New Nagios/NagiosXI plugin – Check Kaspersky Security for Linux Mail Server (KLMS)

A few days ago I submitted to Nagios Exchange a new plugin to check KLMS health, so if you use Kaspersky Security for Linux Mail Server, it might be of use to you.

The plugin is a bash Shell script, that reports the following status:

OK:       All KLMS Databases are Up to Date, KLMS running, LDAP connected.
WARNING:  Database Outdated: [ AntiVirus | AntiSPAM | AntiPhishing ].
CRITICAL: Database Obsolete: [ AntiVirus | AntiSPAM | AntiPhishing ], KLMS not running, LDAP not connected.
Error:    KLMS couldn't be contacted, or not installed (check your PATH or install KLMS software).

NagiosXI installation instructions follow:

1.- Change your command definition in the nrpe.cfg

   nagios@pmimta:/usr/local/nagios/etc$ sudo cp -p nrpe.cfg nrpe.cfg.20180808 	<-- always make a backup first!
   nagios@pmimta:/usr/local/nagios/etc$ sudo vi nrpe.cfg 			<-- edit your nrpe.cfg
      Add:
	command[check_klms]=/usr/local/nagios/libexec/check_klms.sh status

2.- Edit sudoers file:

   sudo visudo

3.- Add permissions for the klms-control binary to nagios:

   Defaults:nagios !requiretty
   nagios ALL=NOPASSWD: /opt/kaspersky/klms/bin/klms-control

4.- Restart the nrpe daemon:

   nagios@pmimta:/usr/local/nagios/etc$ ps -ef |grep nrpe
   nagios 1476 1 0 Aug05 ? 00:00:02 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
   nagios@pmimta:/usr/local/nagios/etc$ sudo kill -9 1476
   nagios@pmimta:/usr/local/nagios/etc$ sudo /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
   nagios@pmimta:/usr/local/nagios/etc$ ps -ef |grep nrpe
   nagios 31928 1 0 12:11 ? 00:00:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d

or, if nrpe is under xinetd:

   service xinetd restart

5.- Verify nrpe log:

   nagios@pmimta:/usr/local/nagios/etc$ journalctl --since=today | grep nrpe
   Aug 08 12:11:41 pmimta sudo[31926]: sistemas : TTY=pts/0 ; PWD=***** ; USER=nagios ; COMMAND=/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
   Aug 08 12:11:41 pmimta nrpe[31928]: Starting up daemon
   Aug 08 12:11:41 pmimta nrpe[31928]: Server listening on 0.0.0.0 port 5666.
   Aug 08 12:11:41 pmimta nrpe[31928]: Server listening on :: port 5666.
   Aug 08 12:11:41 pmimta nrpe[31928]: Warning: Daemon is configured to accept command arguments from clients!
   Aug 08 12:11:41 pmimta nrpe[31928]: Listening for connections on port 0
   Aug 08 12:11:41 pmimta nrpe[31928]: Allowing connections from: 127.0.0.1, nagiosxiserver

Now we will only need to define a new command under NagiosXI and a service to use that command, and we will have the check working in our NagiosXI:

KLMS Warning 01

The plugin can be downloaded from Nagios Exchange.

Advertisements

Nuevo Plugin para Nagios – Check Kaspersky Security for Linux Mail Server (KLMS)

Hace unos días he subido a Nagios Exchange un plugin para comprobar el estado de KLMS, por lo que si tenéis KLMS instalado, os puede ser bastante útil.

Es un script en Shell bash que reporta los siguientes estados:

OK:                All KLMS Databases are Up to Date, KLMS running, LDAP connected.
WARNING: Database Outdated: [ AntiVirus | AntiSPAM | AntiPhishing ].
CRITICAL:   Database Obsolete: [ AntiVirus | AntiSPAM | AntiPhishing ], KLMS not running, LDAP not connected.
Error:          KLMS couldn’t be contacted, or not installed (check your PATH or install KLMS software).

 

Las instrucciones de instalación para NagiosXI, son las siguientes:

1.- Bajarse el script de nagios (check_klms.sh) en la ruta de los controles nagios (por defecto /usr/local/nagios/libexec), y añadir la definición de un nuevo command al fichero nrpe.cfg de la máquina que queremos monitorizar:

nagios@pmimta:/usr/local/nagios/etc$ sudo cp -p nrpe.cfg nrpe.cfg.20180822    <-- siempre haz backup 1º!
nagios@pmimta:/usr/local/nagios/etc$ sudo vi nrpe.cfg                         <-- edita tu nrpe.cfg
 Añadir:
   command[check_klms]=/usr/local/nagios/libexec/check_klms.sh status

2.- Editar el control de permisos de sudo:

nagios@pmimta:/home/nagios$ sudo visudo

3.- Dar a nagios permisos para ejecutar klms-control (binario de admin de KLMS):

Defaults:nagios !requiretty 
nagios ALL=NOPASSWD: /opt/kaspersky/klms/bin/klms-control

