Posts Tagged ‘install’

Installing NRPE for Nagios/Icinga on Gentoo

You have two options for monitoring things like load average and logged in users on a remote host with Nagios or Icinga: SNMP (which you are probably already using for Cacti or a similar graphing/monitoring solution) or the Nagios Remote Plugin Executor (NRPE). NRPE gives one greater flexibility in the kind of data collected and actions executed. Unfortunately, NRPE is not included in Portage so we must compile and configure it on our own.

First, download the NRPE source tarball to your core monitoring server and install check_nrpe:

# mkdir /usr/src/nrpe
# cd /usr/src/nrpe
# wget [tarball]
# tar xf [tarball]
# cd nrpe-[version]
# ./configure
# make all
# cp src/check_nrpe /usr/[lib|lib64]/nagios/plugins/

Now add the command to your Icinga or Nagios config:

define command{
        command_name check_nrpe
        command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}

Compile and install the nrpe server on the target host:

# mkdir /usr/src/nrpe
# cd /usr/src/nrpe
# wget [tarball]
# tar xf [tarball]
# cd nrpe-[version]
# ./configure
# make all
# mkdir /etc/nrpe
# cp src/nrpe /usr/bin/
# cp sample-config/nrpe.cfg /etc/nrpe/

Install the nagios-plugins package from portage:

# emerge nagios-plugins

Edit /etc/nrpe/nrpe.cfg with a mind to security (particularly the allowed_hosts directive). The nagios-plugins package has already created the nagios user and group so there is no need to change the defaults. Update the command paths at the end of the file to reflect the location nagios-plugins installed to:

command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /dev/root
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200

Start the server as root with the daemoniz flag:

# nrpe -c /etc/nrpe/nrpe.cfg -d

We can see it has dropped down to the nagios user:

# ps aux | grep nrpe
nagios     570  0.0  0.0   4208   948 ?        Ss   16:55   0:00 nrpe -c /etc/nrpe/nrpe.cfg -d

Now we can test the configuration on the Nagios/Icinga core monitoring server:

# /usr/lib64/nagios/plugins/check_nrpe -H [ADDRESS]
NRPE v2.13

If the remote NRPE server’s configuration is working it should respond with NRPE [version]. Now we can set up some services on the monitoring server:

define service{
        host_name               myhost
        service_description     Users
        check_command           check_nrpe!check_users
        max_check_attempts      5
        check_interval          5
        retry_interval          1
        check_period            24x7
        notification_interval   30
        notification_period     24x7
        notification_options    w,c,r
        contact_groups          admins
        }

Note that the argument for check_command is one of the hard-coded commands in the nrpe server’s configuration file. Restart Icinga/Nagios to load the changes and begin monitoring:

# /etc/init.d/icinga restart

An init script will be required to make the NRPE daemon start on boot, create /etc/init.d/nrpe:

#!/sbin/runscript
# Copyright (c) 2012 http://foxpa.ws
# All rights released

description="Runs Nagios Remote Plugin Executor on Gentoo"

depend()
{
        need net
}

start()
{
        ebegin "Starting NRPE"
        start-stop-daemon --start --quiet --user=root --background --exec "/usr/bin/nrpe" -- -c /etc/nrpe/nrpe.cfg -d
        eend ${?}
}

stop()
{
        ebegin "Stopping NRPE"
        start-stop-daemon --stop --quiet --pidfile "/var/run/nrpe.pid"
        eend ${?}
}

Now make it executable and add it to the default runlevel:

# chmod +x /etc/init.d/nrpe
# rc-update add nrpe default

Alternatively, NRPE can be run by xinetd. From the README:

Running Under INETD or XINETD
-----------------------------

If you plan on running nrpe under inetd or xinetd and making use
of TCP wrappers, you need to do the following things:



1) Add a line to your /etc/services file as follows (modify the port
   number as you see fit)

        nrpe            5666/tcp        # NRPE



2) Add entries for the NRPE daemon to either your inetd or xinetd
   configuration files.  Which one your use will depend on which
   superserver is installed on your system.  Both methods are described
   below.  NOTE: If you run nrpe under inetd or xinetd, the server_port
   and allowed_hosts variables in the nrpe configuration file are
   ignored.


