+++ /dev/null
-all: generated/nrpe_dsa.cfg deb
-
-generated/nrpe_dsa.cfg: nagios-master.cfg build-nagios
- [ -d generated ] || mkdir generated
- ./build-nagios
-
-
-deb: generated/nrpe_dsa.cfg dsa-nagios-nrpe-config/debian/changelog
- if ! [ -e Build-tree/dsa-nagios-nrpe-config/nrpe_dsa.cfg ] || \
- ! diff generated/nrpe_dsa.cfg Build-tree/dsa-nagios-nrpe-config/nrpe_dsa.cfg > /dev/null; then \
- cp -a generated/nrpe_dsa.cfg dsa-nagios-nrpe-config && \
- rm -rf Build-tree && \
- mkdir Build-tree && \
- cp -av dsa-nagios-nrpe-config Build-tree && \
- cd Build-tree/dsa-nagios-nrpe-config && \
- dch --newversion "$$(date --utc '+%Y%m%dT%H%M%S')" "Built on `hostname` in `pwd` by $$USER." && \
- debuild -rfakeroot -uc -us; \
- fi
-
-clean:
- rm -rf generated
- rm -rf Build-tree
- rm -f dsa-nagios-nrpe-config/nrpe_dsa.cfg
-
-install: generated/nrpe_dsa.cfg
- dh_testroot
- #
- install -m 644 checkcommands.cfg /etc/nagios-plugins/config/local-dsa-checkcommands.cfg
- #
- install -m 644 nagios-conf/contacs.cfg /etc/nagios3/conf.d
- install -m 644 nagios-conf/generic-host.cfg /etc/nagios3/conf.d
- install -m 644 nagios-conf/generic-service.cfg /etc/nagios3/conf.d
- install -m 644 nagios-conf/timeperiods.cfg /etc/nagios3/conf.d
- install -m 644 generated/auto-dependencies.cfg /etc/nagios3/conf.d
- install -m 644 generated/auto-hostextinfo.cfg /etc/nagios3/conf.d
- install -m 644 generated/auto-hostgroups.cfg /etc/nagios3/conf.d
- install -m 644 generated/auto-hosts.cfg /etc/nagios3/conf.d
- install -m 644 generated/auto-serviceextinfo.cfg /etc/nagios3/conf.d
- install -m 644 generated/auto-services.cfg /etc/nagios3/conf.d
- install -m 644 generated/auto-servicegroups.cfg /etc/nagios3/conf.d
- #
- @echo "Also run: "
- @echo " cp Build-tree/*.deb /org/db.debian.org/ftp-archive/archive/pool/etch/ && "
- @echo " make -C /org/db.debian.org/ftp-archive"
- #
- @echo
- #
- env -i /etc/init.d/nagios3 reload
-
-.PHONY: all deb
+++ /dev/null
-#!/usr/bin/ruby
-
-# build nagios and nrpe config from a single master config file
-
-# Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009 Peter Palfrader <peter@palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
-require "yaml"
-
-ORG="dsa"
-SHORTORG="dsa"
-GENERATED_PREFIX="./generated/"
-
-nagios_filename = {};
-%w(hosts hostgroups services dependencies hostextinfo serviceextinfo servicegroups).each{
- |x| nagios_filename[x] = GENERATED_PREFIX+"auto-#{x}.cfg"
-}
-nagios_filename['nrpe'] = GENERATED_PREFIX+"nrpe_#{ ORG }.cfg"
-
-
-MAX_CHECK_ATTEMPTS_DEFAULT=6
-
-NRPE_CHECKNAME="#{ ORG }_check_nrpe" # check that takes one argument: service name to be checked
-NRPE_CHECKNAME_HOST="#{ ORG }_check_nrpe_host" # check that takes two arguments: relay host on which to run check, service name to be checked
-
-HOST_TEMPLATE_NAME='generic-host' # host templates that all our host definitions use
-SERVICE_TEMPLATE_NAME='generic-service' # host templates that all our host definitions use
-HOST_ALIVE_CHECK='check-host-alive' # host alive check if server is pingable
-NRPE_PROCESS_SERVICE='process - nrpe' # nrpe checks will depend on this one
-
-
-def warn (msg)
- STDERR.puts msg
-end
-def set_if_unset(hash, key, value)
- hash[key] = value unless hash.has_key?(key)
-end
-def set_complain_if_set(hash, key, value, type, name)
- throw "#{type} definition '#{name}' has '#{key}' already defined" if hash.has_key?(key)
- hash[key] = value
-end
-
-# Make an array out of something. If there is nothing, create an empty array
-# if it is just a string, make a list with just that element, if it already is
-# an array keep it.
-def ensure_array(something)
- if (something == nil)
- result = []
- elsif something.kind_of?(String)
- result = [ something ]
- elsif something.kind_of?(Array)
- result = something
- else
- throw "Do now know how to make an array out of #{something}: " + something.to_yaml
- end
- return result
-end
-
-
-# This class keeps track of the checks done via NRPE and makes sure
-# each gets a unique name.
-#
-# Unforutunately NRPE limits check names to some 30 characters, so
-# we need to mangle service names near the end.
-class Nrpe
- def initialize
- @checks = {}
- end
-
- def make_name( name, check )
- name = name.tr_s("^a-zA-Z", "_").gsub("process", "ps")
-
- result = "#{ SHORTORG }_" + name[0,19]
-
- hash = ''
- skew = ''
- while (@checks.has_key?(result + hash))
- # hash it, so that we don't lose uniqeness by cutting it off
- hash = (check+skew).crypt("$1$")
- hash = hash[-5,5] # 5 chars are enough
- hash.tr!("/", "_")
- skew += ' ' # change it a bit so the hash changes
- end
- result += hash
- return result # max of 32 or so chars
- end
-
- def add( name, check )
- if @checks.has_value? check
- @checks.each_pair{ |key, value|
- return key if value == check
- }
- end
- key = make_name(name, check)
- @checks[ key ] = check
- return key
- end
-
- def checks
- return @checks
- end
-end
-$nrpe = Nrpe.new()
-
-
-# Prints the keys and values of hash to a file
-# This is the function that prints the bodies of most our
-# host/service/etc definitions
-#
-# It skips over such keys as are listed in exclude_keys
-# and also skips private keys (those starting with an underscre)
-def print_block(fd, kind, hash, exclude_keys)
- fd.puts "define #{kind} {"
- hash.each_pair{ |key, value|
- next if key[0,1] == '_'
- next if exclude_keys.include? key
- fd.puts " #{key} #{value}"
- }
- fd.puts "}"
- fd.puts
-end
-
-def merge_contacts(host, service)
- %w{contacts contact_groups}.each{ |k|
- contacts = []
- [host, service].each{ |source|
- contacts.push source[k] if source.has_key?(k)
- }
- service[k] = contacts.join(",") unless contacts.empty?
- }
-end
-
-# Add the service definition service to hosts
-# f is the file for service definitions, deps the file for dependencies
-def addService(hosts, service, files, servers)
-
- set_if_unset service, 'use' , SERVICE_TEMPLATE_NAME
- set_if_unset service, 'max_check_attempts', MAX_CHECK_ATTEMPTS_DEFAULT
-
- service['max_check_attempts'] = MAX_CHECK_ATTEMPTS_DEFAULT + service['max_check_attempts'] if service['max_check_attempts'] < 0
-
- if service['nrpe']
- throw "We already have a check_command (#{service['check_command']}) but we are in the NRPE block (nrpe: #{service['nrpe']})."+
- " This should have been caught much earlier" if service.has_key?('check_command');
-
- check = $nrpe.add(service['service_description'], service['nrpe'])
- service['check_command'] = "#{ NRPE_CHECKNAME }!#{ check }"
-
- service['depends'] = ensure_array( service['depends'] )
- service['depends'] << NRPE_PROCESS_SERVICE unless service['service_description'] == NRPE_PROCESS_SERVICE # Depend on NRPE unless we are it
- end
-
- hosts.each{ |host|
- s = service.clone
- set_complain_if_set s, 'host_name', host, 'Service', s['service_description']
- merge_contacts(servers[host], s)
-
- print_block files['services'], 'service', s, %w(nrpe runfrom remotecheck
- depends
- hosts hostgroups excludehosts excludehostgroups)
- }
-
- if service['depends']
- service['depends'].each{ |prerequisite|
- hosts.each{ |host|
- prerequisite_host = host
- pre = prerequisite
- # split off a hostname if there's one
- bananasplit = prerequisite.split(':')
- if bananasplit.size == 2
- prerequisite_host = bananasplit[0]
- pre = bananasplit[1]
- elsif bananasplit.size > 2
- throw "Cannot prase prerequisite #{prerequisite} for service #{service['service_description']} into host:service"
- end
- dependency = {
- 'host_name' => prerequisite_host,
- 'service_description' => pre,
- 'dependent_host_name' => host,
- 'dependent_service_description' => service['service_description'],
- 'execution_failure_criteria' => 'n',
- 'notification_failure_criteria' => 'w,u,c'
- };
- print_block files['dependencies'], 'servicedependency', dependency, %w()
- }
- }
- end
-
-
- set_complain_if_set service['_extinfo'], 'service_description' , service['service_description'], 'serviceextinfo', service['service_description']
- set_complain_if_set service['_extinfo'], 'host_name' , hosts.join(',') , 'serviceextinfo', service['service_description']
-
- print_block files['serviceextinfo'], 'serviceextinfo', service['_extinfo'], %w()
-end
-
-# hostlists in services can be given as both, single hosts and hostgroups
-# This functinn merges hostgroups and a simple list of hosts
-#
-# it also takes a prefix so that it can be used for excludelists as well
-def merge_hosts_and_hostgroups(service, servers, hostgroups, prefix)
- hosts = []
- hosts = service[prefix+'hosts'].split(/,/).map{ |x| x.strip } if service[prefix+'hosts']
- hosts.each{ |host|
- throw "host #{host} does not exist - used in service #{service['service_description']}" unless servers[host]
- };
- if service[prefix+'hostgroups']
- service[prefix+'hostgroups'].split(/,/).map{ |x| x.strip }.each{ |hg|
- throw "hostgroup #{hg} does not exist - used in service #{service['service_description']}" unless hostgroups[hg]
- hosts = hosts.concat hostgroups[hg]['_memberlist']
- }
- end
-
- return hosts
-end
-
-# Figure out the hosts a given service applies to
-#
-# For a given service find the list of hosts minus excluded hosts that this service runs on
-def find_hosts(service, servers, hostgroups)
- hosts = merge_hosts_and_hostgroups service, servers, hostgroups, ''
- excludehosts = merge_hosts_and_hostgroups service, servers, hostgroups, 'exclude'
-
- excludehosts.each{ |host|
- if hosts.delete(host) == nil
- throw "Cannot remove host #{host} from service #{service['service_description']}: it's not included anyway or excluded twice."
- end
- }
-
- return hosts
-end
-
-# Move all elements that have a key that starts with "extinfo-"
-# into the _extinfo subhash
-def split_away_extinfo(hash)
- hash['_extinfo'] = {}
- hash.keys.each{ |key|
- if key[0, 8] == 'extinfo-'
- hash['_extinfo'][ key[8, key.length-8] ] = hash[key]
- hash.delete(key);
- end
- }
-end
-
-
-#############################################################################################
-#############################################################################################
-#############################################################################################
-
-# Load the config
-config = YAML::load( File.open( 'nagios-master.cfg' ) )
-
-files = {}
-# Remove old created files
-nagios_filename.each_pair{ |name, filename|
- files[name] = File.new(filename, "w")
-}
-
-#################################
-# create a few hostgroups
-#################################
-# create the "all" and "pingable" hostgroups
-config['hostgroups']['all'] = {}
-config['hostgroups']['all']['alias'] = "all servers"
-config['hostgroups']['all']['private'] = true
-config['hostgroups']['pingable'] = {}
-config['hostgroups']['pingable']['alias'] = "pingable servers"
-config['hostgroups']['pingable']['private'] = true
-
-config['hostgroups'].each_pair{ |name, hg|
- throw "Empty hostgroup or hostgroup #{name} not a hash" unless hg.kind_of?(Hash)
- split_away_extinfo hg
-
- hg['_memberlist'] = []
-}
-
-config['servers'].each_pair{ |name, server|
- throw "Empty server or server #{name} not a hash" unless server.kind_of?(Hash)
-
- split_away_extinfo server
-
- throw "No hostgroups defined for #{name}" unless server['hostgroups']
- server['_hostgroups'] = server['hostgroups'].split(/,/).map{ |x| x.strip };
- server['_hostgroups'] << 'all'
- server['_hostgroups'] << 'pingable' unless server['pingable'] == false
-
- server['_hostgroups'].each{ |hg|
- throw "Hostgroup #{hg} is not defined" unless config['hostgroups'].has_key?(hg)
- config['hostgroups'][hg]['_memberlist'] << name
- };
-}
-
-config['servicegroups'] = {} unless config.has_key? 'servicegroups'
-
-##############
-# HOSTS
-##############
-config['servers'].each_pair{ |name, server|
- # Formerly we used 'ip' instead of 'address' in our source file
- # Handle this change but warn XXX
- if server.has_key?('ip')
- STDERR.puts("Host definition for #{name} has an 'ip' field. Please use 'address' instead");
- server['address'] = server['ip'];
- server.delete('ip');
- end
-
- set_complain_if_set server, 'host_name' , name, 'Host', name
- set_if_unset server, 'alias' , name
- set_if_unset server, 'use' , HOST_TEMPLATE_NAME
- set_if_unset server, 'check_command', HOST_ALIVE_CHECK unless server['pingable'] == false
-
- print_block files['hosts'] , 'host' , server , %w(hostgroups pingable)
-
-
-
- # Handle hostextinfo
- #config['hostgroups'][ server['_hostgroups'].first ]['_extinfo'].each_pair{ |k, v|
- # find the first hostgroup that has extinfo
- extinfo = server['_hostgroups'].collect{ |hgname | config['hostgroups'][hgname]['_extinfo'] }.delete_if{ |ei| ei.size == 0 }.first
- if extinfo then
- extinfo.each_pair do |k, v|
- # substitute hostname into the notes_url
- v = sprintf(v,name) if k == 'notes_url'
-
- set_if_unset server['_extinfo'], k ,v
- end
- end
-
- set_complain_if_set server['_extinfo'], 'host_name' , name, 'hostextinfo', name
- set_if_unset server['_extinfo'], 'vrml_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image')
- set_if_unset server['_extinfo'], 'statusmap_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image')
-
- print_block files['hostextinfo'], 'hostextinfo', server['_extinfo'], %w()
-}
-
-
-
-##############
-# HOSTGROUPS
-##############
-config['hostgroups'].each_pair{ |name, hg|
- next if hg['private']
-
- set_complain_if_set hg, 'hostgroup_name', name , 'Hostgroup', name
- set_complain_if_set hg, 'members' , hg['_memberlist'].join(","), 'Hostgroup', name
-
- print_block files['hostgroups'], 'hostgroup', hg, %w()
-}
-
-
-##############
-# SERVICES and DEPENDENCIES
-##############
-config['services'].each{ |service|
- throw "Empty service or service not a hash" unless service.kind_of?(Hash)
-
- split_away_extinfo service
-
-
- # Both 'name' and 'service_description' are valid for a service's name
- # Internally we only use service_description as that's nagios' official term
- if service.has_key?('name')
- throw "Service definition has both a name (#{service['name']})" +
- "and a service_description (#{service['service_description']})" if service.has_key?('service_description')
- #STDERR.puts("Service definition #{service['name']} has a 'name' field. Please use 'service_description' instead");
- service['service_description'] = service['name'];
- service.delete('name');
- end
- # Both 'check' and 'check_command' are valid for a service's check command
- # Internally we only use check_command as that's nagios' official term
- if service.has_key?('check')
- throw "Service definition has both a check (#{service['check']})" +
- "and a check_command (#{service['check_command']})" if service.has_key?('check_command')
- #STDERR.puts("Service definition #{service['service_description']} has a 'check' field. Please use 'check_command' instead");
- service['check_command'] = service['check'];
- service.delete('check');
- end
-
-
- hosts = find_hosts service, config['servers'], config['hostgroups']
- throw "no hosts for service #{service['service_description']}" if hosts.empty?