4.- Reiniciar el demonio NRPE:

nagios@pmimta:/usr/local/nagios/etc$ ps -ef |grep nrpe
nagios 1476 1 0 Aug05 ? 00:00:02 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d 
nagios@pmimta:/usr/local/nagios/etc$ sudo kill -9 1476
nagios@pmimta:/usr/local/nagios/etc$ sudo /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
nagios@pmimta:/usr/local/nagios/etc$ ps -ef |grep nrpe
nagios 31928 1 0 12:11 ? 00:00:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d

o, si nuestro nrpe está corriendo bajo xinetd:   service xinetd restart

5.- Verificar el log nrpe, para ver que todo funciona OK:

nagios@pmimta:/usr/local/nagios/etc$ journalctl --since=today | grep nrpe
Aug 08 12:11:41 pmimta sudo[31926]: sistemas : TTY=pts/0 ; PWD=***** ; USER=nagios ; COMMAND=/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d
Aug 08 12:11:41 pmimta nrpe[31928]: Starting up daemon
Aug 08 12:11:41 pmimta nrpe[31928]: Server listening on 0.0.0.0 port 5666.
Aug 08 12:11:41 pmimta nrpe[31928]: Server listening on :: port 5666.
Aug 08 12:11:41 pmimta nrpe[31928]: Warning: Daemon is configured to accept command arguments from clients!
Aug 08 12:11:41 pmimta nrpe[31928]: Listening for connections on port 0
Aug 08 12:11:41 pmimta nrpe[31928]: Allowing connections from: 127.0.0.1, nagiosxiserver

Una vez hemos puesto el control y los permisos pertinentes en el servidor a comprobar, ya solo queda definir un nuevo command en NagiosXI y un service que use dicho command, y ya tendremos el control funcionando en nuestro NagiosXI:


Podéis bajaros el script desde la web de Nagios Exchange

 

 

Nagios Plugin for UNIX released

I have released a nagios plugin written in shell script to check if a filesystem is mounted under a UNIX & Linux OS, and it has been posted today in nagios exchange.

It’s a simple-written script in Unix shell, to make it compatible across a bigger number of operating systems, basically it checks if a file system is mounted with a vanilla “mount” command, and checks to see if the fs type matches the result with a grep. If the filesystem is mounted more than once, it gives a warning message with the number of times the FS is mounted under parentheses.

I have checked that it is compatible under the following UNIX, UNIX-like & Linux platforms:

IBM AIX v7.1, v6.1, v5.2 
RHEL v6.6, v4.8, RHL v9 
Ubuntu v10.04.4 LTS 
SuSe v11 
CentOS v6.6, v6.5 
CygWin v2.5.1, v2.0.4 & BusyBox v1.22.1 
Oracle Solaris x86 v11.3, v10 
SCO OpenServer v6.0.0 
SCO UnixWare v7.1.4+, v7.1.4

The plugin description is the following:

Shell Script for Nagios, checks if the FS passed on $1 is mounted under Mount Type $2. 
If no parameter passed on $2 NFS type is assumed by default. 
This script does not check fstab or /etc/filesystem or other tab entries, 
as it is designed to consume as little CPU time as possible and to be used in different 
OS types. 

It is a simple script, but it detects mounts of practically any type of FS, 
and multiple instances mounted of the same FS. 

Released under GPLv3. Author: Carlos Ijalba - 2016.

Alerts given to Nagios: 

OK - "/exports" mounted under "NFS". 
CRITICAL - "/exports" not mounted under "NFS". 
WARNING - "/exports" is mounted several times! (3) 

------------- 

USE: 
check_mount.sh [ $1 - Filesystem ] | optional: [ $2 - Type (NFS by default)] 

Reports: 
OK - $1 mounted under $2. 
CRITICAL - $1 not mounted under $2. 
WARNING - $1 is mounted several times! (number of times mounted) 

Examples: 
check_mount.sh /developer/logs <-- check NFS mount of /developer/logs 
check_mount.sh /developer cifs <-- check CIFS mount of /developer 
check_mount.sh /ora12c nfs4 <-- check NFSv4 mount of /ora12c 
check_mount.sh /db2 ext3 <-- check EXT3 mount of /db2 
check_mount.sh /CICS jfs2 <-- check JFS2 mount of /CICS 

The script’s code is as follows:

#!/bin/sh
#
 Copyright="(C) 2016 - Carlos Ijalba GPLv3" # <perkolator @ gmail.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
########################################################################################################################
#
# Program: check_mount.sh
#
# Parameters:
#   $1 - FS to check --MANDATORY--
#   $2 - Mount type [ nfs3 | nfs4 | cifs | jfs2 | procfs | ext3 | ext4... ] --OPTIONAL-- (NFS by default)
#
# Output:
#   3 - Error: No FS passed on parameter $1.
#   2 - CRITICAL: FS not OK, the FS specified is not mounted by $2.
#   1 - WARNING: FS not OK, the FS specified is mounted several times (it might not be a problem).
#   0 - OK: FS OK, the FS specified has an instance mounted under $2 mount type.
#
# Description:
#
# Shell Script for Nagios, checks if the FS passed on $1 is mounted under Mount Type $2. If no parameter passed on $2
# NFS type is assumed by default. This script do not check fstab or /etc/filesystem or other tab entries, as it is
# designed to consume as little CPU time as possible and to be used in different OS types.
#
# It is a simple script, but it detects mounts of practically any type of FS, and multiple instances mounted of the same FS.
#
# Verified compatible with the following OS:
#   IBM AIX v7.1, v6.1, v5.2
#   RHEL v6.6, v4.8, RHL v9
#   Ubuntu v10.04.4 LTS
#   SuSe v11
#   CentOS v6.6, v6.5
#   CygWin v2.5.1, v2.0.4 &amp; BusyBox v1.22.1
#   Oracle Solaris x86 v11.3, v10
#   SCO OpenServer v6.0.0
#   SCO UnixWare v7.1.4+, v7.1.4
#
# Versions Date Programmer, Modification
# ------------ ---------- ----------------------------------------------------
# Version=1.00 # 03/06/2016 Carlos Ijalba, Original version.
  Version=1.01 # 10/06/2016 Carlos Ijalba, GPLv3 open source release.
#
########################################################################################################################
#set -x

# Constants
NAGIOS_ERROR=3
NAGIOS_CRIT=2
NAGIOS_WARN=1
NAGIOS_OK=0

# Usage
if [ $# -lt 1 ]
 then
 cat << EOF
check_mount.sh v$Version - $Copyright

 ERROR - No FS passed under parameter \$1

 USE:
   check_mount.sh [ \$1 - Filesystem ] | optional: [ \$2 - Type (NFS by default)]

 Reports:
   OK - \$1 mounted under \$2.
   CRITICAL - \$1 not mounted under \$2.
   WARNING - \$1 is mounted several times! (number of times mounted)

 Examples:
   check_mount.sh /developer/logs &lt;-- check NFS mount of /developer/logs
   check_mount.sh /developer cifs &lt;-- check CIFS mount of /developer
   check_mount.sh /ora12c nfs4 &lt;-- check NFSv4 mount of /ora12c
   check_mount.sh /db2 ext3 &lt;-- check EXT3 mount of /db2
   check_mount.sh /CICS jfs2 &lt;-- check JFS2 mount of /CICS

EOF
 RC=$NAGIOS_ERROR
 exit $RC
fi
FS=$1

# Main

MOUNT=$2
if [ -z "$MOUNT" ]
 then
   MOUNT="nfs" # if $2 not specified, assume NFS by default
fi

MOUNTED=`mount | grep $MOUNT | grep $FS | wc -l | tr -s " "` # execute the command to check the mount...

if [ $MOUNTED -eq 0 ]; then
   MSG="CRITICAL - $FS not mounted under $MOUNT."
   RC=$NAGIOS_CRIT
 elif [ $MOUNTED -eq 1 ]; then
   MSG="OK - $FS mounted under $MOUNT."
   RC=$NAGIOS_OK
 else
   MSG="WARNING - $FS is mounted several times! ($MOUNTED)"
   RC=$NAGIOS_WARN
fi

echo $MSG
exit $RC

# End

I hope it is of use to somebody, if you have any doubts or problems with it, just give the sysadmin a shout!!!
You can check my plugin at nagios exchange here:

Check if FS is Mounted (check_mount.sh) AIX, NFS, UNIX, Linux, Solaris

 

And for more filesystem plugins from nagios exchange, visit:

https://exchange.nagios.org/directory/Plugins/System-Metrics/File-System

 

 

HowTo: detect and connect to Oracle / Sun Microsytems ILOMs (Integrated Lights Out Manager)

Prereqs:

· A laptop PC (with windows)
· NetScan from Softperfect (it’s free for personal & professional use)
· An ethernet cable (ie: cat5-6, normal cable -no crossover needed-)

Steps:

1.- If you haven’t done it already, go to Softperfects web and download the latest version of NetScanner.
Why I like this program? well, it’s free, it’s portable (I love portables BTW), it’s one of the best scanners that I have seen, and it’s free (did I say that already?).

2.- Conect your laptop to the “Net Mgmt” ethernet port of your server, and change your laptop’s local IP address to 192.160.1.2, with a gateway of 192.168.1.1.

3.- Open NetScan, let it identify your NICs IP network, and start the scan.

ILOM_detect_01

4.- As soon as you have 2 entries displayed on NetScan, you can save time and pause the scan process.

ILOM_detect_02

5.- Select the last IP shown, and right click, open as Secure HTTP (HTTPS).

ILOM_detect_03

6.- Voilá, You may get a certificate error, ignore that, and you will be able to login;

ILOM_detect_04

a browser windows should have opened with the ILOM login’s page.

ILOM_detect_05
remember that the default user/password to access is root/changeme.

7.- Now you can do what you wanted to do in the ILOM, log off, and go for another server…

ILOM_detect_06

Blog at WordPress.com.

Up ↑