last synced $synctime\n" if $params->{'verbose'}; - $status->{$slave}->{'synced'} = $synctime; - } - else { - push @exitstatus, "$slave broken: " . $response->status_line; - $status->{$slave}->{'error'} = $response->status_line; - $exitcode = $CRITICAL; - push @critical, $slave; - } -} - - -my %seen; -my $o_sync = scalar(grep !$seen{$_}++, map{$status->{$_}->{'synced'}} keys(%{$status})); -if ($o_sync > 1) { - $exitcode = $CRITICAL; - $o_sync -= 1; - my @mirrors = sort { $status->{$a}->{'synced'} <=> $status->{$b}->{'synced'} } keys %{$status}; - push @exitstatus, "$o_sync mirror(s) not in sync (from oldest to newest): ". - join(",", splice(@mirrors,0,$o_sync)); -} else { - print "All mirrors unique\n" if $params->{'verbose'}; -} - -if ($exitcode == $CRITICAL) { - print "CRITICAL: " . join(',',@exitstatus) . "\n"; -} elsif ($exitcode == $OK) { - print "OK: all mirrors up2date\n"; -} - -foreach my $mirror (keys(%{$status})) { - if ($status->{$mirror}->{'error'}) { - print "$mirror broken: " . $status->{$mirror}->{'error'} . "\n"; - } else { - print "$mirror last synced: " . localtime($status->{$mirror}->{'synced'}) ."\n"; - } -} - -exit $exitcode; diff --git a/dsa-nagios-nrpe-config/dsa-check-packages b/dsa-nagios-nrpe-config/dsa-check-packages deleted file mode 100755 index 29e7e4d..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-packages +++ /dev/null @@ -1,276 +0,0 @@ -#!/usr/bin/perl - -# dsa-check-packages - -# checks for obsolete/local and upgradeable packages. -# -# packages for the obsolete/local check can be ignored, by -# listing their full name in /etc/nagios/obsolete-packages-ignore -# or by having a regex (starting a line with "/") that matches -# the packagename in said file. -# -# Takes one optional argument, the location of the ignore file. - - -# Copyright (C) 2008, 2009 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -use strict; -use warnings; -use English; - -my $IGNORE = "/etc/nagios/obsolete-packages-ignore"; - -my %CODE = ( - 'OK' => 0, - 'WARNING' => 1, - 'CRITICAL' => 2, - 'UNKNOWN' => 3 -); -my $EXITCODE = 'OK'; -sub record($) { - my ($newexit) = @_; - die "code $newexit not defined\n" unless defined $CODE{$newexit}; - - if ($CODE{$newexit} > $CODE{$EXITCODE}) { - $EXITCODE = $newexit; - }; -} - - - -sub get_packages { - $ENV{'COLUMNS'} = 1000; - $ENV{'LC_ALL'} = 'C'; - open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n"); - my @lines = ; - close(F); - chomp(@lines); - - shift @lines while ($lines[0] !~ /\+\+\+/); - shift @lines; - - my %pkgs; - for my $line (@lines) { - my ($state, $pkg, $version, undef) = split(/ */, $line); - $pkgs{$state}{$pkg} = { 'installed' => $version } - } - - my $installed = $pkgs{'ii'}; - delete $pkgs{'ii'}; - - open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!"; - open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!"; - - open (F, "apt-cache policy ".(join(" ", keys(%$installed)))." |") or die ("Cannot run apt-cache policy: $!\n"); - @lines = ; - close(F); - chomp(@lines); - open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!"; - - my $line; - my $pkgname = undef; - while (defined($line = shift @lines)) { - if ($line =~ /^([^ ]*):$/) { - $pkgname = $1; - } elsif ($line =~ /^ +Installed: (.*)$/) { - # etch dpkg -l does not print epochs, so use this info, it's better - $installed->{$pkgname}{'installed'} = $1; - } elsif ($line =~ /^ +Candidate: (.*)$/) { - $installed->{$pkgname}{'candidate'} = $1; - } elsif ($line =~ /^ +\*\*\*/) { - my @l; - @l = split(/ +/, $line); - $line = shift @lines; - @l = split(/ +/, $line); - $installed->{$pkgname}{'origin'} = $l[2]; - } - } - - my (%current, %obsolete, %outofdate); - for my $pkgname (keys %$installed) { - my $pkg = $installed->{$pkgname}; - - unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) { - $obsolete{$pkgname} = $pkg; - next; - } - - if ($pkg->{'candidate'} ne $pkg->{'installed'}) { - $outofdate{$pkgname} = $pkg; - next; - }; - if ($pkg->{'origin'} eq '/var/lib/dpkg/status') { - $obsolete{$pkgname} = $pkg; - next; - } - $current{$pkgname} = $pkg; - } - - $pkgs{'current'} = \%current; - $pkgs{'outofdate'} = \%outofdate; - $pkgs{'obsolete'} = \%obsolete; - return \%pkgs; -} - -sub load_ignores { - my ($ignorefile, $require_file) = @_; - - my @ignores; - if (!$require_file and ! -e $ignorefile) { - return \@ignores; - } - - open (F, "< $ignorefile") or die ("Cannot open $ignorefile: $!\n"); - @ignores = ; - close F; - chomp(@ignores); - return \@ignores; -} - -sub check_ignore { - my ($pkg, $ignores) = @_; - - my $ignore_this = 0; - for my $ignore (@$ignores) { - my $ig = $ignore; - return 1 if ($ig eq $pkg); - if (substr($ig,0,1) eq '/') { - substr($ig, 0, 1, ''); - $ig =~ s,/$,,; - return 1 if ($pkg =~ /$ig/); - } - } - return 0 -} - -sub filter_ignored { - my ($packages, $ignores) = @_; - - my $obs = $packages->{'obsolete'}; - - my (%ignored, %bad); - for my $pkg (keys %$obs) { - if (check_ignore($pkg, $ignores)) { - $ignored{$pkg} = $obs->{$pkg}; - } else { - $bad{$pkg} = $obs->{$pkg}; - }; - } - delete $packages->{'obsolete'}; - $packages->{'obsolete'} = \%bad; - $packages->{'obsolete-ignored'} = \%ignored; -}; - -sub usage { - my ($fd, $exit) = @_; - print $fd "Usage: $PROGRAM_NAME []\n"; - exit $exit; -} - -my $ignorefile = $IGNORE; -my $ignorefile_userset = 0; -usage(\*STDERR, 1) if (@ARGV > 1); -if (@ARGV == 1) { - usage(\*STDOUT, 0) if ($ARGV[0] eq "-h"); - usage(\*STDOUT, 0) if ($ARGV[0] eq "--help"); - $ignorefile = $ARGV[0]; - $ignorefile_userset = 1; -}; - -my $ignores = load_ignores($ignorefile, $ignorefile_userset); -my $packages = get_packages(); - -filter_ignored($packages, $ignores); - - - -my @reportform = ( - { 'key' => 'obsolete', - 'listpackages' => 1, - 'long' => "%d local or obsolete packages: %s", - 'short' => "%d obs", - 'status' => 'WARNING' }, - { 'key' => 'outofdate', - 'listpackages' => 1, - 'long' => "%d out of date packages: %s", - 'short' => "%d updates", - 'status' => 'WARNING' }, - { 'key' => 'current', - 'listpackages' => 0, - 'long' => "%d packages current.", - 'short' => "%d ok", - 'status' => 'OK' }, - { 'key' => 'obsolete-ignored', - 'listpackages' => 1, - 'long' => "%d whitelisted local or obsolete packages: %s", - 'short' => "%d obs(ignored)", - 'status' => 'OK' }, - { 'key' => 'rc', - 'listpackages' => 1, - 'long' => "%d packages removed but not purged: %s", - 'short' => "%d rc", - 'status' => 'OK' }, - { 'key' => 'hi', - 'listpackages' => 1, - 'long' => "%d packages on hold: %s", - 'short' => "%d hi", - 'status' => 'OK' }, - { 'key' => 'pc', - 'listpackages' => 1, - 'long' => "%d packages requested to be purged but conffiles still installed: %s", - 'short' => "%d pc", - 'status' => 'WARNING' }, - ); - -my @longout; -my @shortout; -for my $form (@reportform) { - my $pkgs = $packages->{$form->{'key'}}; - delete $packages->{$form->{'key'}}; - my $num = scalar keys %$pkgs; - next unless ($num > 0); - if ($form->{'listpackages'}) { - my $list = join(", ", keys %$pkgs); - push @longout, sprintf($form->{'long'}, $num, $list); - } else { - push @longout, sprintf($form->{'long'}, $num); - }; - push @shortout, sprintf($form->{'short'}, $num); - record($form->{'status'}); -}; -if (scalar keys %$packages) { - record('WARNING'); - unshift @shortout, "unk: ".join(", ", keys %$packages); - for my $status (sort {$b cmp $a} keys %$packages) { - my $pkgs = $packages->{$status}; - my $list = join(", ", keys %$pkgs); - unshift @longout, "Unknown package status $status: $list"; - }; -} - -my $shortout = $EXITCODE.": ".join(", ", @shortout); -my $longout = join("\n", @longout); - -print $shortout,"\n"; -print $longout,"\n"; - -exit $CODE{$EXITCODE}; diff --git a/dsa-nagios-nrpe-config/dsa-check-puppet b/dsa-nagios-nrpe-config/dsa-check-puppet deleted file mode 100755 index 332261e..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-puppet +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/env ruby - -require 'optparse' - -class CheckPuppet - - VERSION = '0.1' - script_name = File.basename($0) - - # default options - OPTIONS = { - :statefile => "/var/lib/puppet/state/state.yaml", - :interval => 60, - } - - o = OptionParser.new do |o| - o.set_summary_indent(' ') - o.banner = "Usage: #{script_name} [OPTIONS]" - o.define_head "The check_puppet Nagios plug-in checks that the specified " + - "puppet state file is no older than specified interval." - o.separator "" - o.separator "Mandatory arguments to long options are mandatory for " + - "short options too." - - o.on("-s", "--statefile=statefile", String, "The state file", - "Default: #{OPTIONS[:statefile]}") { |OPTIONS[:statefile]| } - o.on("-i", "--interval=value", Integer, - "Default: #{OPTIONS[:interval]} minutes") { |OPTIONS[:interval]| } - - o.separator "" - o.on_tail("-h", "--help", "Show this help message.") do - puts o - exit - end - - o.parse!(ARGV) - end - - def check_state - - # Set variables - curt = Time.now - intv = OPTIONS[:interval] * 60 - - # Check file time - @modt = 0 - begin - @modt = File.mtime("#{OPTIONS[:statefile]}") - rescue - @file = 3 - end - - diff = (curt - @modt).to_i - - @file = 2 - @file = 0 if diff <= intv - - end - - def output_status - - case @file - when 0 - state = "state file status okay updated on " + @modt.strftime("%m/%d/%Y at %H:%M:%S") - when 2 - state = "state file is missing or older than #{OPTIONS[:interval]} minutes" - when 3 - state = "state file status unknown" - end - - case @file - when 0 - status = "OK" - exitcode = 0 - when 2 - status = "CRITICAL" - exitcode = 2 - when 3 - status = "UNKNOWN" - exitcide = 3 - end - - puts "PUPPET " + status + ": " + state - exit(exitcode) - end -end - -cp = CheckPuppet.new -cp.check_state -cp.output_status - diff --git a/dsa-nagios-nrpe-config/dsa-check-raid-3ware b/dsa-nagios-nrpe-config/dsa-check-raid-3ware deleted file mode 100755 index a9887b9..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-raid-3ware +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/bin/perl -Tw - -# Copyright (C) 2006 Peter Palfrader - -# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers: -# -# nagios ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status -# - -use strict; -use English; -use Getopt::Long; - -$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; -delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - -my $TW_CLI = '/usr/local/bin/tw_cli'; -my $SVN_REVISION_STRING = '$Rev: 313 $'; -my ($SVN_REVISION) = ($SVN_REVISION_STRING =~ /([0-9]+)/); - $SVN_REVISION = 'unknown' unless defined $SVN_REVISION; -my $VERSION = '0.0.0.'.$SVN_REVISION; - -# nagios exit codes -my $UNKNOWN = -1; -my $OK = 0; -my $WARNING = 1; -my $CRITICAL = 2; - -my $params = { - 'no-sudo' => 0, - 'controller' => 0, - 'unit' => 0 - }; - -Getopt::Long::config('bundling'); -if (!GetOptions ( - '--help' => \$params->{'help'}, - '--version' => \$params->{'version'}, - '--verbose' => \$params->{'verbose'}, - '--controller=i' => \$params->{'controller'}, - '--unit=i' => \$params->{'unit'}, - '--no-sudo' => \$params->{'no-sudo'}, - )) { - die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=] [--unit=]\n"); -}; -if ($params->{'help'}) { - print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=] [--unit=]\n"; - print "Checks status of 3ware raid arrays.\n"; - exit (0); -}; -if ($params->{'version'}) { - print "nagios-check-raid-3ware $VERSION\n"; - print "nagios check for 3ware raids\n"; - print "Copyright (c) 2006 Peter Palfrader \n"; - exit (0); -}; - -$SIG{'__DIE__'} = sub { - print STDERR @_; - exit $UNKNOWN; -}; - -unless (-e $TW_CLI) { - print "Cannot find '$TW_CLI'.\n"; - exit $UNKNOWN; -}; - -my $sudo = $params->{'no-sudo'} ? '' : 'sudo '; -my $command = "$sudo $TW_CLI info c$params->{'controller'} u$params->{'unit'} status"; -print STDERR "Running $command\n" if $params->{'verbose'}; -open (TW, "$command|") or die ("Cannot run $command: $!\n"); -my @tw=; -close TW; -if ($CHILD_ERROR) { # program failed - die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n"); -}; - - -my $exit = $UNKNOWN; -my $msg = ''; -for my $line (@tw) { - chomp $line; - next if $line =~ /^$/; - my ($device, $status) = $line =~ m#^(/c[0-9]+/u[0-9]+) status = ([A-Z]+)$#; - unless (defined($device) && defined($status)) { - print "Cannot parse line '$line'\n"; - exit $UNKNOWN; - }; - if ($status eq 'OK' || - $status eq 'VERIFYING') { - $msg .= ($msg eq '' ? '' : '; '). "$device: $status"; - $exit = $exit > $OK ? $exit : $OK; - } elsif ($status eq 'DEGRADED') { - $msg .= ($msg eq '' ? '' : '; '). "$device: $status"; - $exit = $exit > $CRITICAL ? $exit : $CRITICAL; - } elsif ($status eq 'OFFLINE') { - $msg .= ($msg eq '' ? '' : '; '). "$device: $status"; - $exit = $exit > $CRITICAL ? $exit : $CRITICAL; - } else { - $msg .= ($msg eq '' ? '' : '; '). "$device: UNKNOWN STATUS '$status'"; - $exit = $exit > $UNKNOWN ? $exit : $UNKNOWN; - }; -}; - -if ($msg eq '') { - $msg = "No devices found"; - die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN); -} - -print $msg,"\n"; -exit $exit; diff --git a/dsa-nagios-nrpe-config/dsa-check-raid-areca b/dsa-nagios-nrpe-config/dsa-check-raid-areca deleted file mode 100755 index da97c98..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-raid-areca +++ /dev/null @@ -1,267 +0,0 @@ -#!