-
- throw "nrpe, check, and remotecheck are mutually exclusive in service #{service['service_description']}" if
- (service['nrpe'] ? 1 : 0) +
- (service['check_command'] ? 1 : 0) +
- (service['remotecheck'] ? 1 : 0) >= 2
-
- if service['runfrom'] && service['remotecheck']
- # If the service check is to be run from a remote monitor server ("relay")
- # add that as an NRPE check to be run on the relay and make this
- # service also depend on NRPE on the relay
- relay = service['runfrom']
-
- hosts.each{ |host|
- # how to recursively copy this thing?
- hostservice = YAML::load( service.to_yaml )
- host_ip = config['servers'][host]['address']
- throw "For some reason I do not have an address for #{host}. This shouldn't be." unless host_ip
-
- remotecheck = hostservice['remotecheck']
- remotecheck.gsub!(/\$HOSTADDRESS\$/, host_ip)
- remotecheck.gsub!(/\$HOSTNAME\$/, host)
- check = $nrpe.add("#{host}_#{hostservice['service_description']}", remotecheck)
- hostservice['check_command'] = "#{NRPE_CHECKNAME_HOST}!#{ config['servers'][ relay ]['address'] }!#{ check }"
-
- # Make sure dependencies are an array. If there are none, create an empty array
- # if depends is just a string, make a list with just that element
- hostservice['depends'] = ensure_array( hostservice['depends'] )
- # And append this new dependency
- hostservice['depends'] << "#{ relay }:#{ NRPE_PROCESS_SERVICE }";
-
- addService( [ host ], hostservice, files, config['servers'])
- }
- elsif service['runfrom'] || service['remotecheck']
- throw "runfrom and remotecheck must either appear both or not at all in service #{service['service_description']}"
- throw "must not remotecheck without runfrom" if service['remotecheck']
- else
- addService(hosts, service, files, config['servers'])
- end
-}
-
-
-
-##############
-# SERVICEGROUPS
-##############
-config['servicegroups'].each_pair{ |name, sg|
- set_complain_if_set sg, 'servicegroup_name', name , 'Servicegroup', name
-
- print_block files['servicegroups'], 'servicegroup', sg, %w()
-}
-
-
-##############
-# NRPE config file
-##############
-$nrpe.checks.each_pair{ |name, check|
- files['nrpe'].puts "command[#{ name }]=#{ check }"
-}
-
-
+++ /dev/null
-# if you read this in /etc/nagios-plugins/config/local-dsa-checkcommands.cfg
-# please note: this file is maintained in bzr and overwritten in the
-# make install target
-#
-# edit the copy in bzr instead, see /etc/nagios3/README-DSA
-#
-define command {
- command_name dsa_check_nrpe
- command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $HOSTADDRESS$ -t 50 -c $ARG1$
-}
-define command {
- command_name dsa_check_nrpe_host
- command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $ARG1$ -c $ARG2$
-}
-define command{
- command_name dsa_check_cert
- command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -p $ARG1$ -S -C 14
-}
-define command{
- command_name dsa_check_http_port
- command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$ -p $ARG1$
-}
-define command{
- command_name dsa_check_smtp
- command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$
-}
-define command{
- command_name dsa_check_smtp_port
- command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p $ARG1$
-}
-define command{
- command_name dsa_check_ssh
- command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$
-}
-define command{
- command_name dsa_check_ssh_port
- command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$
-}
-define command{
- command_name dsa_check_ssh_port_version
- command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$ -r "$ARG2$"
-}
-define command{
- command_name dsa_check_time
- command_line /usr/lib/nagios/plugins/check_time -w 5 -c 60 -H $HOSTADDRESS$
-}
-define command{
- command_name dsa_check_mirrorsync
- command_line /usr/lib/nagios/plugins/dsa-check-mirrorsync --host "$ARG1$" --path "$ARG2$"
-}
-define command{
- command_name dsa_check_soas
- command_line /usr/lib/nagios/plugins/dsa-check-soas "$ARG1$"
-}
-define command{
- command_name dsa_check_soas_add
- command_line /usr/lib/nagios/plugins/dsa-check-soas -a "$ARG1$" "$ARG2$"
-}
-define command{
- command_name dsa_check_always_ok
- command_line /bin/true
-}
--- /dev/null
+#!/usr/bin/ruby
+
+# build nagios and nrpe config from a single master config file
+
+# Copyright (c) 2004, 2005, 2006, 2007, 2008, 2009 Peter Palfrader <peter@palfrader.org>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+require "yaml"
+
+ORG="dsa"
+SHORTORG="dsa"
+GENERATED_PREFIX="./generated/"
+
+nagios_filename = {};
+%w(hosts hostgroups services dependencies hostextinfo serviceextinfo servicegroups).each{
+ |x| nagios_filename[x] = GENERATED_PREFIX+"auto-#{x}.cfg"
+}
+nagios_filename['nrpe'] = GENERATED_PREFIX+"nrpe_#{ ORG }.cfg"
+
+
+MAX_CHECK_ATTEMPTS_DEFAULT=6
+
+NRPE_CHECKNAME="#{ ORG }_check_nrpe" # check that takes one argument: service name to be checked
+NRPE_CHECKNAME_HOST="#{ ORG }_check_nrpe_host" # check that takes two arguments: relay host on which to run check, service name to be checked
+
+HOST_TEMPLATE_NAME='generic-host' # host templates that all our host definitions use
+SERVICE_TEMPLATE_NAME='generic-service' # host templates that all our host definitions use
+HOST_ALIVE_CHECK='check-host-alive' # host alive check if server is pingable
+NRPE_PROCESS_SERVICE='process - nrpe' # nrpe checks will depend on this one
+
+
+def warn (msg)
+ STDERR.puts msg
+end
+def set_if_unset(hash, key, value)
+ hash[key] = value unless hash.has_key?(key)
+end
+def set_complain_if_set(hash, key, value, type, name)
+ throw "#{type} definition '#{name}' has '#{key}' already defined" if hash.has_key?(key)
+ hash[key] = value
+end
+
+# Make an array out of something. If there is nothing, create an empty array
+# if it is just a string, make a list with just that element, if it already is
+# an array keep it.
+def ensure_array(something)
+ if (something == nil)
+ result = []
+ elsif something.kind_of?(String)
+ result = [ something ]
+ elsif something.kind_of?(Array)
+ result = something
+ else
+ throw "Do now know how to make an array out of #{something}: " + something.to_yaml
+ end
+ return result
+end
+
+
+# This class keeps track of the checks done via NRPE and makes sure
+# each gets a unique name.
+#
+# Unforutunately NRPE limits check names to some 30 characters, so
+# we need to mangle service names near the end.
+class Nrpe
+ def initialize
+ @checks = {}
+ end
+
+ def make_name( name, check )
+ name = name.tr_s("^a-zA-Z", "_").gsub("process", "ps")
+
+ result = "#{ SHORTORG }_" + name[0,19]
+
+ hash = ''
+ skew = ''
+ while (@checks.has_key?(result + hash))
+ # hash it, so that we don't lose uniqeness by cutting it off
+ hash = (check+skew).crypt("$1$")
+ hash = hash[-5,5] # 5 chars are enough
+ hash.tr!("/", "_")
+ skew += ' ' # change it a bit so the hash changes
+ end
+ result += hash
+ return result # max of 32 or so chars
+ end
+
+ def add( name, check )
+ if @checks.has_value? check
+ @checks.each_pair{ |key, value|
+ return key if value == check
+ }
+ end
+ key = make_name(name, check)
+ @checks[ key ] = check
+ return key
+ end
+
+ def checks
+ return @checks
+ end
+end
+$nrpe = Nrpe.new()
+
+
+# Prints the keys and values of hash to a file
+# This is the function that prints the bodies of most our
+# host/service/etc definitions
+#
+# It skips over such keys as are listed in exclude_keys
+# and also skips private keys (those starting with an underscre)
+def print_block(fd, kind, hash, exclude_keys)
+ fd.puts "define #{kind} {"
+ hash.each_pair{ |key, value|
+ next if key[0,1] == '_'
+ next if exclude_keys.include? key
+ fd.puts " #{key} #{value}"
+ }
+ fd.puts "}"
+ fd.puts
+end
+
+def merge_contacts(host, service)
+ %w{contacts contact_groups}.each{ |k|
+ contacts = []
+ [host, service].each{ |source|
+ contacts.push source[k] if source.has_key?(k)
+ }
+ service[k] = contacts.join(",") unless contacts.empty?
+ }
+end
+
+# Add the service definition service to hosts
+# f is the file for service definitions, deps the file for dependencies
+def addService(hosts, service, files, servers)
+
+ set_if_unset service, 'use' , SERVICE_TEMPLATE_NAME
+ set_if_unset service, 'max_check_attempts', MAX_CHECK_ATTEMPTS_DEFAULT
+
+ service['max_check_attempts'] = MAX_CHECK_ATTEMPTS_DEFAULT + service['max_check_attempts'] if service['max_check_attempts'] < 0
+
+ if service['nrpe']
+ throw "We already have a check_command (#{service['check_command']}) but we are in the NRPE block (nrpe: #{service['nrpe']})."+
+ " This should have been caught much earlier" if service.has_key?('check_command');
+
+ check = $nrpe.add(service['service_description'], service['nrpe'])
+ service['check_command'] = "#{ NRPE_CHECKNAME }!#{ check }"
+
+ service['depends'] = ensure_array( service['depends'] )
+ service['depends'] << NRPE_PROCESS_SERVICE unless service['service_description'] == NRPE_PROCESS_SERVICE # Depend on NRPE unless we are it
+ end
+
+ hosts.each{ |host|
+ s = service.clone
+ set_complain_if_set s, 'host_name', host, 'Service', s['service_description']
+ merge_contacts(servers[host], s)
+
+ print_block files['services'], 'service', s, %w(nrpe runfrom remotecheck
+ depends
+ hosts hostgroups excludehosts excludehostgroups)
+ }
+
+ if service['depends']
+ service['depends'].each{ |prerequisite|
+ hosts.each{ |host|
+ prerequisite_host = host
+ pre = prerequisite
+ # split off a hostname if there's one
+ bananasplit = prerequisite.split(':')
+ if bananasplit.size == 2
+ prerequisite_host = bananasplit[0]
+ pre = bananasplit[1]
+ elsif bananasplit.size > 2
+ throw "Cannot prase prerequisite #{prerequisite} for service #{service['service_description']} into host:service"
+ end
+ dependency = {
+ 'host_name' => prerequisite_host,
+ 'service_description' => pre,
+ 'dependent_host_name' => host,
+ 'dependent_service_description' => service['service_description'],
+ 'execution_failure_criteria' => 'n',
+ 'notification_failure_criteria' => 'w,u,c'
+ };
+ print_block files['dependencies'], 'servicedependency', dependency, %w()
+ }
+ }
+ end
+
+
+ set_complain_if_set service['_extinfo'], 'service_description' , service['service_description'], 'serviceextinfo', service['service_description']
+ set_complain_if_set service['_extinfo'], 'host_name' , hosts.join(',') , 'serviceextinfo', service['service_description']
+
+ print_block files['serviceextinfo'], 'serviceextinfo', service['_extinfo'], %w()
+end
+
+# hostlists in services can be given as both, single hosts and hostgroups
+# This functinn merges hostgroups and a simple list of hosts
+#
+# it also takes a prefix so that it can be used for excludelists as well
+def merge_hosts_and_hostgroups(service, servers, hostgroups, prefix)
+ hosts = []
+ hosts = service[prefix+'hosts'].split(/,/).map{ |x| x.strip } if service[prefix+'hosts']
+ hosts.each{ |host|
+ throw "host #{host} does not exist - used in service #{service['service_description']}" unless servers[host]
+ };
+ if service[prefix+'hostgroups']
+ service[prefix+'hostgroups'].split(/,/).map{ |x| x.strip }.each{ |hg|
+ throw "hostgroup #{hg} does not exist - used in service #{service['service_description']}" unless hostgroups[hg]
+ hosts = hosts.concat hostgroups[hg]['_memberlist']
+ }
+ end
+
+ return hosts
+end
+
+# Figure out the hosts a given service applies to
+#
+# For a given service find the list of hosts minus excluded hosts that this service runs on
+def find_hosts(service, servers, hostgroups)
+ hosts = merge_hosts_and_hostgroups service, servers, hostgroups, ''
+ excludehosts = merge_hosts_and_hostgroups service, servers, hostgroups, 'exclude'
+
+ excludehosts.each{ |host|
+ if hosts.delete(host) == nil
+ throw "Cannot remove host #{host} from service #{service['service_description']}: it's not included anyway or excluded twice."
+ end
+ }
+
+ return hosts
+end
+
+# Move all elements that have a key that starts with "extinfo-"
+# into the _extinfo subhash
+def split_away_extinfo(hash)
+ hash['_extinfo'] = {}
+ hash.keys.each{ |key|
+ if key[0, 8] == 'extinfo-'
+ hash['_extinfo'][ key[8, key.length-8] ] = hash[key]
+ hash.delete(key);
+ end
+ }
+end
+
+
+#############################################################################################
+#############################################################################################
+#############################################################################################
+
+# Load the config
+config = YAML::load( File.open( 'nagios-master.cfg' ) )
+
+files = {}
+# Remove old created files
+nagios_filename.each_pair{ |name, filename|
+ files[name] = File.new(filename, "w")
+}
+
+#################################
+# create a few hostgroups
+#################################
+# create the "all" and "pingable" hostgroups
+config['hostgroups']['all'] = {}
+config['hostgroups']['all']['alias'] = "all servers"
+config['hostgroups']['all']['private'] = true
+config['hostgroups']['pingable'] = {}
+config['hostgroups']['pingable']['alias'] = "pingable servers"
+config['hostgroups']['pingable']['private'] = true
+
+config['hostgroups'].each_pair{ |name, hg|
+ throw "Empty hostgroup or hostgroup #{name} not a hash" unless hg.kind_of?(Hash)
+ split_away_extinfo hg
+
+ hg['_memberlist'] = []
+}
+
+config['servers'].each_pair{ |name, server|
+ throw "Empty server or server #{name} not a hash" unless server.kind_of?(Hash)
+
+ split_away_extinfo server
+
+ throw "No hostgroups defined for #{name}" unless server['hostgroups']
+ server['_hostgroups'] = server['hostgroups'].split(/,/).map{ |x| x.strip };
+ server['_hostgroups'] << 'all'
+ server['_hostgroups'] << 'pingable' unless server['pingable'] == false
+
+ server['_hostgroups'].each{ |hg|
+ throw "Hostgroup #{hg} is not defined" unless config['hostgroups'].has_key?(hg)
+ config['hostgroups'][hg]['_memberlist'] << name
+ };
+}
+
+config['servicegroups'] = {} unless config.has_key? 'servicegroups'
+
+##############
+# HOSTS
+##############
+config['servers'].each_pair{ |name, server|
+ # Formerly we used 'ip' instead of 'address' in our source file
+ # Handle this change but warn XXX
+ if server.has_key?('ip')
+ STDERR.puts("Host definition for #{name} has an 'ip' field. Please use 'address' instead");
+ server['address'] = server['ip'];
+ server.delete('ip');
+ end
+
+ set_complain_if_set server, 'host_name' , name, 'Host', name
+ set_if_unset server, 'alias' , name
+ set_if_unset server, 'use' , HOST_TEMPLATE_NAME
+ set_if_unset server, 'check_command', HOST_ALIVE_CHECK unless server['pingable'] == false
+
+ print_block files['hosts'] , 'host' , server , %w(hostgroups pingable)
+
+
+
+ # Handle hostextinfo
+ #config['hostgroups'][ server['_hostgroups'].first ]['_extinfo'].each_pair{ |k, v|
+ # find the first hostgroup that has extinfo
+ extinfo = server['_hostgroups'].collect{ |hgname | config['hostgroups'][hgname]['_extinfo'] }.delete_if{ |ei| ei.size == 0 }.first
+ if extinfo then
+ extinfo.each_pair do |k, v|
+ # substitute hostname into the notes_url
+ v = sprintf(v,name) if k == 'notes_url'
+
+ set_if_unset server['_extinfo'], k ,v
+ end
+ end
+
+ set_complain_if_set server['_extinfo'], 'host_name' , name, 'hostextinfo', name
+ set_if_unset server['_extinfo'], 'vrml_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image')
+ set_if_unset server['_extinfo'], 'statusmap_image' , server['_extinfo']['icon_image'] if server['_extinfo'].has_key?('icon_image')
+
+ print_block files['hostextinfo'], 'hostextinfo', server['_extinfo'], %w()
+}
+
+
+
+##############
+# HOSTGROUPS
+##############
+config['hostgroups'].each_pair{ |name, hg|
+ next if hg['private']
+
+ set_complain_if_set hg, 'hostgroup_name', name , 'Hostgroup', name
+ set_complain_if_set hg, 'members' , hg['_memberlist'].join(","), 'Hostgroup', name
+
+ print_block files['hostgroups'], 'hostgroup', hg, %w()
+}
+
+
+##############
+# SERVICES and DEPENDENCIES
+##############
+config['services'].each{ |service|
+ throw "Empty service or service not a hash" unless service.kind_of?(Hash)
+
+ split_away_extinfo service
+
+
+ # Both 'name' and 'service_description' are valid for a service's name
+ # Internally we only use service_description as that's nagios' official term
+ if service.has_key?('name')
+ throw "Service definition has both a name (#{service['name']})" +
+ "and a service_description (#{service['service_description']})" if service.has_key?('service_description')
+ #STDERR.puts("Service definition #{service['name']} has a 'name' field. Please use 'service_description' instead");
+ service['service_description'] = service['name'];
+ service.delete('name');
+ end
+ # Both 'check' and 'check_command' are valid for a service's check command
+ # Internally we only use check_command as that's nagios' official term
+ if service.has_key?('check')
+ throw "Service definition has both a check (#{service['check']})" +
+ "and a check_command (#{service['check_command']})" if service.has_key?('check_command')
+ #STDERR.puts("Service definition #{service['service_description']} has a 'check' field. Please use 'check_command' instead");
+ service['check_command'] = service['check'];
+ service.delete('check');
+ end
+
+
+ hosts = find_hosts service, config['servers'], config['hostgroups']
+ throw "no hosts for service #{service['service_description']}" if hosts.empty?