   ***** INETD *****
   If your system uses the inetd superserver WITH tcpwrappers, add an
   entry to /etc/inetd.conf as follows:

        nrpe    stream  tcp     nowait  <user> /usr/sbin/tcpd <nrpebin> -c <nrpecfg> --inetd

   If your system uses the inetd superserver WITHOUT tcpwrappers, add an
   entry to /etc/inetd.conf as follows:

        nrpe    stream  tcp     nowait  <user> <nrpebin> -c <nrpecfg> --inetd


   - Replace <user> with the name of the user that the nrpe server should run as.
        Example: nagios
   - Replace <nrpebin> with the path to the nrpe binary on your system.
        Example: /usr/local/nagios/nrpe
   - Replace <nrpecfg> with the path to the nrpe config file on your system.
        Example: /usr/local/nagios/nrpe.cfg


   ***** XINETD *****
   If your system uses xinetd instead of inetd, you'll probably
   want to create a file called 'nrpe' in your /etc/xinetd.d
   directory that contains the following entries:


        # default: on
        # description: NRPE
        service nrpe
        {
                flags           = REUSE
                socket_type     = stream        
                wait            = no
                user            = <user>
                server          = <nrpebin>
                server_args     = -c <nrpecfg> --inetd
                log_on_failure  += USERID
                disable         = no
                only_from       = <ipaddress1> <ipaddress2> ...
        }


   - Replace <user> with the name of the user that the nrpe server should run as.
   - Replace <nrpebin> with the path to the nrpe binary on your system.
   - Replace <nrpecfg> with the path to the nrpe config file on your system.
   - Replace the <ipaddress> fields with the IP addresses of hosts which
     are allowed to connect to the NRPE daemon.  This only works if xinetd was
     compiled with support for tcpwrappers.



3) Restart inetd or xinetd will the following command (pick the
   on that is appropriate for your system:

        /etc/rc.d/init.d/inet restart

        /etc/rc.d/init.d/xinetd restart

   OpenBSD users can use the following command to restart inetd:

        kill -HUP `cat /var/run/inet.pid`



4) Add entries to your /etc/hosts.allow and /etc/hosts.deny
   file to enable TCP wrapper protection for the nrpe service.
   This is optional, although highly recommended.

Portage Errors: dev-perl/DBD-mysql vs dev-perl/DBI

This is a very old bug but I’m covering it here anyway because it keeps popping up on dusty servers and I forget how to solve it.

If you do a world update on a box that hasn’t had one in about a year you might notice that dev-perl/DBD-mysql (in the case in front of me, 4.01.3) fails to compile and nothing you do with perl-cleaner seems to fix it. You need to force-rebuild dev-perl/DBI.

# emerge -1 dev-perl/DBI

ClearOS 5.2 Enterprise foxpa.ws Xen Edition

The following is the README file I have included with the package:

ClearOS 5.2 foxpaws edition Oct 2010 http://foxpa.ws

This is a basic installation of ClearOS Enterprise 5.2 with modifications
covered by articles at http://foxpa.ws. It resides on an ext3 filesystem
on a partition within a sparse, raw disk image. It can be managed with losetup,
lomount and kpartx. GRUB is configured to load a domU kernel by default and
options exist for regular kernel (hvm) and the CentOS distribution of xen
as a dom0 (this image should be directly writable to a hard drive). ClearSDN
updates have been installed up until Oct 20 2010 and the registration has
been wiped. Don't forget to add this VM to your ClearSDN account to receive
updates.

Caveats and considerations:
 - comes with iftop
 - custom firewall rules in webconfig block pings to external interface by
 default
 - custom snort rules with SIDs beginning with 4000000
 - http://foxpa.ws/2010/06/04/bad-snort-rules/ applied
 - user username is user, password is user (must SU on physical console)
 - root password is root
 - automatic updates are disabled by default
 - graphical console disabled
 - serial console is forced onto /dev/ttyS0
 - ports 81 and 22 open on external interface by default
 - eth0 ext 192.168.222.55/24 gw 192.168.222.1
 - eth1 lan 192.168.111.11/24
 - admin https://[192.168.222.55|192.168.111.11]:81
 - grant users shell access enabled

Don't forget to update the vif configuration entries to reflect the networking
setup of your dom0 and ensure the MACs do not conflict with existing VMs.

The installation was more or less based on this (slightly oudated) checklist:

http://foxpa.ws/2010/04/16/clearos-installation-checklist/

The included domU kernel will only work on PAE-compatible or 64 bit
hypervisor implementations and requires pygrub by default, however it can
be run without pygrub if the domU kernel and initrd (initrd-noscsi.img)
located in /boot/ are externalized.

Download at http://foxpa.ws/dist/clear-foxpaws.tar.lzma (261M)

UPDATE Check out ClearOS TROllup Edition! http://foxpa.ws/2011/01/22/clearos-trollup-edition/

Return top

LINKS

foxpa.ws
Online Marketing Toplist
Internet
Technology Blogs - Blog Rankings

Internet Blogs - BlogCatalog Blog Directory

Technology blogs 		Bad Karma Networks

Please Donate!


Made in Canada  •  There's a fox in the Gibson!  •  2010-12