/usr/bin/perl - -# downloaded as check_areca from -# http://www.nagiosexchange.org/cgi-bin/page.cgi?g=1486.html;d=1 -# on 20081001 by weasel. -# -# local changes: fix path to areca_cli - -##################################################### -#Program to check the areca RAID controller for the status of the RAID -#Created: 2007-11-27 -#Version: 1.1.0 -#Revised: 2008-07-23 -#Revised by: Erinn Looney-Triggs -#Author: Erinn Looney-Triggs -#Changelog: -#1.1: Fixed issue with newer versions of the Areca CLI > 1.72 and -#fixed a problem where the RAID name contained spaces -#(Reported by Daniel Philipp). Also did a bit of cleanup. -##################################################### - -use Carp; -use English qw( -no_match_vars ); -use Getopt::Long; #Grab command line switches -use Pod::Usage; -use strict; #Do it right -use warnings; - -$ENV{PATH} = '/usr/local/bin:/usr/bin:'; #Safer path -my $areca_cli = '/usr/local/sbin/areca-cli'; -my $timeout = '10'; #Default timeout of 10 seconds -my $VERSION = '1.1.0'; #Version number - -#Nagios plugin return values, in english -my $OK = '0'; -my $WARNING = '1'; -my $CRITICAL = '2'; -my $UNKNOWN = '3'; - -GetOptions( 'areca_cli|A=s' => \$areca_cli, - 'man' => sub { pod2usage(3) }, - 'timeout|t=i' => \$timeout, - 'usage' => sub { pod2usage(1) }, - 'version' => sub { VersionMessage() }, - 'help' => sub { pod2usage(1) }, -); - -sanity_checks(); -parse_areca( check_areca() ); - -sub check_areca{ - my @output; - - #Timer operation. Times out after $timeout seconds. - eval { - - #Set the alarm and set the timeout - local $SIG{ALRM} = sub { die "alarm\n" }; - alarm $timeout; - - #Run the command - @output = `sudo $areca_cli vsf info`; - if ($?){ - print "Command: cli vsf info failed, " - . "$OS_ERROR $CHILD_ERROR, aborting!\n"; - exit $CRITICAL; - } - - #Reset the alarm if successful - alarm 0; - }; - - #Test return value and exit if eval caught the alarm - if ($EVAL_ERROR) { - if ( $EVAL_ERROR eq "alarm\n" ) { - print "Operation timed out after $timeout seconds.\n"; - exit $CRITICAL; - } - else { - print "An unknown error has occured: $EVAL_ERROR \n"; - exit $UNKNOWN; - } - } - - return @output; -} - -sub parse_areca{ - my @output = @_; - - my $abnormal; #Holds count of non-normal returns - - my @pertinent_lines = grep (/\s\d+\s/, @output); - - for my $line (@pertinent_lines){ - #Strip of leading spaces - $line =~ s/^\s+//; - - #Split the line into discrete parts - my ( $number, $level, $capacity, $state, ) - = (split (/\s+/, "$line"))[0,-4,-3,-1]; - - #If the state is normal continue on in loop - if (lc $state eq "normal"){ - print "|Controller number: $number RAID level: $level " - . "Capacity: $capacity State: $state| "; - } - - #If state is abnormal continue on in loop but add 1 to $abnormal - else{ - print "|Controller number: $number RAID level: $level " - . "Capacity: $capacity State: $state| "; - $abnormal++; - } - } - - #If any abnormalities exist ext with a critical error. - if ($abnormal){ - exit $CRITICAL; - } - else { - exit $OK; - } - - return; #This should never be reached -} - -sub sanity_checks{ - if (! -e $areca_cli){ - print "$areca_cli does not exist, aborting!\n"; - exit $CRITICAL; - } - if (! -x $areca_cli){ - print "$areca_cli is not executable by the running user, aborting!\n"; - exit $CRITICAL; - } - - return; #This should never be reached -} - -#Version message information displayed in both --version and --help -sub main::VersionMessage { - - print <<"EOF"; -This is version $VERSION of check_areca. - -Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs\@gmail.com). -All rights reserved. - -This module is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License. -See http://www.fsf.org/licensing/licenses/gpl.html - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -EOF - - exit 1; -} - -__END__ - -=head1 NAME - -check_areca - Checks the status of an Areca RAID via the Areca CLI utility. - -=head1 VERSION - -This documentation refers to check_areca version 1.1.0 - -=head1 USAGE - -check_areca.pl - -=head1 REQUIRED ARGUMENTS - -None - -=head1 OPTIONS - - --areca_cli (-A) Set the location of the Areca cli executable. - --help Display usage information. - --man Display the entire POD documentation - --timeout (-t) Sets the timeout, defaults to 10 seconds. - --usage Display usage information (same as --help) - --version Display the version number - - -=head1 DESCRIPTION - -This is a Nagios plugin that runs the Areca CLI to check the status of the -RAID controller. It then parses the resultant exit information and -passes the output to NRPE. - -=head1 DIAGNOSTICS - -=head2 Command: cli vsf info failed, aborting! - -For some reason the command trying to be run failed. Try running it by hand -and seeing if it runs properly. - -=head2 Operation timed out after seconds. - -Running the command failed after a certain amount of time (defaults to 10 -seconds). Try using the --timeout (-t) switch and increasing the timeout -threshold. Also try running the command by hand and see if it is hanging. - -=head2 An unknown error has occurred: - -Just what it says, running the cli command threw an unknown error and the -process died. Run the CLI command by hand and see if you receive proper -output. - -=head2 does not exist, aborting! - -The binary that the script is looking to run does not exist. By default -check_areca looks in /usr/local/areca/bin/ for the cli. However, you can -change this default by setting the --areca_cli (-A) flag from the command -line - -=head2 is not executable by the running user, aborting! - -The cli program was found but it is not executable by the current user, -usually this is the nagios user. - -=head1 CONFIGURATION AND ENVIRONMENT - -The Areca cli program should be available on the system. By default -check_areca looks in /usr/local/areca/bin/cli for the cli. You can set the -location using the --areca_cli (-A) flag from the command line. - -It is helpful to have an Areca RAID controller on the system being checked. - -=head1 DEPENDENCIES - - check_areca depends on the following modules: - POSIX Standard Perl 5.8 module - Getopt::Long Standard Perl 5.8 module - Pod::USAGE Standard Perl 5.8 module - -=head1 INCOMPATIBILITIES - -None known yet. - -=head1 BUGS AND LIMITATIONS - -Bugs, never heard of 'em ;). -If you encounter any bugs let me know. (erinn.looneytriggs@gmail.com) - -=head1 AUTHOR - -Erinn Looney-Triggs (erinn.looneytriggs@gmail.com) - -=head1 LICENCE AND COPYRIGHT - -Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs@gmail.com). -All rights reserved. - -This module is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License. -See L. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/dsa-nagios-nrpe-config/dsa-check-raid-dac960 b/dsa-nagios-nrpe-config/dsa-check-raid-dac960 deleted file mode 100755 index 7893365..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-raid-dac960 +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -# Nagios check for Mylex DAC960/AcceleRAID/eXtremeRAID PCI RAID Controllers -# -# Some background information on the driver is available at -# http://home.germany.net/100-120220/mylex/DAC960.README -# -# Written 2008 Peter Palfrader - -if [ -e /proc/rd/status ]; then - status=`cat /proc/rd/status` - if [ "$status" = "OK" ]; then - echo "OK: all DAC960 controllers operating normally; no (non-standby) failures have occurred" - exit 0; - else - echo "CRITICAL: proc/rd/status is $status" - exit 2; - fi; -else - echo "UNKNOWN: No DAC960 controllers in the system" - exit 3; -fi diff --git a/dsa-nagios-nrpe-config/dsa-check-raid-mpt b/dsa-nagios-nrpe-config/dsa-check-raid-mpt deleted file mode 100755 index f4f3407..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-raid-mpt +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/perl -Tw - -# Copyright (C) 2008 Peter Palfrader - -# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers: -# -# nagios ALL=(ALL) NOPASSWD: /usr/sbin/mpt-status -s -# - -use strict; -use English; -use Getopt::Long; - -$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; -delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; - -my $MPT_STATUS = '/usr/sbin/mpt-status'; - -# nagios exit codes -my $UNKNOWN = -1; -my $OK = 0; -my $WARNING = 1; -my $CRITICAL = 2; - -$SIG{'__DIE__'} = sub { - print STDERR @_; - exit $UNKNOWN; -}; - -unless (-e $MPT_STATUS) { - print "Cannot find '$MPT_STATUS'.\n"; - exit $UNKNOWN; -}; - -my $command = "sudo $MPT_STATUS -s"; -open (MPT, "$command|") or die ("Cannot run $command: $!\n"); -my @tw=; -close MPT; -if ($CHILD_ERROR) { # program failed - die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n"); -}; - - -my $exit = $UNKNOWN; -my $msg = ''; -for my $line (@tw) { - chomp $line; - next if $line =~ /^$/; - my ($device, $num, $status) = $line =~ m#^(log_id|vol_id|phys_id)\s+([0-9]+)\s+(.*)$#; - unless (defined($device) && defined($num) && defined($status)) { - print "Cannot parse line '$line'\n"; - exit $UNKNOWN; - }; - if ($status eq 'OPTIMAL' || - $status eq 'ONLINE') { - $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status"; - $exit = $exit > $OK ? $exit : $OK; - } else { - $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status"; - $exit = $exit > $CRITICAL ? $exit : $CRITICAL; - }; -}; - -if ($msg eq '') { - $msg = "No devices found"; - die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN); -} - -print $msg,"\n"; -exit $exit; diff --git a/dsa-nagios-nrpe-config/dsa-check-raid-sw b/dsa-nagios-nrpe-config/dsa-check-raid-sw deleted file mode 100755 index 0297036..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-raid-sw +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/perl -w -# ------------------------------------------------------------------------------ -# File Name: chech_raid.pl -# Author: Thomas Nilsen - Norway -# Date: 14/06/2003 -# Version: 0.1 -# Description: This script will check to see if any software raid -# devices are down. -# Email: thomas.nilsen@doc-s.co.uk -# WWW: www.doc-s.co.uk -# ------------------------------------------------------------------------------ -# Copyright 2003 (c) Thomas Nilsen -# Credits go to Ethan Galstad for coding Nagios -# License GPL -# ------------------------------------------------------------------------------ -# Date Author Reason -# ---- ------ ------ -# 2008-03-31 Peter Palfrader Return warning on running resync -# 2007-11-07 Peter Palfrader Return unknown if /proc/mdstat does not exist -# 05/10/2004 Peter Palfrader Make it work without that 'use util (vars)' -# 14/06/2003 TN Initial Release -# - Format of mdstat assumed to be "2 line" per -# device with [??] on the second line. -# ------------------------------------------------------------------------------ - -use strict; -use warnings; -use Getopt::Long;; -use vars qw($opt_V $opt_h $opt_t $opt_F $PROGNAME); -use lib '/usr/local/nagios/libexec/'; -my $TIMEOUT=15; -my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 ); - - -$PROGNAME="check_raid"; - -sub print_help (); -sub print_usage (); - -$ENV{'PATH'}=''; -$ENV{'BASH_ENV'}=''; -$ENV{'ENV'}=''; -my ( $line, $stat, $state ,@device, $msg, $status, $timeout); - -$stat="/proc/mdstat"; - -#Option checking -Getopt::Long::Configure('bundling'); -$status = GetOptions( - "V" => \$opt_V, "version" => \$opt_V, - "h" => \$opt_h, "help" => \$opt_h, - "F" => \$opt_F, "filename" => \$opt_F, - "t" => \$opt_t, "timeout" => \$opt_t); -# Version -if ($opt_V) { - print($PROGNAME,': $Revision: 0.1 $'); - exit $ERRORS{'OK'}; -} -# Help -if ($opt_h) { - print_help(); - exit $ERRORS{'OK'}; -} -# Filename supplied -if ($opt_F) { - $opt_F = shift; - $stat = $1 if ($opt_F =~ /^(.*)$/); - - if ( ! -r $stat ) { - print "Invalid mdstat file: $opt_F\n"; - exit $ERRORS{'UNKNOWN'}; - } -} - -$timeout = $TIMEOUT; -($opt_t) && ($opt_t =~ /^([0-9]+)$/) && ($timeout = $1); - -# Just in case of problems, let's not hang Nagios -$SIG{'ALRM'} = sub { - print ("ERROR: No response (alarm)\n"); - exit $ERRORS{'UNKNOWN'}; -}; -alarm($timeout); - -# Start checking the file... -open (FH, $stat) or print("UNKNOWN: Cannot open $stat: $!\n"), exit $ERRORS{'UNKNOWN'}; - -my @failed = (); -my @resyncing = (); -my $device = ''; - -# Now check the mdstat file.. -while () { - $line = $_; - if ($line =~ /^(md\S*) /) { - $device = $1; - } elsif( $line =~ / \[_|_\]|U_|_U /) { - push @failed, $device; - } - elsif ( $line =~ / resync /) { - # [==>..................] resync = 10.3% (15216320/146994624) finish=2153.2min speed=1018K/sec - my ($percent) = ($line =~ m# resync = ([0-9.]+%)#); - my ($finish) = ($line =~ m# finish=([0-9.]+min)#); - my ($speed) = ($line =~ m# speed=([0-9.]+K/sec)#); - push @resyncing, "$device ($percent done, finish in $finish at $speed)"; - } -} -close (FH); - -if (scalar @failed > 0) { - if (scalar @failed == 1) { - print "CRITICAL - Device $failed[0] has failed.\n"; - } else { - print "CRITICAL - Devices ".join(", ", @failed)." have failed.\n" - }; - exit $ERRORS{'CRITICAL'}; -} elsif (scalar @resyncing > 0 ) { - print "WARNING: Resyncing: ".(join "; ", @resyncing)."\n"; - exit $ERRORS{'WARNING'}; -} else { - print "OK - All devices are online\n"; - exit $ERRORS{'OK'}; -}; - - -sub print_usage () { - print "Usage: $PROGNAME -t -F \n"; -} - -sub print_help () { - print_revision($PROGNAME,'$Revision: 0.1 $'); - print "Copyright (c) 2003 Thomas Nilsen/Karl DeBisschop\n"; - print "\n"; - print_usage(); - print "Checks the mdstat file for errors on any configured software raid.\n --t ( --timeout=INTEGER) - Seconds before script times out (default: 10)\n --F ( --filename=FILE) - Full path and name to mdstat file (usually '/proc/mdstat') \n\n"; -} diff --git a/dsa-nagios-nrpe-config/dsa-check-running-kernel b/dsa-nagios-nrpe-config/dsa-check-running-kernel deleted file mode 100755 index 818288f..