+
+ throw "nrpe, check, and remotecheck are mutually exclusive in service #{service['service_description']}" if
+ (service['nrpe'] ? 1 : 0) +
+ (service['check_command'] ? 1 : 0) +
+ (service['remotecheck'] ? 1 : 0) >= 2
+
+ if service['runfrom'] && service['remotecheck']
+ # If the service check is to be run from a remote monitor server ("relay")
+ # add that as an NRPE check to be run on the relay and make this
+ # service also depend on NRPE on the relay
+ relay = service['runfrom']
+
+ hosts.each{ |host|
+ # how to recursively copy this thing?
+ hostservice = YAML::load( service.to_yaml )
+ host_ip = config['servers'][host]['address']
+ throw "For some reason I do not have an address for #{host}. This shouldn't be." unless host_ip
+
+ remotecheck = hostservice['remotecheck']
+ remotecheck.gsub!(/\$HOSTADDRESS\$/, host_ip)
+ remotecheck.gsub!(/\$HOSTNAME\$/, host)
+ check = $nrpe.add("#{host}_#{hostservice['service_description']}", remotecheck)
+ hostservice['check_command'] = "#{NRPE_CHECKNAME_HOST}!#{ config['servers'][ relay ]['address'] }!#{ check }"
+
+ # Make sure dependencies are an array. If there are none, create an empty array
+ # if depends is just a string, make a list with just that element
+ hostservice['depends'] = ensure_array( hostservice['depends'] )
+ # And append this new dependency
+ hostservice['depends'] << "#{ relay }:#{ NRPE_PROCESS_SERVICE }";
+
+ addService( [ host ], hostservice, files, config['servers'])
+ }
+ elsif service['runfrom'] || service['remotecheck']
+ throw "runfrom and remotecheck must either appear both or not at all in service #{service['service_description']}"
+ throw "must not remotecheck without runfrom" if service['remotecheck']
+ else
+ addService(hosts, service, files, config['servers'])
+ end
+}
+
+
+
+##############
+# SERVICEGROUPS
+##############
+config['servicegroups'].each_pair{ |name, sg|
+ set_complain_if_set sg, 'servicegroup_name', name , 'Servicegroup', name
+
+ print_block files['servicegroups'], 'servicegroup', sg, %w()
+}
+
+
+##############
+# NRPE config file
+##############
+$nrpe.checks.each_pair{ |name, check|
+ files['nrpe'].puts "command[#{ name }]=#{ check }"
+}
+
+
--- /dev/null
+# if you read this in /etc/nagios-plugins/config/local-dsa-checkcommands.cfg
+# please note: this file is maintained in bzr and overwritten in the
+# make install target
+#
+# edit the copy in bzr instead, see /etc/nagios3/README-DSA
+#
+define command {
+ command_name dsa_check_nrpe
+ command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $HOSTADDRESS$ -t 50 -c $ARG1$
+}
+define command {
+ command_name dsa_check_nrpe_host
+ command_line /usr/lib/nagios/plugins/check_nrpe --no-ssl -H $ARG1$ -c $ARG2$
+}
+define command{
+ command_name dsa_check_cert
+ command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -p $ARG1$ -S -C 14
+}
+define command{
+ command_name dsa_check_http_port
+ command_line /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -I $HOSTADDRESS$ -p $ARG1$
+}
+define command{
+ command_name dsa_check_smtp
+ command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$
+}
+define command{
+ command_name dsa_check_smtp_port
+ command_line /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p $ARG1$
+}
+define command{
+ command_name dsa_check_ssh
+ command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$
+}
+define command{
+ command_name dsa_check_ssh_port
+ command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$
+}
+define command{
+ command_name dsa_check_ssh_port_version
+ command_line /usr/lib/nagios/plugins/check_ssh -t 40 -H $HOSTADDRESS$ -p $ARG1$ -r "$ARG2$"
+}
+define command{
+ command_name dsa_check_time
+ command_line /usr/lib/nagios/plugins/check_time -w 5 -c 60 -H $HOSTADDRESS$
+}
+define command{
+ command_name dsa_check_mirrorsync
+ command_line /usr/lib/nagios/plugins/dsa-check-mirrorsync --host "$ARG1$" --path "$ARG2$"
+}
+define command{
+ command_name dsa_check_soas
+ command_line /usr/lib/nagios/plugins/dsa-check-soas "$ARG1$"
+}
+define command{
+ command_name dsa_check_soas_add
+ command_line /usr/lib/nagios/plugins/dsa-check-soas -a "$ARG1$" "$ARG2$"
+}
+define command{
+ command_name dsa_check_always_ok
+ command_line /bin/true
+}
--- /dev/null
+define contact{
+ contact_name weasel
+ alias Peter Palfrader
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email debian-nagios@palfrader.org
+ }
+
+define contact{
+ contact_name joerg
+ alias Joerg Jaspert
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email debiannagios@ganneff.de
+ }
+
+define contact{
+ contact_name tjrc1
+ alias Tim Cutts
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email tjrc@sanger.ac.uk
+ }
+
+define contact{
+ contact_name holger
+ alias Holger Levsen
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email holger@layer-acht.org
+ }
+
+define contact{
+ contact_name dannf
+ alias Dann Frazier
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email dannf@hp.com
+ }
+
+define contact{
+ contact_name bzed
+ alias Bernd Zeimetz
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email bernd+debnagios@bzed.de
+ }
+
+define contact{
+ contact_name luk
+ alias Luk Claes
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email luk.claes@ugent.be
+ }
+
+define contact{
+ contact_name sfrost
+ alias Stephen Frost
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email sfrost@snowman.net
+ }
+
+define contact{
+ contact_name lfilipoz
+ alias Luca Filipozzi
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email lucaf+dsa@ece.ubc.ca
+ }
+
+define contact{
+ contact_name zobel
+ alias Martin Zobel-Helas
+ service_notification_period 24x7
+ host_notification_period 24x7
+ service_notification_options w,u,c,r
+ host_notification_options d,r
+ service_notification_commands notify-service-by-email
+ host_notification_commands notify-host-by-email
+ email zobel+debian-nagios@ftbfs.de
+ }
+
+###############################################################################
+###############################################################################
+#
+# CONTACT GROUPS
+#
+###############################################################################
+###############################################################################
+
+# We only have one contact in this simple configuration file, so there is
+# no need to create more than one contact group.
+
+define contactgroup{
+ contactgroup_name dsa
+ alias Debian System Administrators
+ members weasel, zobel
+ }
--- /dev/null
+# Generic host definition template - This is NOT a real host, just a template!
+
+define host{
+ name generic-host ; The name of this host template
+ notifications_enabled 1 ; Host notifications are enabled
+ event_handler_enabled 1 ; Host event handler is enabled
+ flap_detection_enabled 1 ; Flap detection is enabled
+ failure_prediction_enabled 1 ; Failure prediction is enabled
+ process_perf_data 1 ; Process performance data
+ retain_status_information 1 ; Retain status information across program restarts
+ retain_nonstatus_information 1 ; Retain non-status information across program restarts
+ check_command check-host-alive
+ max_check_attempts 10
+ notification_interval 1440
+ notification_period 24x7
+ notification_options d,u,r
+ contact_groups dsa
+ register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
+ }
--- /dev/null
+# generic service template definition
+define service{
+ name generic-service ; The 'name' of this service template
+ active_checks_enabled 1 ; Active service checks are enabled
+ passive_checks_enabled 1 ; Passive service checks are enabled/accepted
+ parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
+ obsess_over_service 1 ; We should obsess over this service (if necessary)
+ check_freshness 0 ; Default is to NOT check service 'freshness'
+ notifications_enabled 1 ; Service notifications are enabled
+ event_handler_enabled 1 ; Service event handler is enabled
+ flap_detection_enabled 1 ; Flap detection is enabled
+ failure_prediction_enabled 1 ; Failure prediction is enabled
+ process_perf_data 1 ; Process performance data
+ retain_status_information 1 ; Retain status information across program restarts
+ retain_nonstatus_information 1 ; Retain non-status information across program restarts
+ notification_interval 0 ; Only send notifications on status change by default.
+ is_volatile 0
+ check_period 24x7
+ normal_check_interval 15
+ retry_check_interval 2
+ max_check_attempts 6
+ notification_period 24x7
+ notification_options w,u,c,r
+ contact_groups dsa
+ register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
+ }
--- /dev/null
+###############################################################################
+# timeperiods.cfg
+###############################################################################
+
+# This defines a timeperiod where all times are valid for checks,
+# notifications, etc. The classic "24x7" support nightmare. :-)
+
+define timeperiod{
+ timeperiod_name 24x7
+ alias 24 Hours A Day, 7 Days A Week
+ sunday 00:00-24:00
+ monday 00:00-24:00
+ tuesday 00:00-24:00
+ wednesday 00:00-24:00
+ thursday 00:00-24:00
+ friday 00:00-24:00
+ saturday 00:00-24:00
+ }
+
+# This one is a favorite: never :)
+define timeperiod{
+ timeperiod_name never
+ alias Never
+ }
--- /dev/null
+# Non comment lines are YAML
+#
+# Strings ought to be in double quotes, but it works in most cases if they aren't :)
+#
+# vim:set syntax=yaml:
+
+# TODO
+# - spohr: hpasmd
+# - *: mailq
+# - *: check munin stats collection works
+# - *: check backups are successful
+# - *: unwanted: network: auth, discard, daytime, time (on some), cvs-pserver, rsync (on some), ftp (on some), http (on some)
+# - verdi: pg upgrade, openvpn
+# - mundy: salinfo_decode
+
+# down:
+# - sarti
+# - leisner
+
+---
+#############################
+# hosts
+#############################
+servers:
+ gw-man-da:
+ address: 82.195.75.126
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ contacts: joerg, bzed
+ gw-HP-ftc:
+ address: 192.25.206.1
+ parents: samosa
+ hostgroups: routing-infrastructure
+ gw-brainfood:
+ address: 70.103.162.1
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-brown.edu:
+ address: 128.148.34.1
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-osuosl:
+ address: 140.211.166.1
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-scanplus-villa:
+ address: 212.211.132.1
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-scanplus-lobos:
+ address: 212.211.132.249
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-mit-csail:
+ address: 128.30.0.254
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-xs4all:
+ address: 194.109.137.217
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-umn.edu:
+ address: 128.101.240.222
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-dg-i.net:
+ address: 93.94.130.190
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ contacts: bzed
+ gw-freenet:
+ address: 62.104.23.249
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-topalis:
+ address: 195.243.109.254
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-sanger:
+ address: 193.62.202.18
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ contacts: tjrc1
+ gw-lrz:
+ address: 129.187.0.150
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-frost:
+ address: 130.81.242.195
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-1und1:
+ address: 195.20.247.54
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ contacts: joerg
+ gw-1und1-karlsruhe:
+ address: 212.227.120.29
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-blackcat:
+ address: 193.201.200.129
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-xandros:
+ address: 67.210.160.81
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-nmmn:
+ address: 217.114.76.81
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-utwente:
+ address: 130.89.149.1
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ #gw-ughent:
+ # address: 157.193.39.254
+ # parents: gw-HP-ftc
+ # hostgroups: routing-infrastructure
+ gw-agnesi:
+ address: 65.173.90.18
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-ubc:
+ address: 137.82.84.94
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ contacts: lfilipoz
+ gw-carnet:
+ address: 161.53.160.1
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-telegraaf:
+ address: 82.94.249.153
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-helsinki:
+ address: 128.214.173.25
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ contacts: holger
+ gw-telefonica:
+ address: 195.71.99.193
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-ball:
+ address: 78.32.9.209
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-cst:
+ address: 213.188.99.215
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-isc:
+ address: 149.20.20.1
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+ gw-aca:
+ address: 130.239.18.97
+ parents: gw-HP-ftc
+ hostgroups: routing-infrastructure
+
+ global:
+ hostgroups: notacomputer
+ pingable: false
+ check_command: dsa_check_always_ok
+
+ samosa:
+ address: 192.25.206.57
+ hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, heavy-exim, lenny, puppet
+ raff:
+ address: 192.25.206.59
+ parents: samosa
+ hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, rsyncd-hosts, heavy-exim, ulogd-hosts, nfs-client, lenny, puppet
+ gluck:
+ address: 192.25.206.10
+ parents: samosa
+ hostgroups: computers, no-udev, general, dl380, apache2-hosts, bind9-hosts, heavy-exim, highload, nfs-client, ulogd-hosts, lenny, puppet
+ merkel:
+ address: 192.25.206.16
+ parents: samosa
+ hostgroups: computers, general, apache1-hosts, apache2-hosts, rsyncd-hosts, sw-raid, postgres81-hosts, heavy-exim, nfs-client, ulogd-hosts, lenny, puppet
+ spohr:
+ address: 192.25.206.33
+ parents: samosa
+ hostgroups: computers, service, dl380, apache2-hosts, postgres83-hosts, ulogd-hosts, nfs-server, lenny, puppet
+ peri:
+ address: 192.25.206.15
+ parents: samosa
+ hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet
+ contacts: dannf
+ penalosa:
+ address: 192.25.206.68
+ parents: samosa
+ hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet
+ contacts: dannf
+ mundy:
+ address: 192.25.206.62
+ parents: samosa
+ hostgroups: computers, buildd, lenny, puppet
+ paer:
+ address: 192.25.206.11
+ parents: samosa
+ hostgroups: computers, porterbox, lenny, hasbootfs, puppet
+ merulo:
+ address: 192.25.206.58
+ parents: samosa
+ hostgroups: computers, porterbox, lenny, puppet
+
+ bartok:
+ address: 82.195.75.91
+ parents: gw-man-da
+ hostgroups: computers, service, dl385, bind9-hosts, lenny, puppet
+ contacts: joerg, bzed
+ morales:
+ address: 82.195.75.97
+ parents: gw-man-da
+ hostgroups: computers, porterbox, single-cpu, no-samhain, hasbootfs
+ contacts: bzed
+ sperger:
+ address: 82.195.75.98
+ parents: gw-man-da
+ hostgroups: computers, porterbox, sw-raid, hasbootfs, lenny, puppet
+ contacts: bzed
+ agricola:
+ address: 82.195.75.86
+ parents: gw-man-da
+ hostgroups: computers, porterbox, sw-raid, single-cpu, lenny, puppet
+ contacts: bzed
+ arcadelt:
+ address: 82.195.75.87
+ parents: gw-man-da
+ hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet
+ contacts: bzed
+ liszt:
+ address: 82.195.75.100
+ parents: gw-man-da
+ hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts, dl385, acpid-hosts
+ contacts: bzed
+# auber:
+# address: 82.195.75.101
+# parents: gw-man-da
+# hostgroups: computers, no-udev, buildd, sw-raid
+# contacts: bzed
+ unger:
+ address: 82.195.75.102
+ parents: gw-man-da
+ hostgroups: computers, service, dl360, rsyslog-hosts, acpid-hosts, lenny, puppet
+ handel:
+ address: 82.195.75.104
+ parents: unger
+ hostgroups: computers, service, rsyslog-hosts, acpid-hosts, lenny, hasbootfs, puppet
+
+ geo1:
+ address: 82.195.75.105
+ parents: unger
+ hostgroups: computers, service, acpid-hosts, lenny, hasbootfs, puppet
+
+ master:
+ address: 70.103.162.29
+ parents: gw-brainfood
+ hostgroups: computers, general, apache2-hosts, bind9-hosts, heavy-exim, highload, lenny, puppet
+ murphy:
+ address: 70.103.162.31
+ parents: gw-brainfood
+ hostgroups: computers, general, postfix-hosts, dl380, acpid-hosts, lenny, puppet
+
+ ries:
+ address: 128.148.34.103
+ parents: gw-brown.edu
+ hostgroups: computers, service, apache2-hosts, bind9-hosts, ftpd-hosts, dl385, rsyncd-hosts, postgres83-hosts, heavy-exim, acpid-hosts, lenny, puppet
+
+ mayer:
+ address: 140.211.166.78
+ parents: gw-osuosl
+ hostgroups: computers, buildd, hasbootfs, lenny, puppet
+ mayr:
+ address: 140.211.166.58
+ parents: gw-osuosl
+ hostgroups: computers, buildd, hasbootfs, lenny, puppet
+ malo:
+ address: 140.211.166.27
+ parents: gw-osuosl
+ hostgroups: computers, buildd, lenny, puppet, smart
+ rietz:
+ address: 140.211.166.43
+ parents: gw-osuosl
+ hostgroups: computers, no-udev, service, apache2-hosts, bind9-hosts, rsyncd-hosts, dl385, heavy-exim, highload, hasbootfs
+ rietz2:
+ address: 140.211.166.44
+ parents: rietz
+ hostgroups: secondary-IPs
+
+ villa:
+ address: 212.211.132.32
+ parents: gw-scanplus-villa
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet
+ lobos:
+ address: 212.211.132.250
+ parents: gw-scanplus-lobos
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet
+
+ steffani:
+ address: 128.31.0.36
+ parents: gw-mit-csail
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, sw-raid, bind9-hosts, acpid-hosts, hasbootfs, lenny, puppet
+ mahler:
+ address: 128.31.0.46
+ parents: gw-mit-csail
+ hostgroups: computers, single-cpu, lenny, porterbox, rsyslog-hosts, puppet
+
+ klecker:
+ address: 194.109.137.218
+ parents: gw-xs4all
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, bind9-hosts, dl385, postgres83-hosts, heavy-exim, lenny, puppet
+
+ saens:
+ address: 128.101.240.212
+ parents: gw-umn.edu
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet
+
+ argento:
+ address: 93.94.130.160
+ parents: gw-dg-i.net
+ hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet
+ contacts: bzed
+
+ widor:
+ address: 93.94.130.161
+ parents: gw-dg-i.net
+ hostgroups: computers, apache2-hosts, sw-raid, single-cpu, lenny, puppet, rsyslog-hosts, acpid-hosts
+ contacts: bzed
+
+ pergolesi:
+ address: 62.104.23.252
+ parents: gw-freenet
+ hostgroups: computers, porterbox, sw-raid, lenny, puppet
+
+ raptor:
+ address: 195.243.109.162
+ parents: gw-topalis
+ hostgroups: computers, porterbox, postfix-hosts, lenny
+
+ albeniz:
+ address: 193.62.202.27
+ parents: gw-sanger
+ # SMP kernel doesn't run stable
+ hostgroups: computers, porterbox, sw-raid, single-cpu, hasbootfs, lenny, puppet
+ contacts: tjrc1
+ goetz:
+ address: 193.62.202.26
+ parents: gw-sanger
+ # SMP kernel doesn't run stable
+ hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet
+ contacts: tjrc1
+ smetana:
+ address: 193.62.202.29
+ parents: gw-sanger
+ hostgroups: computers, porterbox, sw-raid, lenny, puppet
+ contacts: tjrc1
+
+ verdi:
+ address: 192.54.42.193
+ parents: gw-lrz
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, postgres81-hosts, postfix-hosts
+
+ voltaire:
+ address: 72.66.115.54
+ parents: gw-frost
+ hostgroups: computers, buildd, puppet, lenny
+ contacts: sfrost
+
+ puccini:
+ address: 87.106.4.56
+ parents: gw-1und1
+ hostgroups: computers, buildd, lenny, rsyslog-hosts, ulogd-hosts, puppet
+ contacts: joerg
+ powell:
+ address: 87.106.64.223
+ parents: gw-1und1
+ hostgroups: computers, service, heavy-exim, rsyncd-hosts, ulogd-hosts, acpid-hosts, lenny, puppet
+ contacts: joerg
+
+ schumann:
+ address: 212.227.126.54
+ parents: gw-1und1-karlsruhe
+ hostgroups: computers, acpid-hosts, ulogd-hosts, lenny, puppet
+ wieck:
+ address: 195.20.242.89
+ parents: gw-1und1-karlsruhe
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, ulogd-hosts, lenny, puppet
+ chopin:
+ address: 195.20.242.124
+ parents: schumann
+ hostgroups: computers, ulogd-hosts, lenny, puppet, rsyslog-hosts
+
+ caballero:
+ address: 193.201.200.200
+ parents: gw-blackcat
+ hostgroups: computers, no-udev, buildd, sw-raid, lenny, puppet
+
+ elara:
+ address: 67.210.160.90
+ parents: gw-xandros
+ hostgroups: deadslow
+ europa:
+ address: 67.210.160.89
+ parents: gw-xandros
+ hostgroups: deadslow
+
+ kullervo:
+ address: 217.114.76.82
+ parents: gw-nmmn
+ hostgroups: deadslow
+ contacts: luk
+ crest:
+ address: 217.114.76.83
+ parents: gw-nmmn
+ hostgroups: deadslow
+ contacts: luk
+ pescetti:
+ address: 217.114.76.85
+ parents: gw-nmmn
+ hostgroups: computers, porterbox, single-cpu, smart, lenny, puppet
+
+ kassia:
+ address: 130.89.149.224
+ parents: gw-utwente
+ hostgroups: computers, service, postfix-hosts, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl360, acpid-hosts, ulogd-hosts, lenny, puppet
+ kassia-sec:
+ address: 130.89.149.225
+ parents: kassia
+ hostgroups: secondary-IPs
+ kassia-ftp:
+ address: 130.89.149.226
+ parents: kassia
+ hostgroups: secondary-IPs
+ kassia4:
+ address: 130.89.149.227
+ parents: kassia
+ hostgroups: secondary-IPs
+
+ allegri:
+ address: 157.193.39.233
+ parents: gw-HP-ftc
+ hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu, lenny, puppet
+ contacts: luk
+
+ agnesi:
+ address: 65.173.90.83
+ parents: gw-agnesi
+ hostgroups: deadslow, lenny
+
+ spontini:
+ address: 137.82.84.65
+ parents: gw-ubc
+ hostgroups: computers, buildd, hasbootfs, lenny, puppet
+ contacts: lfilipoz
+ ravel:
+ address: 137.82.84.66
+ parents: gw-ubc
+ hostgroups: computers, general, dl385, apache2-hosts, acpid-hosts, ftpd-hosts, hasbootfs, lenny, puppet
+ dijkstra:
+ address: 137.82.84.70
+ parents: gw-ubc
+ hostgroups: computers, bl460, rsyslog-hosts, acpid-hosts, lenny, puppet
+
+ lebrun:
+ address: 193.198.184.10
+ parents: gw-carnet
+ hostgroups: computers, buildd, sw-raid, lenny, rsyslog-hosts, puppet
+ schroeder:
+ address: 193.198.184.11
+ parents: gw-carnet
+ hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet
+
+ tartini:
+ address: 82.94.249.158
+ parents: gw-telegraaf
+ hostgroups: computers, sw-raid, apache2-hosts, mysql-hosts, hasbootfs
+
+ piatti:
+ address: 193.167.161.225
+ parents: gw-helsinki
+ hostgroups: computers, postfix-hosts, dl385, ulogd-hosts, acpid-hosts, apache2-hosts, postgres83-hosts, lenny, hasbootfs, puppet
+ contacts: holger
+
+ rem:
+ address: 195.71.99.217
+ parents: gw-telefonica
+ hostgroups: computers, buildd, hasbootfs, lenny, puppet
+
+ ball:
+ address: 78.32.9.213
+ parents: gw-ball
+ hostgroups: computers, buildd, no-udev, dialup, hasbootfs, lenny, puppet
+
+ zelenka:
+ address: 80.245.147.40
+ parents: gw-HP-ftc
+ hostgroups: computers, porterbox, lenny, puppet
+
+ escher:
+ address: 213.188.99.215
+ parents: gw-cst
+ hostgroups: computers, single-cpu, hasbootfs
+ goedel:
+ address: 213.188.99.214
+ parents: gw-cst
+ hostgroups: computers, single-cpu, hasbootfs, lenny, puppet
+
+ schein:
+ address: 149.20.20.6
+ parents: gw-isc
+ hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, lenny, rsyslog-hosts, puppet, dl360
+
+ praetorius:
+ address: 130.239.18.121
+ parents: gw-aca
+ hostgroups: computers, buildd, rsyslog-hosts, lenny, puppet
+
+#############################
+# host groups
+#
+# hostgroups ircd and all are automatically defined
+#
+#############################
+hostgroups:
+ computers:
+ alias: computers
+ private: 1
+ routing-infrastructure:
+ alias: Internet routers and friends
+ extinfo-icon_image: base/switch40.png
+ extinfo-icon_image_alt: router
+ notacomputer:
+ alias: Systems that are not really systems. Yeah :)
+ private: 1
+ deadslow:
+ alias: Systems too slow to run any real checks
+ dialup:
+ alias: Systems with slow network
+
+ porterbox:
+ alias: developer accessible porter machines
+ extinfo-icon_image: base/debian.png
+ extinfo-icon_image_alt: Debian GNU/Linux
+ extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
+ service:
+ alias: machines running services
+ extinfo-icon_image: base/debian.png
+ extinfo-icon_image_alt: Debian GNU/Linux
+ extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
+ buildd:
+ alias: buildd systems
+ extinfo-icon_image: base/debian.png
+ extinfo-icon_image_alt: Debian GNU/Linux
+ extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
+ general:
+ alias: general purpose developer accessible machines
+ extinfo-icon_image: base/debian.png
+ extinfo-icon_image_alt: Debian GNU/Linux
+ extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
+ puppet:
+ alias: Hosts running puppet
+ extinfo-icon_image: base/debian.png
+ extinfo-icon_image_alt: Debian GNU/Linux
+ extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
+
+ dl380:
+ alias: HP DL380 hosts
+ private: 1
+ dl385:
+ alias: HP DL385 hosts
+ private: 1
+ dl360:
+ alias: HP DL360 hosts
+ private: 1
+ bl460:
+ alias: HP BL460 blades
+ private: 1
+ sw-raid:
+ alias: Hosts with Linux software raid
+ private: 1
+ single-cpu:
+ alias: Hosts with only one CPU
+ private: 1
+
+ lenny:
+ alias: Hosts running lenny, not etch
+ private: 1
+
+ no-samhain:
+ alias: hosts not running samhain properly
+ private: 1
+
+ #syslog-ng-hosts:
+ # alias: hosts running syslog-ng instead of sysklogd
+ # private: 1
+ rsyslog-hosts:
+ alias: hosts running rsyslogd instead of sysklogd
+ private: 1
+ postfix-hosts:
+ alias: hosts running postfix instead of exim
+ private: 1
+ heavy-exim:
+ alias: "hosts running the full mail stuff, including clamav, SA, and postgrey"
+ private: 1
+ heavy-postfix:
+ alias: "postfix hosts running the full mail stuff, including clamav, SA, postgrey, policyd-weight"
+ private: 1
+ apache2-hosts:
+ alias: hosts running apache2
+ private: 1
+ apache1-hosts:
+ alias: hosts running apache1
+ private: 1
+ bind9-hosts:
+ alias: hosts running bind9
+ private: 1
+ amavis-hosts:
+ alias: hosts running amavis
+ private: 1
+ ftpd-hosts:
+ alias: hosts running vsftpd
+ private: 1
+ #tftpd-hosts:
+ # alias: hosts running a tftpd (tftpd-hpa as a daemon)
+ # private: 1
+ rsyncd-hosts:
+ alias: hosts providing rsync services via xinetd
+ private: 1
+ postgres81-hosts:
+ alias: hosts running postgres81
+ private: 1
+ postgres83-hosts:
+ alias: hosts running postgres83
+ private: 1
+ mysql-hosts:
+ alias: hosts running mysql
+ private: 1
+ no-udev:
+ alias: hosts not using udev
+ private: 1
+ ulogd-hosts:
+ alias: hosts running ulogd
+ private: 1
+ acpid-hosts:
+ alias: hosts running acpid
+ private: 1
+
+ nfs-client:
+ alias: hosts mounting filesystems using NFS
+ private: 1
+ nfs-server:
+ alias: hosts serving filesystems using NFS
+ private: 1
+
+ highload:
+ alias: "hosts on which high load is normal"
+ private: 1
+
+ secondary-IPs:
+ alias: secondary IP addresses
+ private: 1
+
+ smart:
+ alias: hosts with smartd
+ private: 1
+ hasbootfs:
+ alias: hosts with a /boot
+ private: 1
+
+
+#############################
+# servicegroups
+#############################
+servicegroups:
+ diskspace:
+ alias: diskusage checks
+ buildd:
+ alias: buildd checks
+ raid:
+ alias: raid checks
+ kernel:
+ alias: kernel checks
+ weaksshkeys:
+ alias: weak ssh keys
+ apt:
+ alias: apt upgrade status
+ samhain:
+ alias: samhain integrity status
+ security:
+ alias: security
+ servicegroup_members: apt, weaksshkeys, kernel, samhain
+
+#############################
+# services
+#############################
+services:
+ -
+ name: PING
+ check: "check_ping!300.0,20%!600.0,40%"
+ hostgroups: pingable
+ excludehostgroups: routing-infrastructure, dialup
+ normal_check_interval: 5
+ max_check_attempts: 4
+ retry_check_interval: 1
+ -
+ name: PING
+ check: "check_ping!2000.0,60%!3000.0,80%"
+ hostgroups: routing-infrastructure, dialup
+ normal_check_interval: 5
+ max_check_attempts: 4
+ retry_check_interval: 1
+
+ ############ Services ############
+ ###
+
+ ############ Disk Usage ############
+ ####
+ -
+ name: disk usage - all
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk -X devpts -X proc 90 95"
+ hostgroups: computers
+ -
+ name: disk usage on /
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /"
+ hostgroups: computers
+ excludehosts: ries, klecker
+ -
+ name: disk usage on /
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /"
+ hosts: ries, klecker
+ -
+ name: disk usage on /boot
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /boot"
+ hostgroups: hasbootfs
+ -
+ name: disk usage on /var
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var"
+ hosts: bartok, samosa, raff, lobos, villa, gluck, saens, voltaire, tartini, morales, powell, escher
+ -
+ name: disk usage on /org
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org"
+ hosts: sperger, samosa, raff, lobos, villa, steffani, saens, pergolesi, verdi, spontini, ravel, mahler, schroeder, piatti, pescetti, widor, schein, lebrun
+ -
+ name: disk usage on /org
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /org"
+ hosts: merkel, bartok
+ -
+ name: disk usage on /srv
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /srv"
+ hosts: agricola, arcadelt, argento, allegri, tartini, morales, powell, puccini, zelenka, chopin
+ -
+ name: disk usage on /org/scratch
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org/scratch"
+ hosts: merkel
+ -
+ name: disk usage on /tmp
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 60 80 /tmp"
+ hosts: samosa, raff, gluck, saens, puccini, merkel, tartini, powell, piatti, escher
+ -
+ name: disk usage on /usr
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /usr"
+ hosts: samosa, raff, lobos, villa, gluck, saens, pergolesi, merulo, tartini, morales, powell
+ -
+ name: disk usage on /home
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home"
+ hosts: raptor, voltaire, rem, ball, paer, escher
+ -
+ name: disk usage on /home
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /home"
+ hosts: gluck
+ -
+ name: disk usage on /chroot
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /chroot"
+ hosts: raptor
+ -
+ name: disk usage on /mnt/hdc
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/hdc"
+ hosts: voltaire
+ -
+ name: disk usage on /mnt/sdb1
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/sdb1"
+ hosts: spontini
+ -
+ name: disk usage on /x
+ servicegroups: diskspace
+ nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /x"
+ hosts: caballero
+
+ ############ All Computers ############
+ ####
+ -
+ name: apt - security updates
+ servicegroups: apt
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/apt"
+ hostgroups: computers
+ normal_check_interval: 60
+ retry_check_interval: 15
+ ####
+ -
+ name: backup
+ nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-dabackup"
+ hostgroups: computers
+ normal_check_interval: 180
+ max_check_attempts: 2
+ retry_check_interval: 5
+ -
+ name: backup server config
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-dabackup-server"
+ hosts: bartok
+ normal_check_interval: 180
+ max_check_attempts: 2
+ retry_check_interval: 5
+
+ ####
+ -
+ name: running kernel
+ servicegroups: kernel
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-running-kernel"
+ hostgroups: computers
+ normal_check_interval: 180
+ retry_check_interval: 5
+
+ ####
+ -
+ name: process - puppet
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C ruby -a 'ruby /usr/sbin/puppetd -w 5 --factsync'"
+ hostgroups: puppet
+
+ -
+ name: puppet
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-puppet"
+ hostgroups: puppet
+
+ ####
+ -
+ name: process - samhain
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C samhain -a '/usr/sbin/samhain'"
+ hostgroups: computers
+ excludehostgroups: no-samhain
+ -
+ name: samhain
+ servicegroups: samhain
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/samhain"
+ hostgroups: computers
+ excludehostgroups: no-samhain
+ depends: process - samhain
+ normal_check_interval: 60
+ retry_check_interval: 5
+
+ ####
+ -
+ name: users
+ nrpe: "/usr/lib/nagios/plugins/check_users 30 35"
+ hostgroups: computers
+ ####
+ -
+ name: load
+ nrpe: "/usr/lib/nagios/plugins/check_load -w 30,28,26 -c 50,45,50"
+ hostgroups: computers
+ excludehostgroups: highload
+ -
+ name: load
+ nrpe: "/usr/lib/nagios/plugins/check_load -w 140,120,100 -c 240,220,200"
+ hostgroups: highload
+ excludehosts: rietz
+ -
+ name: load
+ nrpe: "/usr/lib/nagios/plugins/check_load -w 200,200,200 -c 350,350,350"
+ hosts: rietz
+ ####
+ -
+ name: processes - zombies
+ nrpe: "/usr/lib/nagios/plugins/check_procs 5 10 -s Z"
+ hostgroups: computers
+ ####
+ -
+ name: processes - total
+ nrpe: "/usr/lib/nagios/plugins/check_procs 620 700"
+ hostgroups: computers
+ ####
+ -
+ name: swap usage - percent
+ nrpe: "/usr/lib/nagios/plugins/check_swap -w 20% -c 10%"
+ hostgroups: computers
+ ####
+ -
+ name: swap usage - mb
+ nrpe: "/usr/lib/nagios/plugins/check_swap -w 20000 -c 5000"
+ hostgroups: computers
+ ####
+ -
+ name: process - getty
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C getty -a /sbin/getty"
+ hostgroups: computers
+ excludehosts: zelenka
+ ####
+ -
+ name: process - sshd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1: -u root -C sshd -a '/usr/sbin/sshd'"
+ hostgroups: computers
+ -
+ name: "network service - sshd"
+ check: dsa_check_ssh
+ hostgroups: computers
+ depends: process - sshd
+ normal_check_interval: 60
+ notification_interval: 1440
+
+ -
+ name: "network service - sshd"
+ check: dsa_check_ssh
+ hostgroups: deadslow
+ excludehosts: agnesi
+ normal_check_interval: 180
+ -
+ name: "network service - sshd - 2260"
+ check: dsa_check_ssh_port!2260
+ hosts: agnesi
+ normal_check_interval: 180
+ -
+ name: "network service - sshd - 443"
+ check: dsa_check_ssh_port!443
+ hosts: gluck
+ normal_check_interval: 180
+
+ -
+ name: "network service - sshd - version"
+ check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch3"
+ depends: network service - sshd
+ hostgroups: computers, deadslow
+ excludehosts: crest, kullervo
+ excludehostgroups: lenny