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-running-kernel +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash - -# Check if the running kernel has the same version string as the on-disk -# kernel image. - -# Copyright 2008 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -OK=0; -WARNING=1; -CRITICAL=2; -UNKNOWN=3; - -get_offset() { - local file needle - - file="$1" - needle="$2" - perl -e ' - undef $/; - $i = index(<>, "'"$needle"'"); - if ($i < 0) { - exit 1; - }; - print $i,"\n"' < "$file" -} - -get_image() { - local image GZHDR1 GZHDR2 off - - image="$1" - - GZHDR1="\x1f\x8b\x08\x00" - GZHDR2="\x1f\x8b\x08\x08" - - off=`get_offset "$image" $GZHDR1` - [ "$?" != "0" ] && off="-1" - if [ "$off" -eq "-1" ]; then - off=`get_offset "$image" $GZHDR2` - [ "$?" != "0" ] && off="-1" - fi - if [ "$off" -eq "0" ]; then - zcat < "$image" - return - elif [ "$off" -ne "-1" ]; then - (dd ibs="$off" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | zcat 2>/dev/null - return - fi - - echo "ERROR: Unable to extract kernel image." 2>&1 - exit 1 -} - -searched="" -for on_disk in \ - "/boot/vmlinuz-`uname -r`"\ - "/boot/vmlinux-`uname -r`"; do - - if [ -e "$on_disk" ]; then - on_disk_version="`get_image "$on_disk" | strings | grep 'Linux version' | head -n1`" - [ -z "$on_disk_version" ] || break - on_disk_version="`cat "$on_disk" | strings | grep 'Linux version' | head -n1`" - [ -z "$on_disk_version" ] || break - - echo "UNKNOWN: Failed to get a version string from image $on_disk" - exit $UNKNOWN - fi - searched="$searched $on_disk" -done - -if ! [ -e "$on_disk" ]; then - echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running" - exit $WARNING -fi - - -running_version="`cat /proc/version`" -if [ -z "$running_version" ] ; then - echo "UNKNOWN: Failed to get a version string from running system" - exit $UNKNOWN -fi - -if [ "$running_version" != "$on_disk_version" ]; then - echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]" - exit $WARNING -else - echo "OK: Running kernel matches on disk image: [$running_version]" - exit $OK -fi diff --git a/dsa-nagios-nrpe-config/dsa-check-samhain b/dsa-nagios-nrpe-config/dsa-check-samhain deleted file mode 100755 index c6b3f4f..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-samhain +++ /dev/null @@ -1,216 +0,0 @@ -#!/usr/bin/perl -w - -# check_samhain.pl - check to see how many policy violations are reported -# by the samhain file integrity checker. -# -# Copyright Rainer Wichmann (2004) -# Copyright Martin Zobel-Helas (2008) -# -# License Information: -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# -############################################################################ - -# -------------------------------------------------------------------[ Uses ]-- - -use strict; -use Getopt::Long; -use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval); -use lib "/usr/lib/nagios/plugins"; -use utils qw(%ERRORS &print_revision); - -#my $TIMEOUT = 15; -#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); -#sub print_revision ($$); - -# ----------------------------------------------------[ Function Prototypes ]-- - -sub print_help (); -sub print_usage (); -sub process_arguments (); - -# ------------------------------------------------------------[ Environment ]-- - -$ENV{'PATH'}=''; -$ENV{'BASH_ENV'}=''; -$ENV{'ENV'}=''; - -# -----------------------------------------------------------------[ Global ]-- - -$PROGNAME = "dsa-check-samhain"; -$SAMHAIN = "/usr/sbin/samhain"; - -# ----------------------------------------------------------------[ options ]-- - -Getopt::Long::Configure('bundling'); -$status = process_arguments(); -if ($status){ - print "ERROR: processing arguments\n"; - exit $ERRORS{"UNKNOWN"}; -} - -# ----------------------------------------------------------------[ timeout ]-- - -$SIG{'ALRM'} = sub { - print ("ERROR: timed out waiting for $SAMHAIN\n"); - exit $ERRORS{"WARNING"}; -}; -alarm($opt_t); - -# ----------------------------------------------------------[ start samhain ]-- - -if ( defined $SAMHAIN && -x $SAMHAIN ) { - if (! open (SHPIPE, "/usr/bin/sudo $SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) { - print "ERROR: could not popen $SAMHAIN \n"; - exit $ERRORS{'UNKNOWN'}; - } -}else{ - print "ERROR: Could not find samhain executable!\n"; - exit $ERRORS{'UNKNOWN'}; -} - -# ---------------------------------------------------------[ read from pipe ]-- - -$status = 0; - -while () { - if (/POLICY/) { - ++$status; - print $_ if $verbose; - } -} - -if ($status < $opt_w) { - $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)"; - $state = $ERRORS{'OK'}; -} elsif ($status >= $opt_w && $status < $opt_c) { - $msg = "WARNING: $status policy violations (threshold w=$opt_w)"; - $state = $ERRORS{'WARNING'}; -} else { - $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)"; - $state = $ERRORS{'CRITICAL'}; -} - -# -------------------------------------------------------------[ close pipe ]-- - -close (SHPIPE); - -# declare an error if we also get a non-zero return code from samhain - -if ( $? ) { - $retval = $? / 256; - if ( $! ) { - print "Error closing $SAMHAIN: $!\n" if $verbose; - } else { - print "$SAMHAIN returned exit status $retval\n" if $verbose; - } - if ($state == $ERRORS{"CRITICAL"}) { - $state = $ERRORS{"CRITICAL"}; - } else { - print "ERROR: $SAMHAIN exit status $retval\n"; - exit $ERRORS{'UNKNOWN'}; - } -} - -# -------------------------------------------------------------------[ exit ]-- - -print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n"; -exit $state; - - -# ------------------------------------------------------------[ Subroutines ]-- - -sub process_arguments(){ - GetOptions - ("V" => \$opt_V, "version" => \$opt_V, - "h" => \$opt_h, "help" => \$opt_h, - "v" => \$opt_v, "verbose" => \$opt_v, - "w=i" => \$opt_w, "warning=i" => \$opt_w, - "c=i" => \$opt_c, "critical=i" => \$opt_c, - "t=i" => \$opt_t, "timeout=i" => \$opt_t - ); - - if ($opt_V) { - print_revision($PROGNAME,'$Revision: 1.0 $ '); - exit $ERRORS{'OK'}; - } - - if ($opt_h) { - print_help(); - exit $ERRORS{'OK'}; - } - - if (defined $opt_v ){ - $verbose = $opt_v; - } - - unless (defined $opt_t) { - $opt_t = $utils::TIMEOUT ; # default timeout - # $opt_t = $TIMEOUT ; - } - - unless (defined $opt_w) { - $opt_w = 1; - } - - unless (defined $opt_c) { - $opt_c = 1; - } - - if ( $opt_w > $opt_c) { - print "Warning cannot be greater than Critical!\n"; - exit $ERRORS{'UNKNOWN'}; - } - - return $ERRORS{'OK'}; -} - -sub print_usage () { - print "Usage: $PROGNAME [-w ] [-c ] [-t ]\n"; -} - -sub print_help () { - print_revision($PROGNAME, '$Revision: 1.0 $'); - print "Copyright (c) 2004 Rainer Wichmann - -This plugin checks the number of policy violations reported by the -samhain file intgrity checker - -"; - print_usage(); - print " --w, --warning=INTEGER - Minimum number of policy violations for which a WARNING status will result --c, --critical=INTEGER - Minimum number of policy violations for which a CRITICAL status will result --t, --timeout=SECONDS - The number of seconds after which a the plugin will timeout --v, --verbose - Verbose output --h, --help - Show this help message --V, --version - Show the version of the plugin - -"; -} - -#sub print_revision ($$) { -# my $commandName = shift; -# my $pluginRevision = shift; -# $pluginRevision =~ s/^\$Revision: //; -# $pluginRevision =~ s/ \$\s*$//; -# print "$commandName (samhain 2.2.3) $pluginRevision\n"; -#} diff --git a/dsa-nagios-nrpe-config/dsa-check-soas b/dsa-nagios-nrpe-config/dsa-check-soas deleted file mode 100755 index 9d05fff..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-soas +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/ruby - -# Copyright 2006 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -require 'resolv' -require 'optparse' -require 'yaml' - -NAGIOS_STATUS = { :OK => 0, :WARNING => 1, :CRITICAL => 2, :UNKNOWN => -1 }; -@verbose = 0; -@additional_nameservers = [] - -def show_help(parser, code=0, io=STDOUT) - program_name = File.basename($0, '.*') - io.puts "Usage: #{program_name} [options] [ ...]" - io.puts parser.summarize - exit(code) -end -ARGV.options do |opts| - opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) } - opts.on("-v", "--verbose" , String, "Be verbose") { @verbose += 1 } - opts.on("-a", "--add=HOST" , String, "Also check SOA on ") { |val| @additional_nameservers << val } - opts.parse! -end -show_help(ARGV.options, 1, STDERR) if ARGV.length == 0 - -warnings = [] -oks = [] - -dns = Resolv::DNS.new -ARGV.each{ |domain| - serial = [] - nameservers = dns.getresources(domain, Resolv::DNS::Resource::IN::NS) - nameservernames = nameservers.collect{ |ns| ns.name.to_s } - nameservernames = nameservernames.concat @additional_nameservers - nameservernames.each{ |nameserver| - puts "Testing nameserver #{nameserver} for #{domain}" if @verbose > 0 - arecords = dns.getresources(nameserver, Resolv::DNS::Resource::IN::A) - warnings << "Nameserver #{nameserver} for #{domain} has #{arecords.length} A records" if arecords.length != 1 - arecords.each{ |a| - puts " Nameserver #{nameserver} is at #{a.address}" if @verbose > 0 - begin - resolver = Resolv::DNS.new({:nameserver => a.address.to_s}) - soas = resolver.getresources(domain, Resolv::DNS::Resource::IN::SOA) - rescue SystemCallError => e - warnings << "Could not resolve #{domain} on #{nameserver}: #{e.message}" - else - resolver.close - warnings << "Nameserver #{nameserver} for #{domain} returns #{soas.length} SOAs" if soas.length != 1 - soas.each{ |soa| - puts " Nameserver #{nameserver} returns serial #{soa.serial} for #{domain}" if @verbose > 0 - serial << soa.serial unless serial.include? soa.serial - } - end - } - } - case serial.length - when 0 - warnings << "Found no serials for #{domain}" - when 1 - oks << "#{domain} is at #{serial.first}" - else - warnings << "Nameservers disagree on serials for #{domain}: found #{serial.join(', ')}" if serial.length != 1 - end -} -dns.close - -if warnings.length > 0 - puts warnings.join('; ') - exit NAGIOS_STATUS[:WARNING] -else - puts oks.join('; ') - exit NAGIOS_STATUS[:OK] -end diff --git a/dsa-nagios-nrpe-config/dsa-check-statusfile b/dsa-nagios-nrpe-config/dsa-check-statusfile deleted file mode 100755 index a69d977..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-statusfile +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/ruby - -# Relay the status of a check that was previously run and which stored -# its result in a file to nagios. -# -# Copyright 2008 Peter Palfrader -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -require 'resolv' -require 'optparse' - -NAGIOS_STATUS = { "OK" => 0, "WARNING" => 1, "CRITICAL" => 2, "UNKNOWN" => 3 } -UNITS_TO_SECONDS = { 's' => 1, 'm' => 60, 'h' => 60*60, 'd' => 24*60*60 } - -def show_help(parser, code=0, io=STDOUT) - program_name = File.basename($0, '.*') - io.puts "Usage: #{program_name} [options] " - io.puts parser.summarize - exit(code) -end - -max_age = "26h" -ARGV.options do |opts| - opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) } - opts.on("-a", "--age=AGE" , String, "maximum age, in seconds (or use Nm, Nh or Nd) - default is 26h") { |max_age| } - opts.parse! -end -show_help(ARGV.options, 1, STDERR) if ARGV.length != 1 - -statusfile = ARGV.shift - -# find out what the max age is that we accept -unless (m = /^([0-9]+)([smhd])?$/.match max_age) - STDERR.puts "Invalid age #{age}." - show_help(ARGV.options, 1, STDERR) if ARGV.length != 1 -end -max_age = m[1].to_i * UNITS_TO_SECONDS[m[2] ? m[2] : 's'] - -# let's see if it exists -unless File.exists? statusfile - puts "UNKNOWN: #{statusfile} does not exist." - exit NAGIOS_STATUS['UNKNOWN'] -end - - -mtime = File.stat(statusfile).mtime -if mtime + max_age < Time.now - puts "WARNING: #{statusfile} is old: #{mtime}" - exit NAGIOS_STATUS['WARNING'] -end - -status = File.new(statusfile) -returnvalue = status.readline.chomp - -unless NAGIOS_STATUS.has_key? returnvalue - puts "UNKNOWN: #{statusfile} has invalid return value: #{returnvalue}" - exit NAGIOS_STATUS['UNKNOWN'] -end - -status.readlines.each do |line| - print line -end -exit NAGIOS_STATUS[returnvalue] diff --git a/dsa-nagios-nrpe-config/dsa-check-udldap-freshness b/dsa-nagios-nrpe-config/dsa-check-udldap-freshness deleted file mode 100755 index be2a6da..0000000 --- a/dsa-nagios-nrpe-config/dsa-check-udldap-freshness +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/perl -w - -use strict; -my %CODE = ( - 'UNDEF' => -1, - 'OK' => 0, - 'WARNING' => 1, - 'CRITICAL' => 2, - 'UNKNOWN' => 3 -); - -my $f; - -$SIG{__DIE__ } = sub() { - print shift; - exit $CODE{'UNKNOWN'}; -}; - -if ( -e "/var/lib/misc/thishost/passwd.tdb" ) { - $f = "/var/lib/misc/thishost/passwd.tdb"; -} else { - my $hostname = `hostname -f`; - chomp $hostname; - $hostname =~ m/^([a-z]+(?:\.[a-z]+)+)$/; - die "Weird hostname '$hostname'\n" unless defined $1; - $hostname = $1; - if ( -e "/var/lib/misc/$hostname/passwd.tdb" ) { - $f = "/var/lib/misc/$hostname/passwd.tdb"; - }; -}; - -die "Could not find passwd.tdb" unless defined $f; - -my @stat = stat($f) or die ("Cannot stat $f: $!