+ normal_check_interval: 60
+ -
+ name: "network service - sshd - version"
+ check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch2+m68k1"
+ depends: network service - sshd
+ hosts: crest, kullervo
+ normal_check_interval: 60
+ -
+ name: "network service - sshd - version"
+ check: "dsa_check_ssh_port_version!22!OpenSSH_5.1p1 Debian-5"
+ depends: network service - sshd
+ hostgroups: lenny
+ excludehosts: agnesi
+ normal_check_interval: 60
+ -
+ name: "network service - sshd - version - 2260"
+ check: "dsa_check_ssh_port_version!2260!OpenSSH_5.1p1 Debian-5"
+ depends: network service - sshd - 2260
+ hosts: agnesi
+ normal_check_interval: 60
+ #
+ -
+ name: ssh - weak keys
+ servicegroups: weaksshkeys
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/weak-ssh-keys"
+ hostgroups: computers
+ normal_check_interval: 60
+ ####
+ -
+ name: network service - nrpe
+ check: check_tcp!5666
+ hostgroups: computers
+ max_check_attempts: -2
+ notification_interval: 1440
+ -
+ name: process - nrpe
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u nagios -C nrpe -a '/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d'"
+ hostgroups: computers
+ max_check_attempts: -1
+ depends: network service - nrpe
+ ###
+ -
+ name: process - munin-node
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C munin-node -a '/usr/sbin/munin-node'"
+ hostgroups: computers
+ -
+ name: network service - munin-node
+ check: check_tcp!4949
+ hostgroups: computers
+ depends: process - munin-node
+ ###
+ -
+ name: process - ntpd
+ # sarge: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
+ # etch: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ntp -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
+ hostgroups: computers
+ excludehosts: raptor, zelenka
+ -
+ name: network service - ntp
+ check: check_ntp
+ hostgroups: computers
+ depends: process - ntpd
+ excludehosts: raptor, allegri, zelenka
+ #
+ -
+ name: network service - time
+ check: dsa_check_time
+ hosts: raptor, allegri, zelenka
+ depends: process - xinetd
+
+ ###
+ -
+ name: process - atd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C atd -a /usr/sbin/atd"
+ hostgroups: computers
+ ###
+ -
+ name: process - cron
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C cron -a /usr/sbin/cron"
+ hostgroups: computers
+
+ ###
+ # -
+ # name: process - syslog-ng
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslog-ng -a '/sbin/syslog-ng -p /var/run/syslog-ng.pid'"
+ # hostgroups: syslog-ng-hosts
+ ###
+ -
+ name: process - rsyslogd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rsyslogd -a '/usr/sbin/rsyslogd -c3'"
+ hostgroups: rsyslog-hosts
+ ###
+ -
+ name: process - syslogd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslogd -a '/sbin/syslogd'"
+ hostgroups: computers
+ excludehostgroups: rsyslog-hosts
+ -
+ name: process - klogd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C klogd -a '/sbin/klogd -x'"
+ hostgroups: computers
+ excludehostgroups: rsyslog-hosts
+
+ ### MAIL STUFF
+ ###
+ -
+ name: process - exim
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u Debian-exim -C exim4 -a '/usr/sbin/exim4 -bd -q'"
+ hostgroups: computers
+ excludehostgroups: postfix-hosts
+ excludehosts: master, rietz, merkel, gluck
+ -
+ name: process - exim - total
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1: -C exim4"
+ hostgroups: computers
+ excludehostgroups: postfix-hosts
+ excludehosts: master, rietz, merkel, gluck
+ -
+ name: process - exim
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:300 -c 1:500 -C exim4 -a '/usr/sbin/exim4'"
+ hosts: master, rietz, merkel, gluck
+ ###
+ -
+ name: process - clamav - clamd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u clamav -C clamd -a '/usr/sbin/clamd'"
+ hostgroups: heavy-exim, heavy-postfix
+ -
+ name: service - clamav
+ nrpe: "/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl"
+ hostgroups: heavy-exim, heavy-postfix
+ depends: process - clamav - clamd
+ -
+ name: process - clamav - freshclam
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --quiet'"
+ hostgroups: heavy-exim, heavy-postfix
+ -
+ name: process - clamav - getsigs
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C getclamsigs -a 'getclamsigs'"
+ hostgroups: heavy-exim, heavy-postfix
+ #
+ -
+ name: unwanted process - clamav
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C clamd"
+ hostgroups: computers
+ excludehostgroups: heavy-exim, heavy-postfix
+ -
+ name: unwanted process - freshclam
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C freshclam"
+ hostgroups: computers
+ excludehostgroups: heavy-exim, heavy-postfix
+ -
+ name: unwanted process - clamav - getsigs
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C getclamsigs"
+ hostgroups: computers
+ excludehostgroups: heavy-exim, heavy-postfix
+ ###
+ -
+ name: process - spamd - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid'"
+ hostgroups: heavy-exim
+ excludehosts: rietz, merkel, raff
+ -
+ name: process - spamd - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 10 --helper-home-dir -d --pidfile=/var/run/spamd.pid'"
+ hosts: liszt
+ -
+ name: process - spamd - child
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:11 -c 1: -C spamd -a 'spamd child'"
+ hosts: liszt
+ hostgroups: heavy-exim
+ depends: process - spamd - master
+ excludehosts: rietz, merkel, raff
+ #
+ -
+ name: process - spamd - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u debbugs -C spamd -a '/usr/sbin/spamd -d '"
+ hosts: rietz
+ -
+ name: process - spamd - child
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1: -u debbugs -C spamd -a 'spamd child'"
+ hosts: rietz
+ #
+ -
+ name: unwanted process - spamd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd"
+ hostgroups: computers
+ excludehostgroups: heavy-exim
+ excludehosts: liszt
+ -
+ name: unwanted process - spamd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd"
+ hosts: merkel, raff
+
+ ###
+ #-
+ # name: process - greylistd
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u greylist -C greylistd -a '/usr/bin/python /usr/sbin/greylistd'"
+ # hostgroups: heavy-exim
+ #
+ -
+ name: unwanted process - greylistd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C greylistd"
+ hostgroups: computers
+
+ ###
+ -
+ name: process - postgrey
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'"
+ hostgroups: heavy-exim
+ -
+ name: process - postgrey
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'"
+ hostgroups: heavy-postfix
+ #
+ -
+ name: unwanted process - postgrey
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C postgrey"
+ hostgroups: computers
+ excludehostgroups: heavy-postfix, heavy-exim
+ ###
+ -
+ name: process - amavis - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u amavis -C amavisd-new -a 'amavisd (master)'"
+ hostgroups: amavis-hosts
+ -
+ name: process - amavis - all
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1:10 -u amavis -C amavisd-new -a 'amavisd '"
+ hostgroups: amavis-hosts
+ depends: process - amavis - master
+ #
+ -
+ name: unwanted process - amavis
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C amavisd-new"
+ hostgroups: computers
+ excludehostgroups: amavis-hosts
+ ###
+ -
+ name: process - weightd - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (master)'"
+ hostgroups: heavy-postfix
+ -
+ name: process - weightd - cache
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (cache)'"
+ hostgroups: heavy-postfix
+ depends: process - weightd - master
+ -
+ name: process - weightd - child
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:50 -c 1: -u polw -C policyd-weight -a 'policyd-weight (child)'"
+ hostgroups: heavy-postfix
+ depends: process - weightd - master
+ #
+ -
+ name: unwanted process - policyd-weight
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C policyd-weight"
+ hostgroups: computers
+ excludehostgroups: heavy-postfix
+
+
+
+ ###
+ -
+ name: process - postfix - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C master -a '/usr/lib/postfix/master'"
+ hostgroups: postfix-hosts
+ -
+ name: process - postfix - qmgr
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C qmgr -a 'qmgr -l -t fifo -u'"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+ #-
+ # name: process - postfix - tlsmgr
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C tlsmgr -a 'tlsmgr -l -t fifo -u'"
+ # hostgroups: postfix-hosts
+ # depends: process - postfix - master
+ -
+ name: process - postfix - pickup
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C pickup -a 'pickup -l -t fifo -u -c'"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+ -
+ name: process - postfix - anvil
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:1 -c 0: -u postfix -C anvil -a 'anvil -l -t unix -u'"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+
+ -
+ name: process - postfix - trivial-rewrite
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C trivial-rewrite -a 'trivial-rewrite -n rewrite -t unix -u -c'"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+ -
+ name: process - postfix - proxymap
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C proxymap -a 'proxymap -t unix -u'"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+ -
+ name: process - postfix - cleanup
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C cleanup -a 'cleanup -z -t unix -u -c'"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+ -
+ name: process - postfix - local
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C local -a 'local -t unix'"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+
+ -
+ name: process - postfix - smtpd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:40 -c 0:90 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'"
+ hostgroups: postfix-hosts
+ excludehosts: liszt
+ depends: process - postfix - master
+ -
+ name: process - postfix - smtp
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C smtp -a 'smtp -t unix -u -c'"
+ hostgroups: postfix-hosts
+ excludehosts: liszt
+ depends: process - postfix - master
+
+ -
+ name: process - postfix - smtpd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:150 -c 0:200 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'"
+ hosts: liszt
+ depends: process - postfix - master
+ -
+ name: process - postfix - smtp
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:350 -c 0:500 -u postfix -C smtp -a 'smtp -t unix -u -c'"
+ hosts: liszt
+ depends: process - postfix - master
+
+ ###
+ -
+ name: network service - smtp
+ check: dsa_check_smtp
+ hostgroups: computers
+ excludehostgroups: postfix-hosts
+ depends: process - exim
+
+ -
+ name: network service - smtp
+ check: dsa_check_smtp
+ hostgroups: postfix-hosts
+ excludehosts: verdi, kassia, allegri, raptor, piatti
+ depends: process - postfix - master
+ -
+ name: network service - smtp - port 2025
+ check: dsa_check_smtp_port!2025
+ hosts: verdi, kassia, murphy, allegri, piatti
+ depends: process - postfix - master
+ -
+ name: network service - smtp - port 8080
+ check: dsa_check_smtp_port!8080
+ hosts: murphy
+ depends: process - postfix - master
+ -
+ name: network service - smtp - port 2025
+ remotecheck: /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p 2025
+ runfrom: murphy
+ hosts: raptor
+ depends: process - postfix - master
+
+ -
+ name: network service local - smtps cert
+ nrpe: "/usr/lib/nagios/plugins/check_http -H localhost -p 465 -S -C 14 -t 45"
+ hostgroups: postfix-hosts
+ depends: process - postfix - master
+ normal_check_interval: 120
+
+
+ -
+ name: setup - dsa config
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-config"
+ hostgroups: computers
+ normal_check_interval: 120
+ -
+ name: setup - ud-ldap freshness
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-udldap-freshness"
+ hostgroups: computers
+ ###
+ -
+ name: process - uptimed
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C uptimed -a '/usr/sbin/uptimed'"
+ hostgroups: computers
+ ###
+ -
+ name: process - irqbalance
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C irqbalance -a '/usr/sbin/irqbalance'"
+ hostgroups: computers
+ excludehostgroups: single-cpu
+ -
+ name: unwanted process - irqbalance
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C irqbalance"
+ hostgroups: single-cpu
+
+ ####
+ ###
+ #-
+ # name: unwanted process - system-tools-backends
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C system-tools-ba"
+ # hostgroups: computers
+ #-
+ # name: unwanted process - dbus-daemon
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C dbus-daemon"
+ # hostgroups: computers
+ -
+ name: unwanted process - gkrellmd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C gkrellmd"
+ hostgroups: computers
+ -
+ name: unwanted process - portmap
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C portmap"
+ hostgroups: computers
+ excludehostgroups: nfs-client, nfs-server
+ -
+ name: unwanted process - rpc.statd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C rpc.statd"
+ hostgroups: computers
+ excludehostgroups: nfs-client, nfs-server
+ -
+ name: unwanted process - inetd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C inetd"
+ hostgroups: computers
+ -
+ name: unwanted process - snmpd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C snmpd"
+ hostgroups: computers
+
+
+ ############ Processes/Services that only run on some computers ############
+ ####
+ ###
+ -
+ name: process - rngd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rngd -a '/usr/sbin/rngd -r /dev/hwrng'"
+ hostgroups: dl385
+ ###
+ -
+ name: process - mdadm monitor
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C mdadm -a '/sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan'"
+ hostgroups: sw-raid
+ -
+ name: RAID - sw raid
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-sw"
+ hostgroups: sw-raid
+
+ ###
+ -
+ name: process - cpqarrayd
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C cpqarrayd -a '/usr/sbin/cpqarrayd'"
+ hostgroups: dl385, dl380, dl360, bl460
+ -
+ name: RAID - arrayprobe
+ servicegroups: raid
+ nrpe: "sudo /usr/bin/arrayprobe"
+ hostgroups: dl385, dl380, dl360, bl460
+ -
+ name: HW - hpacucli status
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-hpacucli"
+ normal_check_interval: 120
+ hostgroups: dl385, dl380, dl360, bl460
+ ###
+ -
+ name: RAID - areca
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-areca"
+ hosts: powell
+ ###
+ -
+ name: RAID - DAC960
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-dac960"
+ hosts: verdi
+ ###
+ -
+ name: RAID - 3ware
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-3ware"
+ hosts: puccini
+ ###
+ -
+ name: RAID - MPT
+ servicegroups: raid
+ nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-mpt"
+ hosts: master
+
+ ###
+ -
+ name: process - slapd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1:50 -u openldap -C slapd -a '/usr/sbin/slapd -h ldap:/// ldaps:/// -g openldap -u openldap'"
+ hosts: samosa
+ ###
+ -
+ name: process - ulogd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ulogd -a '/usr/sbin/ulogd -d'"
+ hostgroups: ulogd-hosts
+ -
+ name: unexpected process - ulogd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C ulogd"
+ hostgroups: computers
+ excludehostgroups: ulogd-hosts
+ ###
+ -
+ name: process - udevd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C udevd -a 'udevd'"
+ hostgroups: computers
+ excludehostgroups: no-udev
+ -
+ name: unexpected process - udev
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C udevd"
+ hostgroups: no-udev
+ ###
+ -
+ name: process - acpid
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C acpid -a '/usr/sbin/acpid'"
+ hostgroups: acpid-hosts
+ -
+ name: unexpected process - acpid
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C acpid"
+ hostgroups: computers
+ excludehostgroups: acpid-hosts
+
+ ###
+ -
+ name: process - xinetd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xinetd -a '/usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive'"
+ hosts: samosa, raptor, allegri, gluck, zelenka
+ hostgroups: rsyncd-hosts
+ -
+ name: unwanted process - xinetd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C xinetd"
+ hostgroups: computers
+ excludehosts: samosa, raptor, allegri, gluck, zelenka
+ excludehostgroups: rsyncd-hosts
+ ###
+ -
+ name: network service - finger
+ check: check_tcp!79
+ hosts: samosa
+ depends: process - xinetd
+ ###
+ -
+ name: network service - rsync
+ check: check_tcp!873
+ hostgroups: rsyncd-hosts
+ depends: process - xinetd
+
+ -
+ name: network service - rsync
+ check: check_tcp!873
+ hosts: rietz2
+ depends: rietz:process - xinetd
+
+ -
+ name: network service - rsync
+ check: check_tcp!873
+ hosts: kassia-sec
+ depends: kassia:process - xinetd
+
+ ###
+ -
+ name: process - nagios3
+ # there is always one extra process per check currently running..
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:30 -c 1: -u nagios -C nagios3 -a '/usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg'"
+ hosts: samosa
+
+ ###
+ -
+ name: process - apache2 - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache2 -a /usr/sbin/apache2"
+ hostgroups: apache2-hosts
+ -
+ name: process - apache2 - worker
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1:100 -u www-data -C apache2 -a /usr/sbin/apache2"
+ hostgroups: apache2-hosts
+ depends: process - apache2 - master
+ -
+ name: network service - http
+ check: check_http
+ hostgroups: apache2-hosts
+ excludehosts: kassia
+ depends: process - apache2 - master
+ -
+ name: network service - http
+ check: check_http
+ depends: kassia:process - apache2 - master
+ hosts: kassia-sec, kassia-ftp
+
+
+ -
+ name: process - apache - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache -a /usr/sbin/apache"
+ hostgroups: apache1-hosts
+ -
+ name: process - apache - worker
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:75 -c 1:150 -u www-data -C apache -a /usr/sbin/apache"
+ hostgroups: apache1-hosts
+ depends: process - apache - master
+ -
+ name: network service - http
+ check: check_http
+ hostgroups: apache1-hosts
+ depends: process - apache - master
+
+ -
+ name: network service - http keyserver
+ check: dsa_check_http_port!11371
+ hosts: raff
+ depends: process - apache2 - master
+
+ -
+ name: network service - https
+ check: check_https
+ hosts: samosa, ries, klecker
+ depends: "process - apache2 - master"
+ normal_check_interval: 120
+ -
+ name: network service - https cert
+ check: dsa_check_cert!443
+ hosts: samosa, ries, klecker
+ depends: network service - https
+ normal_check_interval: 60
+ ####
+ -
+ name: process - named
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:15 -c 1: -u bind -C named -a '/usr/sbin/named -u bind'"
+ hostgroups: bind9-hosts
+ -
+ name: network service - dns
+ check: check_dns
+ hostgroups: bind9-hosts
+ depends: process - named
+ -
+ name: unwanted process - named
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C named"
+ hostgroups: computers
+ excludehostgroups: bind9-hosts
+
+ ####
+ -
+ name: process - vsftp - listener
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C vsftpd -a 'vsftpd: LISTENER'"
+ hostgroups: ftpd-hosts
+ excludehosts: kassia
+ -
+ name: process - vsftp - instance
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:80 -c 0:100 -u ftp -C vsftpd -a 'vsftpd: '"
+ hostgroups: ftpd-hosts
+ excludehosts: kassia
+ -
+ name: network service - ftp
+ check: check_ftp
+ hostgroups: ftpd-hosts
+ excludehosts: kassia
+ depends: process - vsftp - listener
+ -
+ name: network service - ftp
+ check: check_ftp
+ hosts: kassia-sec, kassia-ftp
+ depends: kassia:process - xinetd
+
+ ####
+ -
+ name: process - debianqueued
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u dak -C debianqueued"
+ hosts: ries, ravel, klecker
+
+ ###
+ -
+ name: process - postresql81 - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a '/usr/lib/postgresql/8.1/bin/postmaster -D /var/lib/postgresql/8.1/main -c config_file=/etc/postgresql/8.1/main/postgresql.conf'"
+ hostgroups: postgres81-hosts
+ -
+ name: process - postresql81 - writer
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: writer process'"
+ hostgroups: postgres81-hosts
+ depends: process - postresql81 - master
+ -
+ name: process - postresql81 - buffer
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats buffer process'"
+ hostgroups: postgres81-hosts
+ depends: process - postresql81 - master
+ -
+ name: process - postresql81 - collector
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats collector process'"
+ hostgroups: postgres81-hosts
+ depends: process - postresql81 - master
+ ####
+ -
+ name: process - postresql83 - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf'"
+ hostgroups: postgres83-hosts
+ excludehosts: piatti, klecker
+ -
+ name: process - postresql83 - master udd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/udd -c config_file=/etc/postgresql/8.3/udd/postgresql.conf'"
+ hosts: piatti
+ -
+ name: process - postresql83 - dak master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak -c config_file=/etc/postgresql/8.3/dak/postgresql.conf'"
+ hosts: ries, klecker
+ -
+ name: process - postresql83 - dak-dev master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak-dev -c config_file=/etc/postgresql/8.3/dak-dev/postgresql.conf'"
+ hosts: ries
+ ####
+ -
+ name: process - mysql - master
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C mysqld_safe -a '/bin/sh /usr/bin/mysqld_safe'"
+ hostgroups: mysql-hosts
+ -
+ name: process - mysql - workers
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u mysql -C mysqld -a /usr/sbin/mysqld"
+ hostgroups: mysql-hosts
+ depends: process - mysql - master
+
+ ####
+ -
+ name: process - stunnel4 - postgres-udd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd-server.conf'"
+ hosts: piatti
+ -
+ name: process - stunnel4 - postgres-udd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd.conf'"
+ hosts: merkel, master
+
+ ####
+ #-
+ # name: process - xenconsoled
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenconsoled -a 'xenconsoled'"
+ # hosts: piatti
+ #-
+ # name: process - xenstored
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenstored -a '/usr/lib/xen-3.0.3-1/bin/xenstored --pid-file /var/run/xenstore.pid'"
+ # hosts: piatti
+ #-
+ # name: process - xend
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 2: -u root -C python -a 'python /usr/lib/xen-3.0.3-1/bin/xend start'"
+ # hosts: piatti
+#
+ ####
+ -
+ name: process - libvirtd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C libvirtd -a '/usr/sbin/libvirtd -d'"
+ hosts: unger
+
+ ###
+ -
+ name: process - buildd
+ servicegroups: buildd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u buildd -C buildd '/usr/bin/perl /usr/bin/buildd'"
+ hostgroups: buildd
+ contacts: luk
+
+ ###
+ -
+ name: process - iscsid
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 1: -u root -C iscsid '/usr/sbin/iscsid'"
+ hosts: raptor
+
+ ###
+ #-
+ # name: process - tftpd
+ # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C in.tftpd -a '/usr/sbin/in.tftpd -l -B 1450 -s /var/lib/tftpboot'"
+ # hostgroups: tftpd-hosts
+ ###
+# -
+# name: process - dhcpd
+# nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C dhcpd3 -a '/usr/sbin/dhcpd3 -q eth0'"
+# hosts: paer
+ ###
+ -
+ name: process - smartd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C smartd -a '/usr/sbin/smartd --pidfile /var/run/smartd.pid --interval=1800'"
+ hostgroups: smart
+
+ ############ NFS Stuff ############
+ ####
+ -
+ name: process - portmap
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C portmap -a '/sbin/portmap'"
+ hostgroups: nfs-client, nfs-server
+ -
+ name: process - statd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u statd -C rpc.statd -a '/sbin/rpc.statd'"
+ hostgroups: nfs-client, nfs-server
+ -
+ name: process - nfsd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u root -C nfsd -a '[nfsd]'"
+ hostgroups: nfs-server
+ -
+ name: process - lockd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C lockd -a '[lockd]'"
+ hostgroups: nfs-server
+ -
+ name: process - mountd
+ nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rpc.mountd -a '/sbin/rpc.mountd'"
+ hostgroups: nfs-server
+ # see if the nfs stuff works and doesn't hang.
+ # the df check all script will also hang, but we don't appear to pay attention to that
+ -
+ name: nfs mount ftp archive
+ nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /home/org/ftp.root/debian"
+ hosts: gluck
+ -
+ name: nfs mount ftp archive
+ nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /org/mirrors/ftp.debian.org/ftp"
+ hosts: merkel, raff
+
+ ############ MISC OTHER Stuff ############
+ #####
+ -
+ name: mirror sync - security
+ check: "dsa_check_mirrorsync!security.debian.org!project/trace/security-master.debian.org"
+ hosts: global
+ -
+ name: mirror sync - security.eu
+ check: "dsa_check_mirrorsync!security.eu.debian.org!project/trace/security-master.debian.org"
+ hosts: global
+ -
+ name: mirror sync - security.us
+ check: "dsa_check_mirrorsync!security.us.debian.org!project/trace/security-master.debian.org"
+ hosts: global
+ -
+ name: DNS SOA sync - debian.org
+ check: "dsa_check_soas_add!samosa.debian.org!debian.org"
+ hosts: global
+ -
+ name: DNS SOA sync - debian.net
+ check: "dsa_check_soas_add!samosa.debian.org!debian.net"
+ hosts: global
+ -
+ name: DNS SOA sync - debian.com
+ check: "dsa_check_soas_add!samosa.debian.org!debian.com"
+ hosts: global
+ -
+ name: DNS SOA sync - mirror.debian.net
+ check: "dsa_check_soas_add!samosa.debian.org!mirror.debian.net"
+ hosts: global
+ -
+ name: DNS SOA sync - 144-28.118.59.86.in-addr.arpa
+ check: "dsa_check_soas_add!samosa.debian.org!144-28.118.59.86.in-addr.arpa"
+ hosts: global
+ -
+ name: DNS SOA sync - alioth.debian.org
+ check: "dsa_check_soas_add!alioth.debian.org!alioth.debian.org"
+ hosts: global
--- /dev/null
+#!/usr/bin/perl -Tw
+
+# $Id: nagios-check-apt-updates 352 2008-05-20 21:36:54Z weasel $
+
+# nagios check for debian (security) updates,
+# based on net-snmp glue to security updates via apt-get.