\n"); -my $age = time - $stat[10]; -my $hage; -if ($age > 48 * 3600) { - $hage = sprintf("%.1f days", $age / 24 / 3600); -} elsif ($age > 3600) { - $hage = sprintf("%.1f hours", $age / 3600); -} else { - $hage = sprintf("%d minutes", $age / 60); -}; - -if ($age > 60*60) { - print "WARNING: ud-ldap info is $hage old\n"; - exit $CODE{'WARNING'}; -}; -print "OK: ud-ldap info is $hage old\n"; -exit $CODE{'OK'}; diff --git a/dsa-nagios-nrpe-config/dsa-update-apt-status b/dsa-nagios-nrpe-config/dsa-update-apt-status deleted file mode 100755 index 3e3acef..0000000 --- a/dsa-nagios-nrpe-config/dsa-update-apt-status +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/sh - -UPDATE_RUNS=3 -STATUS=/var/cache/dsa/nagios/apt -SLEEP_MAX=$(( 15 * 60 )) -MAX_AGE=$(( 23 * 60 * 60 )) - -# we want to run if any of the following things is true -# - we have never run before -# - var/lib/dpkg/status has been touched since the last run -# - var/cache/apt/pkgcache.bin has been touched since the last run -# - our last run ended with 'apt-get update failed' -# - our last run has been more than MAX_AGE (23hrs) ago -run_required() { - local run=0 - local norun=1 - - [ -e "$STATUS" ] || return $run - [ /var/lib/dpkg/status -nt "$STATUS" ] && return $run - [ /var/cache/apt/pkgcache.bin -nt "$STATUS" ] && return $run - grep "apt-get update failed" "$STATUS" > /dev/null && return $run - - local last_mod - last_mod=`stat -c "%Y" "$STATUS"` - now=`date +%s` - age=$(( $now - $last_mod )) - [ "$age" -gt "$MAX_AGE" ] && return $run - - return $norun -} - -# do stuff only when required -run_required || exit - -# sleep if called non-interactively -if [ -z "$TERM" -o "$TERM" = "dumb" ]; then - sleep $(( $RANDOM % $SLEEP_MAX )) -fi - -# run apt-get update, retry a few times if it fails -count=0 -while [ "$count" -lt "$UPDATE_RUNS" ]; do - apt-get update -qq >/dev/null >&2 - if [ "$?" = "0" ]; then break; fi - sleep $(( $RANDOM % 600 )) - count="$(( $count + 1 ))" -done -if [ "$count" -ge "$UPDATE_RUNS" ]; then - (echo "WARNING" - echo "apt-get update failed") > "$STATUS" - exit 1 -fi - -# run the apt check itself -tmp=`tempfile` -trap "rm -f '$tmp'" exit -#/usr/share/dsa/apt-status-check --noupdate --timeout=600 > "$tmp" -/usr/lib/nagios/plugins/dsa-check-packages > "$tmp" -result="$?" -case "$result" in - 0) - st="OK" - ;; - 1) - st="WARNING" - ;; - 2) - st="CRITICAL" - ;; - *) - st="UNKNOWN" - ;; -esac -(echo "$st"; cat "$tmp") > "$STATUS" diff --git a/dsa-nagios-nrpe-config/dsa-update-samhain-status b/dsa-nagios-nrpe-config/dsa-update-samhain-status deleted file mode 100755 index 22bd1dc..0000000 --- a/dsa-nagios-nrpe-config/dsa-update-samhain-status +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -STATUS=/var/cache/dsa/nagios/samhain - -tmp=`tempfile` -trap "rm -f '$tmp'" exit -/usr/lib/nagios/plugins/dsa-check-samhain -t 1800 > "$tmp" -result="$?" -case "$result" in - 0) - st="OK" - ;; - 1) - st="WARNING" - ;; - 2) - st="CRITICAL" - ;; - *) - st="UNKNOWN" - ;; -esac -(echo "$st"; cat "$tmp") > "$STATUS" diff --git a/dsa-nagios-nrpe-config/obsolete-packages-ignore b/dsa-nagios-nrpe-config/obsolete-packages-ignore deleted file mode 100644 index 7dd79e5..0000000 --- a/dsa-nagios-nrpe-config/obsolete-packages-ignore +++ /dev/null @@ -1,4 +0,0 @@ -/linux-image-.*/ -/kernel-image-.*/ -buildd -sbuild diff --git a/dsa-nagios-nrpe-config/weak-ssh-keys-check b/dsa-nagios-nrpe-config/weak-ssh-keys-check deleted file mode 100755 index e35a8a1..0000000 --- a/dsa-nagios-nrpe-config/weak-ssh-keys-check +++ /dev/null @@ -1,340 +0,0 @@ -#!/usr/bin/perl - -# This cheak is based on code from the Debian/OpenSSL Weak Key Detector -# written by Florian Weimer . -# The code has been modified and enhanced by Alexander Wirt -# to use it as a nagios check. -# -# Copyright (c) 2008, Florian Weimer for the original -# Debian/OpenSSL Weak Key Detector -# (http://security.debian.org/project/extra/dowkd/dowkd.pl.gz) -# -# Copyright (c) 2008, Alexander Wirt for check_weakkeys -# -# Copyright (c) 2008 Peter Palfrader -# -# Permission to use, copy, modify, and/or distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# - -=pod - -=head1 NAME - -B - checks system for weak ssh keys - -=cut - -=head1 SYNOPSIS - -B [options] - -=cut - -=head1 DESCRIPTION - -B checks for all users if there id_rsa, id_dsa or -authorized_key files if they contain weak ssh keys created by a Debian with a -broken libssl (see DSA-1571 for more informations). Optionally -can spit out a warning of there are any DSA keys left in key or authorized_key -files. To work it needs a database of precomputed hashes of known weak keys. -This file is expected as an bdb database with the hash (like -03:a2:f0:46:7f:13:9f:5f:96:71:a9:b8:a0:1c:01:05) as key. See for -such a database generator. outputs his data to STDOUT or to a -file. It meaned to be picked up by an nagios check like B -from Peter Palfrader. - -=cut - -=head1 OPTIONS - -=over 4 - -=item B<-h, --help> - -Prints out a brief help - -=item B<-s, --statusfile> "statusfile" - -Use 'F' instead of 'F'. - -=item B<-f, --fprdb> "database" (default: /var/lib/dsa/ssh-weak-keys.db) - -Use 'F' instead of 'F' -as fingerprint database. - -=item B<-n, --dsa_nowarn> - -Don't warn for DSA keys - -=back - -=cut - -use strict; -use warnings; - -use File::Temp; -use BerkeleyDB; -use Pod::Usage; -use Getopt::Long; -use IPC::Open3; - -my $fprdb_fname = "/var/lib/dsa/ssh-weak-keys.db" ; -my ($outfile, $help); -my $dsa_nowarn = 0; - -GetOptions( 'help|h' => \$help, #Help function - 'statusfile|s=s' => \$outfile, - 'fprdb|f=s' => \$fprdb_fname, - 'n|dsa_nowarn' => \$dsa_nowarn, -); - -pod2usage(1) if $help; - -my $fh; -if ($outfile) { - open ($fh, '>', $outfile) - or die "Could not open statusfile '$outfile' for writing: $!"; -} else { - $fh = *STDOUT; -} - -my %fpr_hash; -tie %fpr_hash, 'BerkeleyDB::Btree', - -Filename => $fprdb_fname, - -Flags => DB_RDONLY - or die "Cannot open fingerprint db $fprdb_fname: $! $BerkeleyDB::Error\n"; - - -my ($weak_keys,$checked_keys) = 0; -my $dsa_keys = 0; -my $weird_keyfiles = 0; -my $text = ''; -my %key_sizes; - - - -#&from_user_all; -&from_debianorg_places; -&from_ssh_host(qw(localhost)); - -my $status="OK"; -if ($weak_keys) { - $status = "CRITICAL"; -} elsif ($dsa_keys && ! $dsa_nowarn || $weird_keyfiles) { - $status = "WARNING"; -} - -print $fh "$status\n"; -print $fh "Checked $checked_keys keys - $weak_keys weak - $dsa_keys dsa keys\n"; -print $fh "Sizes: "; -foreach my $size (sort(keys(%key_sizes))) { - print $fh "$size:$key_sizes{$size} "; -} - -print $fh "\n"; -print $fh "$text" if $text; - - - -sub safe_backtick (@) { - my @args = @_; - - my ($wtr, $fh, $err); - - open3($wtr,$fh,$err, @args) - or die "error: failed to spawn $args[0]: $!\n"; - my @result; - if (wantarray) { - @result = <$fh>; - } else { - local $/; - @result = scalar(<$fh>); - } - close $fh; - $? == 0 or return undef; - if (wantarray) { - return @result; - } else { - return $result[0]; - } -} - -sub ssh_fprint_file ($) { - my $name = shift; - my $data = safe_backtick qw/ssh-keygen -l -f/, $name; - defined $data or return (); - my @data = $data =~ /^(\d+) ([0-9a-f]{2}(?::[0-9a-f]{2}){15})/; - return @data if @data == 2; - return (); -} - -sub ssh_fprint_check ($$$) { - my ($name, $length, $hash) = @_; - if (exists $key_sizes{$length}) { - $key_sizes{$length}++; - } else { - $key_sizes{$length}=1; - } - $checked_keys++; - if (exists $fpr_hash{$hash}) { - $weak_keys++; - $text .= "$name weak ($hash)\n"; - } -} - - -sub from_ssh_key_file ($) { - my $name = shift; - if (open (my $FH, '<', $name)) { - my $key = <$FH>; - if (! defined $key) { - $weird_keyfiles++; - $text .= "cannot read $name properly - empty?\n"; - } elsif ($key =~ m/ssh-dss/) { - $dsa_keys++; - $text .= "$name is a DSA key\n"; - } - } else { - $text .= "Could not open $name: $!"; - } - my ($length, $hash) = ssh_fprint_file $name; - if ($length && $hash) { - ssh_fprint_check "$name:1", $length, $hash; - } else { - $text .= "$name:1: warning: failed to parse SSH key file\n"; - } -} - -sub clear_tmp ($) { - my $tmp = shift; - seek $tmp, 0, 0 or die "seek: $!"; - truncate $tmp, 0 or die "truncate: $!"; -} - -sub from_ssh_auth_file ($) { - my $name = shift; - my $auth; - unless (open $auth, '<', $name) { - warn "$name:0: error: open failed: $!\n"; - return; - } - my $tmp = new File::Temp; - while (my $line = <$auth>) { - chomp $line; - my $lineno = $.; - clear_tmp $tmp; - next if $line =~ m/^$/; # ignore empty lines - next if $line =~ m/^#/; # ignore comments - if ($line =~ m/ssh-dss/) { - $dsa_keys++; - $text .= "$name:$lineno is a DSA key\n"; - } - print $tmp "$line\n" or die "print: $!"; - $tmp->flush; - my ($length, $hash) = ssh_fprint_file "$tmp"; - if ($length && $hash) { - ssh_fprint_check "$name:$lineno", $length, $hash; - } else { - $text .= "$name:$lineno: warning: unparsable line\n"; - } - } -} - -sub from_ssh_host (@) { - my @names = @_; - my @lines; - push @lines, safe_backtick qw|ssh-keyscan -t rsa|, @names; - push @lines, safe_backtick qw|ssh-keyscan -t dsa|, @names; - - my $tmp = new File::Temp; - for my $line (@lines) { - next if $line =~ /^#/; - next if $line =~ /^no hostkey alg/; - my ($host, $data) = $line =~ /^(\S+) (.*)$/; - clear_tmp $tmp; - print $tmp "$data\n" or die "print: $!"; - $tmp->flush; - my ($length, $hash) = ssh_fprint_file "$tmp"; - if ($length && $hash) { - ssh_fprint_check "$host", $length, $hash; - } else { - $text .= "$host: warning: unparsable line\n"; - } - } -} - -sub from_user ($) { - my $user = shift; - my ($name,$passwd,$uid,$gid, - $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user); - my $file = "$dir/.ssh/authorized_keys"; - from_ssh_auth_file $file if -r $file; - $file = "$dir/.ssh/authorized_keys2"; - from_ssh_auth_file $file if -r $file; - $file = "$dir/.ssh/id_rsa.pub"; - from_ssh_key_file $file if -r $file; - $file = "$dir/.ssh/id_dsa.pub"; - from_ssh_key_file $file if -r $file; -} - -sub from_user_all () { - setpwent; - while (my $name = getpwent) { - from_user $name; - } - endpwent; -} - - -sub from_debianorg_places () { - open(F, "/etc/ssh/sshd_config") or die ("Cannot open /etc/ssh/sshd_config: $!\n"); - my @lines = ; - close(F); - - my @ak = grep { /^AuthorizedKeysFile\s/i } @lines; - my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines; - - if (scalar @ak != 1) { - print $fh "UNKNOWN\n"; - print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n"; - exit - } - if (scalar @ak2 != 1) { - print $fh "UNKNOWN\n"; - print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n"; - exit - } - unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) { - print $fh "UNKNOWN\n"; - print $fh "The AuthorizedKeysFile definition has an unexpected value. Should be /etc/ssh/userkeys/%u\n"; - exit - } - unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) { - print $fh "UNKNOWN\n"; - print $fh "The AuthorizedKeysFile2 definition has an unexpected value. Should be /var/lib/misc/userkeys/%u\n"; - exit - } - - for my $d (qw{/etc/ssh/userkeys /var/lib/misc/userkeys}) { - next unless (-d $d); - opendir(D, $d) or die "Cannot opendir $d: $!\n"; - for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) { - next if ($file eq 'README-DSA-BUILDD'); - my $f = $d.'/'.$file; - from_ssh_key_file $f if -r $f; - }; - }; -} - - diff --git a/nagios-conf/contacs.cfg b/nagios-conf/contacs.cfg deleted file mode 100644 index 6c36d24..0000000 --- a/nagios-conf/contacs.cfg +++ /dev/null @@ -1,136 +0,0 @@ -define contact{ - contact_name weasel - alias Peter Palfrader - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email debian-nagios@palfrader.org - } - -define contact{ - contact_name joerg - alias Joerg Jaspert - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email debiannagios@ganneff.de - } - -define contact{ - contact_name tjrc1 - alias Tim Cutts - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email tjrc@sanger.ac.uk - } - -define contact{ - contact_name holger - alias Holger Levsen - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email holger@layer-acht.org - } - -define contact{ - contact_name dannf - alias Dann Frazier - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email dannf@hp.com - } - -define contact{ - contact_name bzed - alias Bernd Zeimetz - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email bernd+debnagios@bzed.de - } - -define contact{ - contact_name luk - alias Luk Claes - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email luk.claes@ugent.be - } - -define contact{ - contact_name sfrost - alias Stephen Frost - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email sfrost@snowman.net - } - -define contact{ - contact_name lfilipoz - alias Luca Filipozzi - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email lucaf+dsa@ece.ubc.ca - } - -define contact{ - contact_name zobel - alias Martin Zobel-Helas - service_notification_period 24x7 - host_notification_period 24x7 - service_notification_options w,u,c,r - host_notification_options d,r - service_notification_commands notify-service-by-email - host_notification_commands notify-host-by-email - email zobel+debian-nagios@ftbfs.de - } - -############################################################################### -############################################################################### -# -# CONTACT GROUPS -# -############################################################################### -############################################################################### - -# We only have one contact in this simple configuration file, so there is -# no need to create more than one contact group. - -define contactgroup{ - contactgroup_name dsa - alias Debian System Administrators - members weasel, zobel - } diff --git a/nagios-conf/generic-host.cfg b/nagios-conf/generic-host.cfg