+# Copyright (C) 2004 SILVER SERVER Gmbh
+# Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+
+use strict;
+use English;
+use Getopt::Long;
+use IO::Handle;
+use IPC::Open2;
+use IPC::Open3;
+
+$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
+my $APT = '/usr/bin/apt-get';
+my $VERBOSE;
+
+sub do_check($$$$$$) {
+ my ($pre_command, $timeout, $noupdate, $name, $updates_security, $updates_other) = @_;
+ my $fh;
+ my $pid;
+ my @command;
+
+ unless ($noupdate) {
+ print STDERR "Running $APT update in $name\n" if $VERBOSE;
+ @command = ($APT, 'update');
+ unshift @command, @$pre_command;
+ $fh = new IO::Handle;
+ $pid = open3(\*STDIN, $fh, $fh, @command) or die ("Cannot run $APT update in $name: $!\n");
+ local $SIG{ALRM} = sub { die "Timeout for apt-get update.\n" };
+ alarm $timeout;
+ my @ignore=<$fh>;
+ alarm 0;
+ close $fh;
+ waitpid $pid, 0;
+ if ($CHILD_ERROR) { # program failed
+ die("$APT update returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n");
+ };
+ };
+
+ print STDERR "Running $APT --simulate upgrade in $name\n" if $VERBOSE;
+ @command = ($APT, qw{--simulate upgrade});
+ unshift @command, @$pre_command;
+ $fh = new IO::Handle;
+ $pid = open2($fh, \*STDIN, @command) or die ("Cannot run $APT --simulate upgrade | sort -u in $name: $!\n");
+ local $SIG{ALRM} = sub { die "Timeout for apt-get --simulate upgrade.\n" };
+ alarm $timeout;
+ my @lines=<$fh>;
+ close $fh;
+ alarm 0;
+ waitpid $pid, 0;
+ if ($CHILD_ERROR) { # program failed
+ die("$APT --simulate upgrade | sort -u returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n");
+ };
+
+ @lines = sort {$a cmp $b} @lines;
+ my %uniq;
+ @lines = grep {!$uniq{$_}++} @lines;
+
+ print STDERR "Processing information for $name\n" if $VERBOSE;
+ for my $line (@lines) {
+ if ($line =~ m/^Inst\s+(\S+)\s+/) {
+ my $package = $1;
+ if ($line =~ m/^Inst\s+\S+\s+.*security/i) {
+ push @$updates_security, $package.($name ne '/' ? "($name)" : '');
+ } else {
+ push @$updates_other, $package.($name ne '/' ? "($name)" : '');
+ };
+ }
+ }
+}
+
+
+
+my $VERSION = '0.0.3 - $Rev: 352 $';
+my $use_sudo = 1;
+my $params;
+
+# nagios exit codes
+my $OK = 0;
+my $WARNING = 1;
+my $CRITICAL = 2;
+my $UNKNOWN = 3;
+
+$params->{'chroots'} = [];
+$params->{'vservers'} = [];
+$params->{'timeout'} = 20;
+Getopt::Long::config('bundling');
+if (!GetOptions (
+ '--help' => \$params->{'help'},
+ '--version' => \$params->{'version'},
+ '--sudo' => \$params->{'sudo'},
+ '--noupdate' => \$params->{'noupdate'},
+ '--nosudo' => \$params->{'nosudo'},
+ '--verbose' => \$params->{'verbose'},
+ '--warnifupdates' => \$params->{'warnifupdates'},
+ '--timeout=i' => \$params->{'timeout'},
+ '--chroot=s' => $params->{'chroots'},
+ '--vserver=s' => $params->{'vservers'}
+ )) {
+ die ("Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--timeout=<timeout>] [--verbose]\n");
+};
+if ($params->{'help'}) {
+ print "nagios-check-apt-updates $VERSION\n";
+ print "Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--verbose]\n";
+ print "Reports packages to upgrade, updating the list if necessary.\n";
+ print "\n";
+ print " --help Print this short help.\n";
+ print " --version Report version number.\n";
+ print " --sudo Use sudo to call apt-get (default).\n";
+ print " --noupdate Do not run apt-get update first.\n";
+ print " --nosudo Do not use sudo to call apt-get.\n";
+ print " --warnifupdates Exit with a WARNING status if any updates are available.\n";
+ print " --timeout=<timeout> Timeout in seconds for each of the two apt-get runs.\n";
+ print " --verbose Be a little verbose.\n";
+ print " --chroot=<path> Run check in path.\n";
+ print " --vserver=<vserver> Run check in vserver.\n";
+ print "\n";
+ print "Note that for --sudo (default) you will need entries in /etc/sudoers like these:\n";
+ print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get update\n";
+ print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate upgrade\n";
+ print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get update\n";
+ print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get --simulate upgrade\n";
+ print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get update\n";
+ print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get --simulate upgrade\n";
+ print "\n";
+ exit (0);
+};
+if ($params->{'version'}) {
+ print "nagios-check-apt-updates $VERSION\n";
+ print "nagios check for availability of debian (security) updates\n";
+ print "Copyright (c) 2004 SILVER SERVER Gmbh\n";
+ print "Copyright (c) 2004,2005 Peter Palfrader <peter\@palfrader.org>\n";
+ exit (0);
+};
+if ($params->{'sudo'} && $params->{'nosudo'}) {
+ die ("$PROGRAM_NAME: --sudo and --nosudo are mutually exclusive.\n");
+};
+if ($params->{'sudo'}) {
+ $use_sudo = 1;
+};
+if ($params->{'nosudo'}) {
+ $use_sudo = 0;
+};
+if (scalar @{$params->{'chroots'}} == 0 && scalar @{$params->{'vservers'}} == 0) {
+ $params->{'chroots'} = ['/'];
+};
+$VERBOSE = $params->{'verbose'};
+
+
+$SIG{'__DIE__'} = sub {
+ print STDERR @_;
+ exit $UNKNOWN;
+};
+
+
+my @updates_security;
+my @updates_other;
+
+
+# Make sure chroot paths are nice;
+my @chroots = ();
+for my $root (@{$params->{'chroots'}}) {
+ if ($root =~ m#^(/[a-zA-Z0-9/.-]*)$#) {
+ push @chroots, $1;
+ } else {
+ die ("Chroot path $root is not nice.\n");
+ };
+};
+for my $root (@chroots) {
+ my @pre_command = ();
+ unshift @pre_command, 'chroot', $root if ($root ne '/');
+ unshift @pre_command, 'sudo' if $use_sudo;
+ do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $root, \@updates_security, \@updates_other);
+}
+
+# Make sure vserver names are nice;
+my @vservers = ();
+for my $vserver (@{$params->{'vservers'}}) {
+ if ($vserver =~ m#^([a-zA-Z0-9.-]+)$#) {
+ push @vservers, $1;
+ } else {
+ die ("Vserver name $vserver is not nice.\n");
+ };
+};
+for my $vserver (@vservers) {
+ my @pre_command = ();
+ unshift @pre_command, '/usr/sbin/vserver', $vserver, 'exec';
+ unshift @pre_command, 'sudo' if $use_sudo;
+ do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $vserver, \@updates_security, \@updates_other);
+}
+
+
+
+
+my $exit = $OK;
+
+my $updateinfo;
+if (@updates_security) {
+ $updateinfo .= 'Security updates ('.(scalar @updates_security).'): '.join(', ', @updates_security)."; ";
+ $exit = $CRITICAL;
+}
+if (@updates_other) {
+ $updateinfo .= 'Other Updates ('.(scalar @updates_other).'): '.join(', ', @updates_other)."; ";
+ $exit = $WARNING if ($params->{'warnifupdates'} and $exit == $OK);
+};
+$updateinfo = 'No updates available' unless defined $updateinfo;
+
+
+print $updateinfo,"\n";
+exit $exit;
--- /dev/null
+dsa-nagios-nrpe-config for Debian
+---------------------------------
+
+This package is automatically created from the debian.org nagios
+config.
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 2 Apr 2008 22:19:07 +0200
--- /dev/null
+dsa-nagios-nrpe-config (68) unstable; urgency=low
+
+ * dsa-update-apt-status: Ensure apt-get update is quiet even when stuff
+ goes wrong.
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 11 Feb 2009 21:59:55 +0100
+
+dsa-nagios-nrpe-config (67) unstable; urgency=low
+
+ * Minor tweak to dsa-check-packages: reorder ok and obs(ign), change
+ long text for obs(ign).
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 4 Feb 2009 09:40:26 +0000
+
+dsa-nagios-nrpe-config (66) unstable; urgency=low
+
+ * Add dsa-check-packages
+ * Make apt-status-check use dsa-check-packages.
+ * And install obsolete-packages-ignore into etc/nagios.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 03 Feb 2009 20:39:01 +0100
+
+dsa-nagios-nrpe-config (65) unstable; urgency=low
+
+ * Add dsa-check-soas
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 23:11:19 +0000
+
+dsa-nagios-nrpe-config (64) unstable; urgency=low
+
+ * dsa-check-mirrorsync: make it work in embedded perl again.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 22:59:06 +0000
+
+dsa-nagios-nrpe-config (63) unstable; urgency=low
+
+ * dsa-check-mirrorsync: print help if additional args are given (we don't
+ support any)
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 22:14:44 +0000
+
+dsa-nagios-nrpe-config (62) unstable; urgency=low
+
+ * Add check_securitymirror by formorer.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 21:59:47 +0000
+
+dsa-nagios-nrpe-config (61) unstable; urgency=low
+
+ * dsa-check-hpacucli: Do not create the 'Failed' array while checking if an
+ entry is in there. If it doesn't exist that's also good.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 06 Oct 2008 14:08:30 +0200
+
+dsa-nagios-nrpe-config (60) unstable; urgency=low
+
+ * Add dsa-check-raid-areca.
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 01 Oct 2008 16:23:33 +0200
+
+dsa-nagios-nrpe-config (59) unstable; urgency=low
+
+ * apt-status-check: Ignore stderr during apt-get update.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 30 Sep 2008 19:58:36 +0200
+
+dsa-nagios-nrpe-config (58) unstable; urgency=low
+
+ * Rename dsa-check-da-in-aliases to dsa-check-config.
+ * dsa-check-config: check if ldap.conf is configured correctly.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 26 Sep 2008 15:02:53 +0200
+
+dsa-nagios-nrpe-config (57) unstable; urgency=low
+
+ * dsa-check-hpacucli: Do not inspect drives in detail when they are
+ listed as Failed in the overview already.
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 24 Sep 2008 16:02:31 +0200
+
+dsa-nagios-nrpe-config (56) unstable; urgency=low
+
+ * fix dsa-check-samhain.
+ sudo is not in $PATH.
+
+ -- Martin Zobel-Helas <zobel@debian.org> Mon, 22 Sep 2008 06:45:19 +0000
+
+dsa-nagios-nrpe-config (55) unstable; urgency=low
+
+ * And another one, weasel should sleep.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 22 Sep 2008 00:29:15 +0000
+
+dsa-nagios-nrpe-config (54) unstable; urgency=low
+
+ * dsa-check-dabackup-server fixes.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 22 Sep 2008 00:27:41 +0000
+
+dsa-nagios-nrpe-config (53) unstable; urgency=low
+
+ * Add dsa-check-dabackup-server.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 22 Sep 2008 00:19:28 +0000
+
+dsa-nagios-nrpe-config (52) unstable; urgency=low
+
+ * The nagios _check_ package should probably not be the one that
+ depends on the stuff we want on most or all hosts, thus removing
+ dependency on samhain, which should probably get pulled in via
+ debian.org.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 21 Sep 2008 23:41:01 +0000
+
+dsa-nagios-nrpe-config (51) unstable; urgency=low
+
+ * Add check for samhain.
+
+ -- Martin Zobel-Helas <zobel@samosa.debian.org> Sat, 20 Sep 2008 07:29:23 +0000
+
+dsa-nagios-nrpe-config (50) unstable; urgency=low
+
+ * dsa-check-hpacucli: Handle 'pd all show' output with failed arrays.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 09 Aug 2008 11:39:55 +0200
+
+dsa-nagios-nrpe-config (49) unstable; urgency=low
+
+ * dsa-check-hpacucli: Learn correct transfer speed for Ultra 3 Wide (160mb/s)
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 23 Jul 2008 00:56:54 +0200
+
+dsa-nagios-nrpe-config (48) unstable; urgency=low
+
+ * Don't just print the sudoers lines to stdout, tell the admin to add them
+ also.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 22 Jul 2008 21:25:56 +0000
+
+dsa-nagios-nrpe-config (47) unstable; urgency=low
+
+ * dsa-check-hpacucli: Check transfer speed of disks.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 22 Jul 2008 23:14:50 +0200
+
+dsa-nagios-nrpe-config (46) unstable; urgency=low
+
+ * Move apt status update from cron.daily to usr/sbin/dsa-update-apt-status.
+ * Move script calls from cron.daily to cron.d @daily and @reboot.
+ * Introduce hourly runs for dsa-update-apt-status that happen if the system
+ changed in the meantime, that is if /var/lib/dpkg/status or
+ /var/cache/apt/pkgcache.bin are newer than the status file.
+ Also run if the status file does not exist, or if the last apt-get update
+ call failed, or if the last run was more than a day ago.
+ * No longer do @daily runs of dsa-update-apt-status
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 06 Jul 2008 11:51:27 +0200
+
+dsa-nagios-nrpe-config (45) unstable; urgency=low
+
+ * Add apt upgrades check.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 20 May 2008 22:01:07 +0000
+
+dsa-nagios-nrpe-config (44) unstable; urgency=low
+
+ * Fix ssh-dss detection. It need not be at the start of a line
+ (think >from="1.2.3.4" ssh-dss< ...).
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 14:34:23 +0000
+
+dsa-nagios-nrpe-config (43) unstable; urgency=low
+
+ * Depend on ruby.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 14:19:10 +0000
+
+dsa-nagios-nrpe-config (42) unstable; urgency=low
+
+ * weak-ssh-keys-check: Ignore empty lines in authorized-keys files.
+ * weak-ssh-keys-check: Handle servers not doing DSA in from_ssh_host().
+ * Run weak-ssh-keys-check on install.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 14:05:10 +0000
+
+dsa-nagios-nrpe-config (41) unstable; urgency=low
+
+ * Add dsa-check-statusfile.
+ * Add weak-ssh-keys-check to be run from cron.daily. Depend on
+ libberkeleydb-perl and dsa-ssh-weak-keys now.
+ * Remove up /var/cache/dsa/nagios/weak-ssh-keys in postrm purge.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 15:55:43 +0200
+
+dsa-nagios-nrpe-config (40) unstable; urgency=low
+
+ * Teach dsa-check-hpacucli about rebuilding.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 9 May 2008 12:55:07 +0000
+
+dsa-nagios-nrpe-config (39) unstable; urgency=low
+
+ * Add dsa-check-hpacucli.
+ * Suggest hpacucli.
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 7 May 2008 19:54:55 +0000
+
+dsa-nagios-nrpe-config (38) unstable; urgency=low
+
+ * Try harder to find version string.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 5 May 2008 17:48:42 +0000
+
+dsa-nagios-nrpe-config (37) unstable; urgency=low
+
+ * dsa-check-running-kernel: also check /boot/vmlinux-`uname -r`
+ * Depend on binutils for string(1).
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 5 May 2008 17:41:13 +0000
+
+dsa-nagios-nrpe-config (36) unstable; urgency=low
+
+ * Add dsa-check-running-kernel
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 5 May 2008 17:11:54 +0000
+
+dsa-nagios-nrpe-config (35) unstable; urgency=low
+
+ * dsa-check-raid-mpt
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 29 Apr 2008 12:57:50 +0000
+
+dsa-nagios-nrpe-config (34) unstable; urgency=low
+
+ * dsa-check-raid-3ware
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 24 Apr 2008 19:37:47 +0000
+
+dsa-nagios-nrpe-config (33) unstable; urgency=low
+
+ * Add dsa-check-raid-dac960
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 24 Apr 2008 19:20:57 +0000
+
+dsa-nagios-nrpe-config (32) unstable; urgency=low
+
+ * Add dsa-check-udldap-freshness.
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 16 Apr 2008 07:39:21 -0400
+
+dsa-nagios-nrpe-config (31) unstable; urgency=low
+
+ * dsa-check-dabackup: Use last time's log file if backup is currently running.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 17:37:54 -0400
+
+dsa-nagios-nrpe-config (30) unstable; urgency=low
+
+ * dsa-check-raid-sw: cleaner output.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 17:05:17 -0400
+
+dsa-nagios-nrpe-config (29) unstable; urgency=low
+
+ * dsa-check-dabackup: terser output.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 13:09:07 -0400
+
+dsa-nagios-nrpe-config (28) unstable; urgency=low
+
+ * dsa-check-dabackup: ignore .bak files in confdir.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:23:25 -0400
+
+dsa-nagios-nrpe-config (27) unstable; urgency=low
+
+ * Change OK text when da-backup not installed.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:19:00 -0400
+
+dsa-nagios-nrpe-config (26) unstable; urgency=low
+
+ * dsa-check-dabackup: Warn if installed but no backups configured.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:13:30 -0400
+
+dsa-nagios-nrpe-config (25) unstable; urgency=low
+
+ * Install dsa-check-dabackup
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:05:11 -0400
+
+dsa-nagios-nrpe-config (24) unstable; urgency=low
+
+ * Check for dsa-check-backup sudoers entry
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 11:48:48 -0400
+
+dsa-nagios-nrpe-config (23) unstable; urgency=low
+
+ * Add dsa-check-dabackup
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 10:56:32 -0400
+
+dsa-nagios-nrpe-config (22) unstable; urgency=low
+
+ * Add a very easy dsa-check-da-in-aliases.
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 11 Apr 2008 10:25:54 -0400
+
+dsa-nagios-nrpe-config (21) unstable; urgency=low
+
+ * Add dsa-check-raid-sw.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 3 Apr 2008 06:22:44 -0400
+
+dsa-nagios-nrpe-config (20) unstable; urgency=low
+
+ * Do away with a new changelog entry and version for every build of the
+ package - it floods us with useless commit mails - and just
+ increase the version to $TIMESTAMP in the build area.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 3 Apr 2008 05:38:27 -0400
+
+dsa-nagios-nrpe-config (1) unstable; urgency=low
+
+ * Initial release.
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 2 Apr 2008 22:24:12 +0200
--- /dev/null
+Source: dsa-nagios-nrpe-config
+Section: local
+Priority: extra
+Maintainer: Peter Palfrader <weasel@debian.org>
+Build-Depends: debhelper (>= 5)
+Standards-Version: 3.7.2
+
+Package: dsa-nagios-nrpe-config
+Architecture: all
+Depends: nagios-nrpe-server, nagios-plugins-basic, ${misc:Depends}, binutils, libberkeleydb-perl, dsa-ssh-weak-keys, ruby
+Suggests: hpacucli
+Description: debian.org nagios-nrpe-server configuration
+ This package provides the debian.org configuration for the
+ nagios-nrpe-server, automatically created from the debian.org
+ nagios setup.
+ .
+ It also ships a few nagios checks.
--- /dev/null
+This package was debianized by Peter Palfrader <weasel@debian.org> on
+Wed, 2 Apr 2008 22:19:07 +0200.
+
+The config file shipped with this package is generated automatically
+from the debian.org nagios config.