deleted file mode 100644 index 02d157e..0000000 --- a/nagios-conf/generic-host.cfg +++ /dev/null @@ -1,19 +0,0 @@ -# Generic host definition template - This is NOT a real host, just a template! - -define host{ - name generic-host ; The name of this host template - notifications_enabled 1 ; Host notifications are enabled - event_handler_enabled 1 ; Host event handler is enabled - flap_detection_enabled 1 ; Flap detection is enabled - failure_prediction_enabled 1 ; Failure prediction is enabled - process_perf_data 1 ; Process performance data - retain_status_information 1 ; Retain status information across program restarts - retain_nonstatus_information 1 ; Retain non-status information across program restarts - check_command check-host-alive - max_check_attempts 10 - notification_interval 1440 - notification_period 24x7 - notification_options d,u,r - contact_groups dsa - register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE! - } diff --git a/nagios-conf/generic-service.cfg b/nagios-conf/generic-service.cfg deleted file mode 100644 index 17ccbe2..0000000 --- a/nagios-conf/generic-service.cfg +++ /dev/null @@ -1,26 +0,0 @@ -# generic service template definition -define service{ - name generic-service ; The 'name' of this service template - active_checks_enabled 1 ; Active service checks are enabled - passive_checks_enabled 1 ; Passive service checks are enabled/accepted - parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems) - obsess_over_service 1 ; We should obsess over this service (if necessary) - check_freshness 0 ; Default is to NOT check service 'freshness' - notifications_enabled 1 ; Service notifications are enabled - event_handler_enabled 1 ; Service event handler is enabled - flap_detection_enabled 1 ; Flap detection is enabled - failure_prediction_enabled 1 ; Failure prediction is enabled - process_perf_data 1 ; Process performance data - retain_status_information 1 ; Retain status information across program restarts - retain_nonstatus_information 1 ; Retain non-status information across program restarts - notification_interval 0 ; Only send notifications on status change by default. - is_volatile 0 - check_period 24x7 - normal_check_interval 15 - retry_check_interval 2 - max_check_attempts 6 - notification_period 24x7 - notification_options w,u,c,r - contact_groups dsa - register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE! - } diff --git a/nagios-conf/timeperiods.cfg b/nagios-conf/timeperiods.cfg deleted file mode 100644 index 084c2f4..0000000 --- a/nagios-conf/timeperiods.cfg +++ /dev/null @@ -1,24 +0,0 @@ -############################################################################### -# timeperiods.cfg -############################################################################### - -# This defines a timeperiod where all times are valid for checks, -# notifications, etc. The classic "24x7" support nightmare. :-) - -define timeperiod{ - timeperiod_name 24x7 - alias 24 Hours A Day, 7 Days A Week - sunday 00:00-24:00 - monday 00:00-24:00 - tuesday 00:00-24:00 - wednesday 00:00-24:00 - thursday 00:00-24:00 - friday 00:00-24:00 - saturday 00:00-24:00 - } - -# This one is a favorite: never :) -define timeperiod{ - timeperiod_name never - alias Never - } diff --git a/nagios-master.cfg b/nagios-master.cfg deleted file mode 100644 index 6307604..0000000 --- a/nagios-master.cfg +++ /dev/null @@ -1,1804 +0,0 @@ -# Non comment lines are YAML -# -# Strings ought to be in double quotes, but it works in most cases if they aren't :) -# -# vim:set syntax=yaml: - -# TODO -# - spohr: hpasmd -# - *: mailq -# - *: check munin stats collection works -# - *: check backups are successful -# - *: unwanted: network: auth, discard, daytime, time (on some), cvs-pserver, rsync (on some), ftp (on some), http (on some) -# - verdi: pg upgrade, openvpn -# - mundy: salinfo_decode - -# down: -# - sarti -# - leisner - ---- -############################# -# hosts -############################# -servers: - gw-man-da: - address: 82.195.75.126 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - contacts: joerg, bzed - gw-HP-ftc: - address: 192.25.206.1 - parents: samosa - hostgroups: routing-infrastructure - gw-brainfood: - address: 70.103.162.1 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-brown.edu: - address: 128.148.34.1 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-osuosl: - address: 140.211.166.1 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-scanplus-villa: - address: 212.211.132.1 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-scanplus-lobos: - address: 212.211.132.249 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-mit-csail: - address: 128.30.0.254 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-xs4all: - address: 194.109.137.217 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-umn.edu: - address: 128.101.240.222 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-dg-i.net: - address: 93.94.130.190 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - contacts: bzed - gw-freenet: - address: 62.104.23.249 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-topalis: - address: 195.243.109.254 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-sanger: - address: 193.62.202.18 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - contacts: tjrc1 - gw-lrz: - address: 129.187.0.150 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-frost: - address: 130.81.242.195 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-1und1: - address: 195.20.247.54 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - contacts: joerg - gw-1und1-karlsruhe: - address: 212.227.120.29 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-blackcat: - address: 193.201.200.129 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-xandros: - address: 67.210.160.81 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-nmmn: - address: 217.114.76.81 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-utwente: - address: 130.89.149.1 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - #gw-ughent: - # address: 157.193.39.254 - # parents: gw-HP-ftc - # hostgroups: routing-infrastructure - gw-agnesi: - address: 65.173.90.18 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-ubc: - address: 137.82.84.94 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - contacts: lfilipoz - gw-carnet: - address: 161.53.160.1 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-telegraaf: - address: 82.94.249.153 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-helsinki: - address: 128.214.173.25 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - contacts: holger - gw-telefonica: - address: 195.71.99.193 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-ball: - address: 78.32.9.209 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-cst: - address: 213.188.99.215 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-isc: - address: 149.20.20.1 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - gw-aca: - address: 130.239.18.97 - parents: gw-HP-ftc - hostgroups: routing-infrastructure - - global: - hostgroups: notacomputer - pingable: false - check_command: dsa_check_always_ok - - samosa: - address: 192.25.206.57 - hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, heavy-exim, lenny, puppet - raff: - address: 192.25.206.59 - parents: samosa - hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, rsyncd-hosts, heavy-exim, ulogd-hosts, nfs-client, lenny, puppet - gluck: - address: 192.25.206.10 - parents: samosa - hostgroups: computers, no-udev, general, dl380, apache2-hosts, bind9-hosts, heavy-exim, highload, nfs-client, ulogd-hosts, lenny, puppet - merkel: - address: 192.25.206.16 - parents: samosa - hostgroups: computers, general, apache1-hosts, apache2-hosts, rsyncd-hosts, sw-raid, postgres81-hosts, heavy-exim, nfs-client, ulogd-hosts, lenny, puppet - spohr: - address: 192.25.206.33 - parents: samosa - hostgroups: computers, service, dl380, apache2-hosts, postgres83-hosts, ulogd-hosts, nfs-server, lenny, puppet - peri: - address: 192.25.206.15 - parents: samosa - hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet - contacts: dannf - penalosa: - address: 192.25.206.68 - parents: samosa - hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet - contacts: dannf - mundy: - address: 192.25.206.62 - parents: samosa - hostgroups: computers, buildd, lenny, puppet - paer: - address: 192.25.206.11 - parents: samosa - hostgroups: computers, porterbox, lenny, hasbootfs, puppet - merulo: - address: 192.25.206.58 - parents: samosa - hostgroups: computers, porterbox, lenny, puppet - - bartok: - address: 82.195.75.91 - parents: gw-man-da - hostgroups: computers, service, dl385, bind9-hosts, lenny, puppet - contacts: joerg, bzed - morales: - address: 82.195.75.97 - parents: gw-man-da - hostgroups: computers, porterbox, single-cpu, no-samhain, hasbootfs - contacts: bzed - sperger: - address: 82.195.75.98 - parents: gw-man-da - hostgroups: computers, porterbox, sw-raid, hasbootfs, lenny, puppet - contacts: bzed - agricola: - address: 82.195.75.86 - parents: gw-man-da - hostgroups: computers, porterbox, sw-raid, single-cpu, lenny, puppet - contacts: bzed - arcadelt: - address: 82.195.75.87 - parents: gw-man-da - hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet - contacts: bzed - liszt: - address: 82.195.75.100 - parents: gw-man-da - hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts, dl385, acpid-hosts - contacts: bzed -# auber: -# address: 82.195.75.101 -# parents: gw-man-da -# hostgroups: computers, no-udev, buildd, sw-raid -# contacts: bzed - unger: - address: 82.195.75.102 - parents: gw-man-da - hostgroups: computers, service, dl360, rsyslog-hosts, acpid-hosts, lenny, puppet - handel: - address: 82.195.75.104 - parents: unger - hostgroups: computers, service, rsyslog-hosts, acpid-hosts, lenny, hasbootfs, puppet - - geo1: - address: 82.195.75.105 - parents: unger - hostgroups: computers, service, acpid-hosts, lenny, hasbootfs, puppet - - master: - address: 70.103.162.29 - parents: gw-brainfood - hostgroups: computers, general, apache2-hosts, bind9-hosts, heavy-exim, highload, lenny, puppet - murphy: - address: 70.103.162.31 - parents: gw-brainfood - hostgroups: computers, general, postfix-hosts, dl380, acpid-hosts, lenny, puppet - - ries: - address: 128.148.34.103 - parents: gw-brown.edu - hostgroups: computers, service, apache2-hosts, bind9-hosts, ftpd-hosts, dl385, rsyncd-hosts, postgres83-hosts, heavy-exim, acpid-hosts, lenny, puppet - - mayer: - address: 140.211.166.78 - parents: gw-osuosl - hostgroups: computers, buildd, hasbootfs, lenny, puppet - mayr: - address: 140.211.166.58 - parents: gw-osuosl - hostgroups: computers, buildd, hasbootfs, lenny, puppet - malo: - address: 140.211.166.27 - parents: gw-osuosl - hostgroups: computers, buildd, lenny, puppet, smart - rietz: - address: 140.211.166.43 - parents: gw-osuosl - hostgroups: computers, no-udev, service, apache2-hosts, bind9-hosts, rsyncd-hosts, dl385, heavy-exim, highload, hasbootfs - rietz2: - address: 140.211.166.44 - parents: rietz - hostgroups: secondary-IPs - - villa: - address: 212.211.132.32 - parents: gw-scanplus-villa - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet - lobos: - address: 212.211.132.250 - parents: gw-scanplus-lobos - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet - - steffani: - address: 128.31.0.36 - parents: gw-mit-csail - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, sw-raid, bind9-hosts, acpid-hosts, hasbootfs, lenny, puppet - mahler: - address: 128.31.0.46 - parents: gw-mit-csail - hostgroups: computers, single-cpu, lenny, porterbox, rsyslog-hosts, puppet - - klecker: - address: 194.109.137.218 - parents: gw-xs4all - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, bind9-hosts, dl385, postgres83-hosts, heavy-exim, lenny, puppet - - saens: - address: 128.101.240.212 - parents: gw-umn.edu - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet - - argento: - address: 93.94.130.160 - parents: gw-dg-i.net - hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet - contacts: bzed - - widor: - address: 93.94.130.161 - parents: gw-dg-i.net - hostgroups: computers, apache2-hosts, sw-raid, single-cpu, lenny, puppet, rsyslog-hosts, acpid-hosts - contacts: bzed - - pergolesi: - address: 62.104.23.252 - parents: gw-freenet - hostgroups: computers, porterbox, sw-raid, lenny, puppet - - raptor: - address: 195.243.109.162 - parents: gw-topalis - hostgroups: computers, porterbox, postfix-hosts, lenny - - albeniz: - address: 193.62.202.27 - parents: gw-sanger - # SMP kernel doesn't run stable - hostgroups: computers, porterbox, sw-raid, single-cpu, hasbootfs, lenny, puppet - contacts: tjrc1 - goetz: - address: 193.62.202.26 - parents: gw-sanger - # SMP kernel doesn't run stable - hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet - contacts: tjrc1 - smetana: - address: 193.62.202.29 - parents: gw-sanger - hostgroups: computers, porterbox, sw-raid, lenny, puppet - contacts: tjrc1 - - verdi: - address: 192.54.42.193 - parents: gw-lrz - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, postgres81-hosts, postfix-hosts - - voltaire: - address: 72.66.115.54 - parents: gw-frost - hostgroups: computers, buildd, puppet, lenny - contacts: sfrost - - puccini: - address: 87.106.4.56 - parents: gw-1und1 - hostgroups: computers, buildd, lenny, rsyslog-hosts, ulogd-hosts, puppet - contacts: joerg - powell: - address: 87.106.64.223 - parents: gw-1und1 - hostgroups: computers, service, heavy-exim, rsyncd-hosts, ulogd-hosts, acpid-hosts, lenny, puppet - contacts: joerg - - schumann: - address: 212.227.126.54 - parents: gw-1und1-karlsruhe - hostgroups: computers, acpid-hosts, ulogd-hosts, lenny, puppet - wieck: - address: 195.20.242.89 - parents: gw-1und1-karlsruhe - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, ulogd-hosts, lenny, puppet - chopin: - address: 195.20.242.124 - parents: schumann - hostgroups: computers, ulogd-hosts, lenny, puppet, rsyslog-hosts - - caballero: - address: 193.201.200.200 - parents: gw-blackcat - hostgroups: computers, no-udev, buildd, sw-raid, lenny, puppet - - elara: - address: 67.210.160.90 - parents: gw-xandros - hostgroups: deadslow - europa: - address: 67.210.160.89 - parents: gw-xandros - hostgroups: deadslow - - kullervo: - address: 217.114.76.82 - parents: gw-nmmn - hostgroups: deadslow - contacts: luk - crest: - address: 217.114.76.83 - parents: gw-nmmn - hostgroups: deadslow - contacts: luk - pescetti: - address: 217.114.76.85 - parents: gw-nmmn - hostgroups: computers, porterbox, single-cpu, smart, lenny, puppet - - kassia: - address: 130.89.149.224 - parents: gw-utwente - hostgroups: computers, service, postfix-hosts, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl360, acpid-hosts, ulogd-hosts, lenny, puppet - kassia-sec: - address: 130.89.149.225 - parents: kassia - hostgroups: secondary-IPs - kassia-ftp: - address: 130.89.149.226 - parents: kassia - hostgroups: secondary-IPs - kassia4: - address: 130.89.149.227 - parents: kassia - hostgroups: secondary-IPs - - allegri: - address: 157.193.39.233 - parents: gw-HP-ftc - hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu, lenny, puppet - contacts: luk - - agnesi: - address: 65.173.90.83 - parents: gw-agnesi - hostgroups: deadslow, lenny - - spontini: - address: 137.82.84.65 - parents: gw-ubc - hostgroups: computers, buildd, hasbootfs, lenny, puppet - contacts: lfilipoz - ravel: - address: 137.82.84.66 - parents: gw-ubc - hostgroups: computers, general, dl385, apache2-hosts, acpid-hosts, ftpd-hosts, hasbootfs, lenny, puppet - dijkstra: - address: 137.82.84.70 - parents: gw-ubc - hostgroups: computers, bl460, rsyslog-hosts, acpid-hosts, lenny, puppet - - lebrun: - address: 193.198.184.10 - parents: gw-carnet - hostgroups: computers, buildd, sw-raid, lenny, rsyslog-hosts, puppet - schroeder: - address: 193.198.184.11 - parents: gw-carnet - hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet - - tartini: - address: 82.94.249.158 - parents: gw-telegraaf - hostgroups: computers, sw-raid, apache2-hosts, mysql-hosts, hasbootfs - - piatti: - address: 193.167.161.225 - parents: gw-helsinki - hostgroups: computers, postfix-hosts, dl385, ulogd-hosts, acpid-hosts, apache2-hosts, postgres83-hosts, lenny, hasbootfs, puppet - contacts: holger - - rem: - address: 195.71.99.217 - parents: gw-telefonica - hostgroups: computers, buildd, hasbootfs, lenny, puppet - - ball: - address: 78.32.9.213 - parents: gw-ball - hostgroups: computers, buildd, no-udev, dialup, hasbootfs, lenny, puppet - - zelenka: - address: 80.245.147.40 - parents: gw-HP-ftc - hostgroups: computers, porterbox, lenny, puppet - - escher: - address: 213.188.99.215 - parents: gw-cst - hostgroups: computers, single-cpu, hasbootfs - goedel: - address: 213.188.99.214 - parents: gw-cst - hostgroups: computers, single-cpu, hasbootfs, lenny, puppet - - schein: - address: 149.20.20.6 - parents: gw-isc - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, lenny, rsyslog-hosts, puppet, dl360 - - praetorius: - address: 130.239.18.121 - parents: gw-aca - hostgroups: computers, buildd, rsyslog-hosts, lenny, puppet - -############################# -# host groups -# -# hostgroups ircd and all are automatically defined -# -############################# -hostgroups: - computers: - alias: computers - private: 1 - routing-infrastructure: - alias: Internet routers and friends - extinfo-icon_image: base/switch40.png - extinfo-icon_image_alt: router - notacomputer: - alias: Systems that are not really systems. Yeah :) - private: 1 - deadslow: - alias: Systems too slow to run any real checks - dialup: - alias: Systems with slow network - - porterbox: - alias: developer accessible porter machines - extinfo-icon_image: base/debian.png - extinfo-icon_image_alt: Debian GNU/Linux - extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s - service: - alias: machines running services - extinfo-icon_image: base/debian.png - extinfo-icon_image_alt: Debian GNU/Linux - extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s - buildd: - alias: buildd systems - extinfo-icon_image: base/debian.png - extinfo-icon_image_alt: Debian GNU/Linux - extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s - general: - alias: general purpose developer accessible machines - extinfo-icon_image: base/debian.png - extinfo-icon_image_alt: Debian GNU/Linux - extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s - puppet: - alias: Hosts running puppet - extinfo-icon_image: base/debian.png - extinfo-icon_image_alt: Debian GNU/Linux - extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s - - dl380: - alias: HP DL380 hosts - private: 1 - dl385: - alias: HP DL385 hosts - private: 1 - dl360: - alias: HP DL360 hosts - private: 1 - bl460: - alias: HP BL460 blades - private: 1 - sw-raid: - alias: Hosts with Linux software raid - private: 1 - single-cpu: - alias: Hosts with only one CPU - private: 1 - - lenny: - alias: Hosts running lenny, not etch - private: 1 - - no-samhain: - alias: hosts not running samhain properly - private: 1 - - #syslog-ng-hosts: - # alias: hosts running syslog-ng instead of sysklogd - # private: 1 - rsyslog-hosts: - alias: hosts running rsyslogd instead of sysklogd - private: 1 - postfix-hosts: - alias: hosts running postfix instead of exim - private: 1 - heavy-exim: - alias: "hosts running the full mail stuff, including clamav, SA, and postgrey" - private: 1 - heavy-postfix: - alias: "postfix hosts running the full mail stuff, including clamav, SA, postgrey, policyd-weight" - private: 1 - apache2-hosts: - alias: hosts running apache2 - private: 1 - apache1-hosts: - alias: hosts running apache1 - private: 1 - bind9-hosts: - alias: hosts running bind9 - private: 1 - amavis-hosts: - alias: hosts running amavis - private: 1 - ftpd-hosts: - alias: hosts running vsftpd - private: 1 - #tftpd-hosts: - # alias: hosts running a tftpd (tftpd-hpa as a daemon) - # private: 1 - rsyncd-hosts: - alias: hosts providing rsync services via xinetd - private: 1 - postgres81-hosts: - alias: hosts running postgres81 - private: 1 - postgres83-hosts: - alias: hosts running postgres83 - private: 1 - mysql-hosts: - alias: hosts running mysql - private: 1 - no-udev: - alias: hosts not using udev - private: 1 - ulogd-hosts: - alias: hosts running ulogd - private: 1 - acpid-hosts: - alias: hosts running acpid - private: 1 - - nfs-client: - alias: hosts mounting filesystems using NFS - private: 1 - nfs-server: - alias: hosts serving filesystems using NFS - private: 1 - - highload: - alias: "hosts on which high load is normal" - private: 1 - - secondary-IPs: - alias: secondary IP addresses - private: 1 - - smart: - alias: hosts with smartd - private: 1 - hasbootfs: - alias: hosts with a /boot - private: 1 - - -############################# -# servicegroups -############################# -servicegroups: - diskspace: - alias: diskusage checks - buildd: - alias: buildd checks - raid: - alias: raid checks - kernel: - alias: kernel checks - weaksshkeys: - alias: weak ssh keys - apt: - alias: apt upgrade status - samhain: - alias: samhain integrity status - security: - alias: security - servicegroup_members: apt, weaksshkeys, kernel, samhain - -############################# -# services -############################# -services: - - - name: PING - check: "check_ping!300.0,20%!600.0,40%" - hostgroups: pingable - excludehostgroups: routing-infrastructure, dialup - normal_check_interval: 5 - max_check_attempts: 4 - retry_check_interval: 1 - - - name: PING - check: "check_ping!2000.0,60%!3000.0,80%" - hostgroups: routing-infrastructure, dialup - normal_check_interval: 5 - max_check_attempts: 4 - retry_check_interval: 1 - - ############ Services ############ - ### - - ############ Disk Usage ############ - #### - - - name: disk usage - all - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk -X devpts -X proc 90 95" - hostgroups: computers - - - name: disk usage on / - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /" - hostgroups: computers - excludehosts: ries, klecker - - - name: disk usage on / - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /" - hosts: ries, klecker - - - name: disk usage on /boot - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /boot" - hostgroups: hasbootfs - - - name: disk usage on /var - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var" - hosts: bartok, samosa, raff, lobos, villa, gluck, saens, voltaire, tartini, morales, powell, escher - - - name: disk usage on /org - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org" - hosts: sperger, samosa, raff, lobos, villa, steffani, saens, pergolesi, verdi, spontini, ravel, mahler, schroeder, piatti, pescetti, widor, schein, lebrun - - - name: disk usage on /org - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /org" - hosts: merkel, bartok - - - name: disk usage on /srv - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /srv" - hosts: agricola, arcadelt, argento, allegri, tartini, morales, powell, puccini, zelenka, chopin - - - name: disk usage on /org/scratch - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org/scratch" - hosts: merkel - - - name: disk usage on /tmp - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 60 80 /tmp" - hosts: samosa, raff, gluck, saens, puccini, merkel, tartini, powell, piatti, escher - - - name: disk usage on /usr - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /usr" - hosts: samosa, raff, lobos, villa, gluck, saens, pergolesi, merulo, tartini, morales, powell - - - name: disk usage on /home - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home" - hosts: raptor, voltaire, rem, ball, paer, escher - - - name: disk usage on /home - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /home" - hosts: gluck - - - name: disk usage on /chroot - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /chroot" - hosts: raptor - - - name: disk usage on /mnt/hdc - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/hdc" - hosts: voltaire - - - name: disk usage on /mnt/sdb1 - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/sdb1" - hosts: spontini - - - name: disk usage on /x - servicegroups: diskspace - nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /x" - hosts: caballero - - ############ All Computers ############ - #### - - - name: apt - security updates - servicegroups: apt - nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/apt" - hostgroups: computers - normal_check_interval: 60 - retry_check_interval: 15 - #### - - - name: backup - nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-dabackup" - hostgroups: computers - normal_check_interval: 180 - max_check_attempts: 2 - retry_check_interval: 5 - - - name: backup server config - nrpe: "/usr/lib/nagios/plugins/dsa-check-dabackup-server" - hosts: bartok - normal_check_interval: 180 - max_check_attempts: 2 - retry_check_interval: 5 - - #### - - - name: running kernel - servicegroups: kernel - nrpe: "/usr/lib/nagios/plugins/dsa-check-running-kernel" - hostgroups: computers - normal_check_interval: 180 - retry_check_interval: 5 - - #### - - - name: process - puppet - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C ruby -a 'ruby /usr/sbin/puppetd -w 5 --factsync'" - hostgroups: puppet - - - - name: puppet - nrpe: "/usr/lib/nagios/plugins/dsa-check-puppet" - hostgroups: puppet - - #### - - - name: process - samhain - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C samhain -a '/usr/sbin/samhain'" - hostgroups: computers - excludehostgroups: no-samhain - - - name: samhain - servicegroups: samhain - nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/samhain" - hostgroups: computers - excludehostgroups: no-samhain - depends: process - samhain - normal_check_interval: 60 - retry_check_interval: 5 - - #### - - - name: users - nrpe: "/usr/lib/nagios/plugins/check_users 30 35" - hostgroups: computers - #### - - - name: load - nrpe: "/usr/lib/nagios/plugins/check_load -w 30,28,26 -c 50,45,50" - hostgroups: computers - excludehostgroups: highload - - - name: load - nrpe: "/usr/lib/nagios/plugins/check_load -w 140,120,100 -c 240,220,200" - hostgroups: highload - excludehosts: rietz - - - name: load - nrpe: "/usr/lib/nagios/plugins/check_load -w 200,200,200 -c 350,350,350" - hosts: rietz - #### - - - name: processes - zombies - nrpe: "/usr/lib/nagios/plugins/check_procs 5 10 -s Z" - hostgroups: computers - #### - - - name: processes - total - nrpe: "/usr/lib/nagios/plugins/check_procs 620 700" - hostgroups: computers - #### - - - name: swap usage - percent - nrpe: "/usr/lib/nagios/plugins/check_swap -w 20% -c 10%" - hostgroups: computers - #### - - - name: swap usage - mb - nrpe: "/usr/lib/nagios/plugins/check_swap -w 20000 -c 5000" - hostgroups: computers - #### - - - name: process - getty - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C getty -a /sbin/getty" - hostgroups: computers - excludehosts: zelenka - #### - - - name: process - sshd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1: -u root -C sshd -a '/usr/sbin/sshd'" - hostgroups: computers - - - name: "network service - sshd" - check: dsa_check_ssh - hostgroups: computers - depends: process - sshd - normal_check_interval: 60 - notification_interval: 1440 - - - - name: "network service - sshd" - check: dsa_check_ssh - hostgroups: deadslow - excludehosts: agnesi - normal_check_interval: 180 - - - name: "network service - sshd - 2260" - check: dsa_check_ssh_port!2260 - hosts: agnesi - normal_check_interval: 180 - - - name: "network service - sshd - 443" - check: dsa_check_ssh_port!443 - hosts: gluck - normal_check_interval: 180 - - - - name: "network service - sshd - version" - check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch3" - depends: network service - sshd - hostgroups: computers, deadslow - excludehosts: crest, kullervo - excludehostgroups: lenny - normal_check_interval: 60 - - - name: "network service - sshd - version" - check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch2+m68k1" - depends: network service - sshd - hosts: crest, kullervo - normal_check_interval: 60 - - - name: "network service - sshd - version" - check: "dsa_check_ssh_port_version!22!OpenSSH_5.1p1 Debian-5" - depends: network service - sshd - hostgroups: lenny - excludehosts: agnesi - normal_check_interval: 60 - - - name: "network service - sshd - version - 2260" - check: "dsa_check_ssh_port_version!2260!OpenSSH_5.1p1 Debian-5" - depends: network service - sshd - 2260 - hosts: agnesi - normal_check_interval: 60 - # - - - name: ssh - weak keys - servicegroups: weaksshkeys - nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/weak-ssh-keys" - hostgroups: computers - normal_check_interval: 60 - #### - - - name: network service - nrpe - check: check_tcp!5666 - hostgroups: computers - max_check_attempts: -2 - notification_interval: 1440 - - - name: process - nrpe - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u nagios -C nrpe -a '/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d'" - hostgroups: computers - max_check_attempts: -1 - depends: network service - nrpe - ### - - - name: process - munin-node - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C munin-node -a '/usr/sbin/munin-node'" - hostgroups: computers - - - name: network service - munin-node - check: check_tcp!4949 - hostgroups: computers - depends: process - munin-node - ### - - - name: process - ntpd - # sarge: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'" - # etch: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ntp -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'" - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'" - hostgroups: computers - excludehosts: raptor, zelenka - - - name: network service - ntp - check: check_ntp - hostgroups: computers - depends: process - ntpd - excludehosts: raptor, allegri, zelenka - # - - - name: network service - time - check: dsa_check_time - hosts: raptor, allegri, zelenka - depends: process - xinetd - - ### - - - name: process - atd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C atd -a /usr/sbin/atd" - hostgroups: computers - ### - - - name: process - cron - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C cron -a /usr/sbin/cron" - hostgroups: computers - - ### - # - - # name: process - syslog-ng - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslog-ng -a '/sbin/syslog-ng -p /var/run/syslog-ng.pid'" - # hostgroups: syslog-ng-hosts - ### - - - name: process - rsyslogd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rsyslogd -a '/usr/sbin/rsyslogd -c3'" - hostgroups: rsyslog-hosts - ### - - - name: process - syslogd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslogd -a '/sbin/syslogd'" - hostgroups: computers - excludehostgroups: rsyslog-hosts - - - name: process - klogd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C klogd -a '/sbin/klogd -x'" - hostgroups: computers - excludehostgroups: rsyslog-hosts - - ### MAIL STUFF - ### - - - name: process - exim - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u Debian-exim -C exim4 -a '/usr/sbin/exim4 -bd -q'" - hostgroups: computers - excludehostgroups: postfix-hosts - excludehosts: master, rietz, merkel, gluck - - - name: process - exim - total - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1: -C exim4" - hostgroups: computers - excludehostgroups: postfix-hosts - excludehosts: master, rietz, merkel, gluck - - - name: process - exim - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:300 -c 1:500 -C exim4 -a '/usr/sbin/exim4'" - hosts: master, rietz, merkel, gluck - ### - - - name: process - clamav - clamd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u clamav -C clamd -a '/usr/sbin/clamd'" - hostgroups: heavy-exim, heavy-postfix - - - name: service - clamav - nrpe: "/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl" - hostgroups: heavy-exim, heavy-postfix - depends: process - clamav - clamd - - - name: process - clamav - freshclam - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --quiet'" - hostgroups: heavy-exim, heavy-postfix - - - name: process - clamav - getsigs - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C getclamsigs -a 'getclamsigs'" - hostgroups: heavy-exim, heavy-postfix - # - - - name: unwanted process - clamav - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C clamd" - hostgroups: computers - excludehostgroups: heavy-exim, heavy-postfix - - - name: unwanted process - freshclam - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C freshclam" - hostgroups: computers - excludehostgroups: heavy-exim, heavy-postfix - - - name: unwanted process - clamav - getsigs - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C getclamsigs" - hostgroups: computers - excludehostgroups: heavy-exim, heavy-postfix - ### - - - name: process - spamd - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid'" - hostgroups: heavy-exim - excludehosts: rietz, merkel, raff - - - name: process - spamd - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 10 --helper-home-dir -d --pidfile=/var/run/spamd.pid'" - hosts: liszt - - - name: process - spamd - child - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:11 -c 1: -C spamd -a 'spamd child'" - hosts: liszt - hostgroups: heavy-exim - depends: process - spamd - master - excludehosts: rietz, merkel, raff - # - - - name: process - spamd - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u debbugs -C spamd -a '/usr/sbin/spamd -d '" - hosts: rietz - - - name: process - spamd - child - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1: -u debbugs -C spamd -a 'spamd child'" - hosts: rietz - # - - - name: unwanted process - spamd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd" - hostgroups: computers - excludehostgroups: heavy-exim - excludehosts: liszt - - - name: unwanted process - spamd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd" - hosts: merkel, raff - - ### - #- - # name: process - greylistd - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u greylist -C greylistd -a '/usr/bin/python /usr/sbin/greylistd'" - # hostgroups: heavy-exim - # - - - name: unwanted process - greylistd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C greylistd" - hostgroups: computers - - ### - - - name: process - postgrey - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'" - hostgroups: heavy-exim - - - name: process - postgrey - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'" - hostgroups: heavy-postfix - # - - - name: unwanted process - postgrey - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C postgrey" - hostgroups: computers - excludehostgroups: heavy-postfix, heavy-exim - ### - - - name: process - amavis - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u amavis -C amavisd-new -a 'amavisd (master)'" - hostgroups: amavis-hosts - - - name: process - amavis - all - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1:10 -u amavis -C amavisd-new -a 'amavisd '" - hostgroups: amavis-hosts - depends: process - amavis - master - # - - - name: unwanted process - amavis - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C amavisd-new" - hostgroups: computers - excludehostgroups: amavis-hosts - ### - - - name: process - weightd - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (master)'" - hostgroups: heavy-postfix - - - name: process - weightd - cache - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (cache)'" - hostgroups: heavy-postfix - depends: process - weightd - master - - - name: process - weightd - child - nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:50 -c 1: -u polw -C policyd-weight -a 'policyd-weight (child)'" - hostgroups: heavy-postfix - depends: process - weightd - master - # - - - name: unwanted process - policyd-weight - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C policyd-weight" - hostgroups: computers - excludehostgroups: heavy-postfix - - - - ### - - - name: process - postfix - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C master -a '/usr/lib/postfix/master'" - hostgroups: postfix-hosts - - - name: process - postfix - qmgr - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C qmgr -a 'qmgr -l -t fifo -u'" - hostgroups: postfix-hosts - depends: process - postfix - master - #- - # name: process - postfix - tlsmgr - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C tlsmgr -a 'tlsmgr -l -t fifo -u'" - # hostgroups: postfix-hosts - # depends: process - postfix - master - - - name: process - postfix - pickup - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C pickup -a 'pickup -l -t fifo -u -c'" - hostgroups: postfix-hosts - depends: process - postfix - master - - - name: process - postfix - anvil - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:1 -c 0: -u postfix -C anvil -a 'anvil -l -t unix -u'" - hostgroups: postfix-hosts - depends: process - postfix - master - - - - name: process - postfix - trivial-rewrite - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C trivial-rewrite -a 'trivial-rewrite -n rewrite -t unix -u -c'" - hostgroups: postfix-hosts - depends: process - postfix - master - - - name: process - postfix - proxymap - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C proxymap -a 'proxymap -t unix -u'" - hostgroups: postfix-hosts - depends: process - postfix - master - - - name: process - postfix - cleanup - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C cleanup -a 'cleanup -z -t unix -u -c'" - hostgroups: postfix-hosts - depends: process - postfix - master - - - name: process - postfix - local - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C local -a 'local -t unix'" - hostgroups: postfix-hosts - depends: process - postfix - master - - - - name: process - postfix - smtpd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:40 -c 0:90 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'" - hostgroups: postfix-hosts - excludehosts: liszt - depends: process - postfix - master - - - name: process - postfix - smtp - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C smtp -a 'smtp -t unix -u -c'" - hostgroups: postfix-hosts - excludehosts: liszt - depends: process - postfix - master - - - - name: process - postfix - smtpd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:150 -c 0:200 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'" - hosts: liszt - depends: process - postfix - master - - - name: process - postfix - smtp - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:350 -c 0:500 -u postfix -C smtp -a 'smtp -t unix -u -c'" - hosts: liszt - depends: process - postfix - master - - ### - - - name: network service - smtp - check: dsa_check_smtp - hostgroups: computers - excludehostgroups: postfix-hosts - depends: process - exim - - - - name: network service - smtp - check: dsa_check_smtp - hostgroups: postfix-hosts - excludehosts: verdi, kassia, allegri, raptor, piatti - depends: process - postfix - master - - - name: network service - smtp - port 2025 - check: dsa_check_smtp_port!2025 - hosts: verdi, kassia, murphy, allegri, piatti - depends: process - postfix - master - - - name: network service - smtp - port 8080 - check: dsa_check_smtp_port!8080 - hosts: murphy - depends: process - postfix - master - - - name: network service - smtp - port 2025 - remotecheck: /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p 2025 - runfrom: murphy - hosts: raptor - depends: process - postfix - master - - - - name: network service local - smtps cert - nrpe: "/usr/lib/nagios/plugins/check_http -H localhost -p 465 -S -C 14 -t 45" - hostgroups: postfix-hosts - depends: process - postfix - master - normal_check_interval: 120 - - - - - name: setup - dsa config - nrpe: "/usr/lib/nagios/plugins/dsa-check-config" - hostgroups: computers - normal_check_interval: 120 - - - name: setup - ud-ldap freshness - nrpe: "/usr/lib/nagios/plugins/dsa-check-udldap-freshness" - hostgroups: computers - ### - - - name: process - uptimed - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C uptimed -a '/usr/sbin/uptimed'" - hostgroups: computers - ### - - - name: process - irqbalance - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C irqbalance -a '/usr/sbin/irqbalance'" - hostgroups: computers - excludehostgroups: single-cpu - - - name: unwanted process - irqbalance - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C irqbalance" - hostgroups: single-cpu - - #### - ### - #- - # name: unwanted process - system-tools-backends - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C system-tools-ba" - # hostgroups: computers - #- - # name: unwanted process - dbus-daemon - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C dbus-daemon" - # hostgroups: computers - - - name: unwanted process - gkrellmd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C gkrellmd" - hostgroups: computers - - - name: unwanted process - portmap - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C portmap" - hostgroups: computers - excludehostgroups: nfs-client, nfs-server - - - name: unwanted process - rpc.statd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C rpc.statd" - hostgroups: computers - excludehostgroups: nfs-client, nfs-server - - - name: unwanted process - inetd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C inetd" - hostgroups: computers - - - name: unwanted process - snmpd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C snmpd" - hostgroups: computers - - - ############ Processes/Services that only run on some computers ############ - #### - ### - - - name: process - rngd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rngd -a '/usr/sbin/rngd -r /dev/hwrng'" - hostgroups: dl385 - ### - - - name: process - mdadm monitor - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C mdadm -a '/sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan'" - hostgroups: sw-raid - - - name: RAID - sw raid - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-sw" - hostgroups: sw-raid - - ### - - - name: process - cpqarrayd - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C cpqarrayd -a '/usr/sbin/cpqarrayd'" - hostgroups: dl385, dl380, dl360, bl460 - - - name: RAID - arrayprobe - servicegroups: raid - nrpe: "sudo /usr/bin/arrayprobe" - hostgroups: dl385, dl380, dl360, bl460 - - - name: HW - hpacucli status - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/dsa-check-hpacucli" - normal_check_interval: 120 - hostgroups: dl385, dl380, dl360, bl460 - ### - - - name: RAID - areca - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-areca" - hosts: powell - ### - - - name: RAID - DAC960 - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-dac960" - hosts: verdi - ### - - - name: RAID - 3ware - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-3ware" - hosts: puccini - ### - - - name: RAID - MPT - servicegroups: raid - nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-mpt" - hosts: master - - ### - - - name: process - slapd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1:50 -u openldap -C slapd -a '/usr/sbin/slapd -h ldap:/// ldaps:/// -g openldap -u openldap'" - hosts: samosa - ### - - - name: process - ulogd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ulogd -a '/usr/sbin/ulogd -d'" - hostgroups: ulogd-hosts - - - name: unexpected process - ulogd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C ulogd" - hostgroups: computers - excludehostgroups: ulogd-hosts - ### - - - name: process - udevd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C udevd -a 'udevd'" - hostgroups: computers - excludehostgroups: no-udev - - - name: unexpected process - udev - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C udevd" - hostgroups: no-udev - ### - - - name: process - acpid - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C acpid -a '/usr/sbin/acpid'" - hostgroups: acpid-hosts - - - name: unexpected process - acpid - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C acpid" - hostgroups: computers - excludehostgroups: acpid-hosts - - ### - - - name: process - xinetd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xinetd -a '/usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive'" - hosts: samosa, raptor, allegri, gluck, zelenka - hostgroups: rsyncd-hosts - - - name: unwanted process - xinetd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C xinetd" - hostgroups: computers - excludehosts: samosa, raptor, allegri, gluck, zelenka - excludehostgroups: rsyncd-hosts - ### - - - name: network service - finger - check: check_tcp!79 - hosts: samosa - depends: process - xinetd - ### - - - name: network service - rsync - check: check_tcp!873 - hostgroups: rsyncd-hosts - depends: process - xinetd - - - - name: network service - rsync - check: check_tcp!873 - hosts: rietz2 - depends: rietz:process - xinetd - - - - name: network service - rsync - check: check_tcp!873 - hosts: kassia-sec - depends: kassia:process - xinetd - - ### - - - name: process - nagios3 - # there is always one extra process per check currently running.. - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:30 -c 1: -u nagios -C nagios3 -a '/usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg'" - hosts: samosa - - ### - - - name: process - apache2 - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache2 -a /usr/sbin/apache2" - hostgroups: apache2-hosts - - - name: process - apache2 - worker - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1:100 -u www-data -C apache2 -a /usr/sbin/apache2" - hostgroups: apache2-hosts - depends: process - apache2 - master - - - name: network service - http - check: check_http - hostgroups: apache2-hosts - excludehosts: kassia - depends: process - apache2 - master - - - name: network service - http - check: check_http - depends: kassia:process - apache2 - master - hosts: kassia-sec, kassia-ftp - - - - - name: process - apache - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache -a /usr/sbin/apache" - hostgroups: apache1-hosts - - - name: process - apache - worker - nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:75 -c 1:150 -u www-data -C apache -a /usr/sbin/apache" - hostgroups: apache1-hosts - depends: process - apache - master - - - name: network service - http - check: check_http - hostgroups: apache1-hosts - depends: process - apache - master - - - - name: network service - http keyserver - check: dsa_check_http_port!11371 - hosts: raff - depends: process - apache2 - master - - - - name: network service - https - check: check_https - hosts: samosa, ries, klecker - depends: "process - apache2 - master" - normal_check_interval: 120 - - - name: network service - https cert - check: dsa_check_cert!443 - hosts: samosa, ries, klecker - depends: network service - https - normal_check_interval: 60 - #### - - - name: process - named - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:15 -c 1: -u bind -C named -a '/usr/sbin/named -u bind'" - hostgroups: bind9-hosts - - - name: network service - dns - check: check_dns - hostgroups: bind9-hosts - depends: process - named - - - name: unwanted process - named - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C named" - hostgroups: computers - excludehostgroups: bind9-hosts - - #### - - - name: process - vsftp - listener - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C vsftpd -a 'vsftpd: LISTENER'" - hostgroups: ftpd-hosts - excludehosts: kassia - - - name: process - vsftp - instance - nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:80 -c 0:100 -u ftp -C vsftpd -a 'vsftpd: '" - hostgroups: ftpd-hosts - excludehosts: kassia - - - name: network service - ftp - check: check_ftp - hostgroups: ftpd-hosts - excludehosts: kassia - depends: process - vsftp - listener - - - name: network service - ftp - check: check_ftp - hosts: kassia-sec, kassia-ftp - depends: kassia:process - xinetd - - #### - - - name: process - debianqueued - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u dak -C debianqueued" - hosts: ries, ravel, klecker - - ### - - - name: process - postresql81 - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a '/usr/lib/postgresql/8.1/bin/postmaster -D /var/lib/postgresql/8.1/main -c config_file=/etc/postgresql/8.1/main/postgresql.conf'" - hostgroups: postgres81-hosts - - - name: process - postresql81 - writer - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: writer process'" - hostgroups: postgres81-hosts - depends: process - postresql81 - master - - - name: process - postresql81 - buffer - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats buffer process'" - hostgroups: postgres81-hosts - depends: process - postresql81 - master - - - name: process - postresql81 - collector - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats collector process'" - hostgroups: postgres81-hosts - depends: process - postresql81 - master - #### - - - name: process - postresql83 - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf'" - hostgroups: postgres83-hosts - excludehosts: piatti, klecker - - - name: process - postresql83 - master udd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/udd -c config_file=/etc/postgresql/8.3/udd/postgresql.conf'" - hosts: piatti - - - name: process - postresql83 - dak master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak -c config_file=/etc/postgresql/8.3/dak/postgresql.conf'" - hosts: ries, klecker - - - name: process - postresql83 - dak-dev master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak-dev -c config_file=/etc/postgresql/8.3/dak-dev/postgresql.conf'" - hosts: ries - #### - - - name: process - mysql - master - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C mysqld_safe -a '/bin/sh /usr/bin/mysqld_safe'" - hostgroups: mysql-hosts - - - name: process - mysql - workers - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u mysql -C mysqld -a /usr/sbin/mysqld" - hostgroups: mysql-hosts - depends: process - mysql - master - - #### - - - name: process - stunnel4 - postgres-udd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd-server.conf'" - hosts: piatti - - - name: process - stunnel4 - postgres-udd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd.conf'" - hosts: merkel, master - - #### - #- - # name: process - xenconsoled - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenconsoled -a 'xenconsoled'" - # hosts: piatti - #- - # name: process - xenstored - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenstored -a '/usr/lib/xen-3.0.3-1/bin/xenstored --pid-file /var/run/xenstore.pid'" - # hosts: piatti - #- - # name: process - xend - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 2: -u root -C python -a 'python /usr/lib/xen-3.0.3-1/bin/xend start'" - # hosts: piatti -# - #### - - - name: process - libvirtd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C libvirtd -a '/usr/sbin/libvirtd -d'" - hosts: unger - - ### - - - name: process - buildd - servicegroups: buildd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u buildd -C buildd '/usr/bin/perl /usr/bin/buildd'" - hostgroups: buildd - contacts: luk - - ### - - - name: process - iscsid - nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 1: -u root -C iscsid '/usr/sbin/iscsid'" - hosts: raptor - - ### - #- - # name: process - tftpd - # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C in.tftpd -a '/usr/sbin/in.tftpd -l -B 1450 -s /var/lib/tftpboot'" - # hostgroups: tftpd-hosts - ### -# - -# name: process - dhcpd -# nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C dhcpd3 -a '/usr/sbin/dhcpd3 -q eth0'" -# hosts: paer - ### - - - name: process - smartd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C smartd -a '/usr/sbin/smartd --pidfile /var/run/smartd.pid --interval=1800'" - hostgroups: smart - - ############ NFS Stuff ############ - #### - - - name: process - portmap - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C portmap -a '/sbin/portmap'" - hostgroups: nfs-client, nfs-server - - - name: process - statd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u statd -C rpc.statd -a '/sbin/rpc.statd'" - hostgroups: nfs-client, nfs-server - - - name: process - nfsd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u root -C nfsd -a '[nfsd]'" - hostgroups: nfs-server - - - name: process - lockd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C lockd -a '[lockd]'" - hostgroups: nfs-server - - - name: process - mountd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rpc.mountd -a '/sbin/rpc.mountd'" - hostgroups: nfs-server - # see if the nfs stuff works and doesn't hang. - # the df check all script will also hang, but we don't appear to pay attention to that - - - name: nfs mount ftp archive - nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /home/org/ftp.root/debian" - hosts: gluck - - - name: nfs mount ftp archive - nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /org/mirrors/ftp.debian.org/ftp" - hosts: merkel, raff - - ############ MISC OTHER Stuff ############ - ##### - - - name: mirror sync - security - check: "dsa_check_mirrorsync!security.debian.org!project/trace/security-master.debian.org" - hosts: global - - - name: mirror sync - security.eu - check: "dsa_check_mirrorsync!security.eu.debian.org!project/trace/security-master.debian.org" - hosts: global - - - name: mirror sync - security.us - check: "dsa_check_mirrorsync!security.us.debian.org!project/trace/security-master.debian.org" - hosts: global - - - name: DNS SOA sync - debian.org - check: "dsa_check_soas_add!samosa.debian.org!debian.org" - hosts: global - - - name: DNS SOA sync - debian.net - check: "dsa_check_soas_add!samosa.debian.org!debian.net" - hosts: global - - - name: DNS SOA sync - debian.com - check: "dsa_check_soas_add!samosa.debian.org!debian.com" - hosts: global - - - name: DNS SOA sync - mirror.debian.net - check: "dsa_check_soas_add!samosa.debian.org!mirror.debian.net" - hosts: global - - - name: DNS SOA sync - 144-28.118.59.86.in-addr.arpa - check: "dsa_check_soas_add!samosa.debian.org!144-28.118.59.86.in-addr.arpa" - hosts: global - - - name: DNS SOA sync - alioth.debian.org - check: "dsa_check_soas_add!alioth.debian.org!alioth.debian.org" - hosts: global