+
+
+########################################################################
+dsa-check-raid-sw:
+ Copied from http://svn.noreply.org/svn/weaselutils/trunk/nagios-check-raid.pl at r330
+ Copyright 2003 Thomas Nilsen
+ Copyright 2004, 2007, 2008 Peter Palfrader
+ License: GPL
+
+########################################################################
+dsa-check-dabackup:
+ Copyright: 2007 Stephen Gran
+ Copyright: 2008 Peter Palfrader
+ License: MIT
+
+########################################################################
+dsa-check-dabackup-server:
+ Copyright: 2008 Peter Palfrader
+ License: MIT
+
+########################################################################
+dsa-check-raid-3ware:
+ Copyright: 2006 Peter Palfrader
+ License: MIT
+
+########################################################################
+dsa-check-running-kernel:
+ Copyright: 2008 Peter Palfrader
+ License: MIT
+
+########################################################################
+dsa-check-hpacucli:
+ Copyright: 2008 Peter Palfrader
+ License: MIT
+
+########################################################################
+dsa-check-statusfile:
+ Copyright: 2008 Peter Palfrader
+ License: MIT
+
+########################################################################
+weak-ssh-keys-check:
+ Copyright: 2008 Florian Weimer, Alexander Wirt
+ License: ISC
+
+########################################################################
+apt-status-check:
+ Copyright (C) 2004 SILVER SERVER Gmbh
+ Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader
+ License: GPL
+
+########################################################################
+dsa-check-samhain:
+ Copyright: 2004 Rainer Wichmann
+ Copyright: 2008 Martin Zobel-Helas
+ License: GPL
+
+########################################################################
+dsa-check-raid-areca:
+ Copyright: 2007, 2008 Erinn Looney-Triggs
+ License: GPL
+
+########################################################################
+dsa-check-mirrorsync:
+ Copyright: 2008: Alexander Wirt
+ Copyright: 2008: Peter Palfrader
+ License: GPL
+
+########################################################################
+dsa-check-packages:
+ Copyright: 2008,2009 Peter Palfrader
+ License: MIT
+
+########################################################################
+dsa-check-soas:
+ Copyright: 2006 Peter Palfrader
+ License: MIT
--- /dev/null
+@reboot root sleep 10m && [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys
+@daily root [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys
+
+@hourly root [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status
+13 */4 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && /usr/sbin/dsa-update-samhain-status
+
+# vim:ft=crontab:
--- /dev/null
+etc/nagios
+usr/lib/nagios/plugins
+usr/share/dsa
+var/cache/dsa/nagios
+usr/sbin
--- /dev/null
+#!/bin/sh
+
+set -e
+
+NAGIOS_MASTER=192.25.206.57
+
+if [ -e /etc/nagios/nrpe.cfg ] ; then
+ if ! grep '^include=/etc/nagios/nrpe_dsa.cfg$' /etc/nagios/nrpe.cfg > /dev/null; then
+ echo
+ echo "WARNING: /etc/nagios/nrpe.cfg does not include /etc/nagios/nrpe_dsa.cfg. Please fix."
+ echo
+ fi
+ if ! grep '^allowed_hosts=' /etc/nagios/nrpe.cfg > /dev/null; then
+ echo
+ echo "WARNING: /etc/nagios/nrpe.cfg does not define allowed_hosts. Please fix (set allowed_hosts=$NAGIOS_MASTER)."
+ echo
+ else
+ found=0
+ for host in `grep '^allowed_hosts=' /etc/nagios/nrpe.cfg | sed -e 's/.*=//' | tr ',' "\n"`; do
+ if [ "$host" = "$NAGIOS_MASTER" ]; then
+ found=1
+ break
+ fi
+ done
+ if [ "$found" = "0" ]; then
+ echo
+ echo "WARNING: /etc/nagios/nrpe.cfg does not have $NAGIOS_MASTER in allowed_hosts. Please fix."
+ echo
+ fi
+ fi
+fi
+
+if [ -e /etc/default/nagios-nrpe-server ] ; then
+ if ! grep '^DAEMON_OPTS="--no-ssl"$' /etc/default/nagios-nrpe-server > /dev/null; then
+ echo
+ echo "WARNING: /etc/default/nagios-nrpe-server probably does not set DAEMON_OPTS=\"--no-ssl\". Please fix."
+ echo
+ fi
+fi
+
+if [ -e /etc/sudoers ] ; then
+ if ! grep '^nagios.*/usr/lib/nagios/plugins/dsa-check-dabackup' /etc/sudoers > /dev/null; then
+ echo
+ echo 'WARNIG: Add this line to sudoers:'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""'
+ echo
+ fi
+fi
+
+if [ -e /etc/sudoers ] ; then
+ if ! grep '^nagios.*/usr/sbin/samhain' /etc/sudoers > /dev/null; then
+ echo
+ echo 'WARNIG: Add this line to sudoers:'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none'
+ echo
+ fi
+fi
+
+if [ -e /usr/sbin/hpacucli ] && [ -e /dev/cciss/c0d0 ] ; then
+ if ! grep '^nagios.*hpacucli' /etc/sudoers > /dev/null; then
+ echo
+ echo 'WARNIG: Add these lines to sudoers:'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status'
+ echo
+ elif ! grep '^nagios.*hpacucli.* pd .*:.* show' /etc/sudoers > /dev/null; then
+ echo
+ echo 'WARNIG: Add these lines to sudoers:'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show'
+ echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show'
+ fi
+fi
+
+if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ invoke-rc.d nagios-nrpe-server restart || exit $?
+else
+ /etc/init.d/nagios-nrpe-server restart || exit $?
+fi
+
+/usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# postrm script for dsa-ssh-weak-keys
+#
+# see: dh_installdeb(1)
+
+set -e
+
+case "$1" in
+ purge)
+ rm -f /var/cache/dsa/nagios/weak-ssh-keys
+ ;;
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/usr/bin/make -f
+
+clean:
+ dh_testdir
+ dh_testroot
+ dh_clean
+
+build:
+
+install:
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ install -m 644 nrpe_dsa.cfg $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios
+ install -m 755 dsa-check-hpacucli $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-raid-areca $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-raid-dac960 $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-raid-mpt $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-raid-sw $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-raid-3ware $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-running-kernel $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-config $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-dabackup $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-dabackup-server $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-udldap-freshness $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-statusfile $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-samhain $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-mirrorsync $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-soas $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+
+ install -m 755 dsa-check-puppet $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 755 dsa-check-packages $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
+ install -m 644 obsolete-packages-ignore $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios
+
+ install -m 755 apt-status-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa
+ install -m 755 weak-ssh-keys-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa
+
+ install -m 755 dsa-update-apt-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin
+ install -m 755 dsa-update-samhain-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin
+
+
+binary-indep: install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installcron
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary-arch: install
+binary: binary-indep binary-arch
+
+.PHONY: clean binary-indep binary-arch binary install build
--- /dev/null
+#!/bin/sh
+
+# Check that debian-admin is in /etc/aliases for root.
+# Peter Palfrader, 2008
+
+#my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 );
+
+set -e
+err=0
+
+log() {
+ if [ "$0" == "ok" ] && [ "$err" == 0 ]; then
+ err=0
+ elif [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then
+ err=1
+ elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then
+ err=2
+ elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then
+ err=3
+ fi
+ if [ "`eval echo \\$$1`" = "" ]; then
+ eval $1="\"$2\""
+ else
+ eval $1="\"`eval echo \\$$1`; $2\""
+ fi
+}
+
+
+check_aliases() {
+ if ! [ -e /etc/aliases ]; then
+ log unknown "/etc/aliases not found"
+ return
+ fi
+
+ if egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
+ log ok "debian-admin found in aliases"
+ return
+ fi
+
+ log warn "debian-admin not found in root entry in aliases"
+}
+
+check_ldap_conf() {
+ if ! [ -e /etc/ldap/ldap.conf ]; then
+ log unknown "/etc/ldap/ldap.conf not found"
+ return
+ fi
+
+ if egrep '^URI.*ldap://db.debian.org' /etc/ldap/ldap.conf > /dev/null &&
+ egrep '^BASE.*dc=debian,dc=org' /etc/ldap/ldap.conf > /dev/null &&
+ egrep '^TLS_CACERT.*/etc/ssl/certs/spi-cacert-2008.pem' /etc/ldap/ldap.conf > /dev/null &&
+ egrep '^TLS_REQCERT.*hard' /etc/ldap/ldap.conf > /dev/null ; then
+ log ok "ldap.conf configured properly"
+ return
+ fi
+
+ log warn "ldap.conf does not have URI, BASE, TLS_CACERT, TLS_REQCERT all configured correctly"
+}
+
+check_aliases
+check_ldap_conf
+
+[ "$critical" = "" ] || echo -n "Critical: $critical; "
+[ "$warn" = "" ] || echo -n "Warning: $warn; "
+[ "$unknown" = "" ] || echo -n "Unknown: $unknown; "
+[ "$ok" = "" ] || echo -n "OK: $ok"
+echo
+exit $err
--- /dev/null
+#!/usr/bin/perl -w
+
+# Check the status of da-backup backups
+# Copyright 2007 Stephen Gran <sgran@debian.org>
+# Copyright 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+use strict;
+use warnings;
+use English;
+use Getopt::Long;
+use Fcntl qw(:seek);
+
+my $DABACKUP_CONF = '/etc/da-backup.conf';
+my $MAX_AGE = 30*60*60;
+my $TOO_FRESH = 5*60;
+my %CODE = (
+ 'UNDEF' => -1,
+ 'OK' => 0,
+ 'WARNING' => 1,
+ 'CRITICAL' => 2,
+ 'UNKNOWN' => 3
+);
+$SIG{__DIE__ } = sub() {
+ print shift;
+ exit $CODE{'UNKNOWN'};
+};
+
+
+my $EXITCODE = 'UNDEF';
+my %MESSAGE = ();
+
+sub problem($$$) {
+ my ($code, $msg, $resource) = @_;
+ $MESSAGE{$msg} = [] unless defined $MESSAGE{$msg};
+ push @{$MESSAGE{$msg}}, $resource;
+ $EXITCODE = ($CODE{$code} > $CODE{$EXITCODE}) ? $code : $EXITCODE;
+};
+
+
+sub help($$) {
+ my ($exitcode, $fd) = @_;
+ version ($fd, 0);
+ print $fd "Usage: $PROGRAM_NAME --help\n";
+ print $fd "Usage: $PROGRAM_NAME";
+ exit $exitcode
+};
+
+my $params = {};
+
+Getopt::Long::config('bundling');
+if (!GetOptions (
+ 'h|help' => \$params->{'help'},
+ )) {
+ die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [-fwhv]\n");
+};
+
+help(0, *STDOUT) if $params->{'help'};
+help(1, *STDERR) if scalar @ARGV > 0;
+
+
+unless (-e $DABACKUP_CONF) {
+ if (-e '/etc/da-backup') {
+ print "WARNING: No $DABACKUP_CONF, but we have /etc/da-backup/\n";
+ exit $CODE{'WARNING'};
+ };
+ if (-e '/var/log/da-backup') {
+ print "WARNING: No $DABACKUP_CONF, but we have /var/log/da-backup/\n";
+ exit $CODE{'WARNING'};
+ };
+ print "OK: da-backup not installed\n";
+ exit $CODE{'OK'};
+};
+
+my $confdir;
+my $logdir;
+
+open (FH, "< $DABACKUP_CONF") or die ("Cannot open $DABACKUP_CONF: $!\n");
+while (<FH>) {
+ if (/confdir=(.*)/) {
+ $confdir = $1;
+ } elsif (/logdir=(.*)/) {
+ $logdir = $1;
+ };
+};
+
+die ("No confdir found in $DABACKUP_CONF") unless defined $confdir;
+die ("No logdir found in $DABACKUP_CONF") unless defined $logdir;
+
+opendir(DIR, $confdir) or die ("Cannot opendir $confdir: $!\n");
+my %conffiles = map {$_ => 1} grep { !/^\./ && !/\.bak$/} readdir(DIR);
+closedir(DIR);
+
+opendir(DIR, $logdir) or die ("Cannot opendir $logdir: $!\n");
+my %logfiles = map {$_ => 1} grep { !/^\./ && !/\.[0-9]+(\.gz)?$/} readdir(DIR);
+closedir(DIR);
+
+if (scalar keys %conffiles == 0) {
+ print "WARNING: da-backup installed but no backups configured\n";
+ exit $CODE{'WARNING'};
+};
+
+for my $f (keys %conffiles) {
+ unless (exists $logfiles{$f}) {
+ problem('WARNING', 'no log', $f);
+ }
+}
+
+FILE:
+for my $f (sort {$a cmp $b} keys %logfiles) {
+ unless (exists $conffiles{$f}) {
+ problem('WARNING', 'no config', $f);
+ next;
+ }
+
+ my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n");
+ my $age = time - $stat[10];
+
+ if ($age < $TOO_FRESH) { # File is too new, let's use the old one
+ if (-e "$logdir/$f.0") {
+ $f .= ".0";
+ my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n");
+ $age = time - $stat[10];
+ };
+ };
+
+ if ($age < 0) {
+ problem('WARNING', 'future timestamp', $f);
+ next;
+ } elsif ($age > $MAX_AGE) {
+ my $hage;
+
+ if ($age > 48 * 3600) {
+ $hage = sprintf("%d days", $age / 24 / 3600);
+ } else {
+ $hage = sprintf("%d hours", $age / 3600);
+ };
+ problem('WARNING', 'old', "$f ($hage)");
+ next;
+ };
+
+ open(FH, "< $logdir/$f") or die ("Cannot open $logdir/$f: $!\n");
+ sysseek(FH, -1024, SEEK_END); # just try it - doesn't matter if it fails
+ my $last2 = '';
+ my $last = '';
+ while (<FH>) {
+ chomp;
+ if (/^sent\s+\d+\s+bytes\s+received\s+\d+\s+bytes\s+[\d\.]+\s+bytes\/sec$/) {
+ problem('OK', 'probably ok', $f);
+ close(FH);
+ next FILE;
+ };
+ $last2 = $last;
+ $last = $_;
+ };
+ problem('CRITICAL', 'FAILED', "$f ($last2 $last)");
+};
+
+my $msg = join("; ", map {"$_: ".join(', ', @{$MESSAGE{$_}}) } (sort {$a cmp $b} keys %MESSAGE));
+print $EXITCODE, ": ", $msg, "\n";
+exit $CODE{$EXITCODE};
--- /dev/null
+#!/bin/sh
+
+# some tests weasel uses to check if da-backup is properly configured:
+# Copyright 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+set -e
+set -u
+
+err=0
+
+log() {
+ if [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then
+ err=1
+ elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then
+ err=2
+ elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then
+ err=3
+ fi
+}
+
+cd /etc/da-backup-manager
+
+# check that the files have proper names
+for i in *; do
+ s=`cat "$i" | awk -F = '$1=="source" {print $2}'`
+ if [ "$s" = "master.debian.org/debian" ] && [ "$i" = "listarchive" ]; then
+ # historical exception
+ continue
+ fi
+ if [ "`echo $s | tr / -`" != "$i" ]; then
+ log warn
+ echo "Mismatch: Filename $i but backup source $s"
+ fi
+done
+
+# and that source == destination everywhere
+for i in *; do
+ s=`cat $i | awk -F = '$1=="source"{print $2}'`
+ d=`cat $i | awk -F = '$1=="destination"{print $2}'`
+ if [ "$d" != "$s" ]; then
+ log warn
+ echo "source != dest in $i. ($s != $d)"
+ fi
+done
+
+# check that everything that has an entry in authorized_keys has one in /etc/da-backup-manager
+rsync_targets=`tempfile`
+backup_manager_sources=`tempfile`
+trap "rm -f '$rsync_targets' '$backup_manager_sources'" 0 1 2 5 15
+cat /root/.ssh/authorized_keys |
+ grep '^command=' |
+ sed -e 's/",no-por.*//' -e 's/.*--ignore-errors . //' -e 's#/org/backup.debian.org/staging/##' |
+ sort > "$rsync_targets"
+grep -h source /etc/da-backup-manager/* |
+ sed -e 's/source=//' |
+ sort > "$backup_manager_sources"
+if ! diff "$rsync_targets" "$backup_manager_sources" > /dev/null; then
+ log warn
+ echo "authorized_keys vs. /etc/da-backup-manage mismatch:"
+ diff "$rsync_targets" "$backup_manager_sources"
+fi
+
+# check that everything listed as either source or destination by da-backup-manager does exist - if stuff is new it might still be missing tho
+for i in `awk -F = '$1=="source" {print $2}' /etc/da-backup-manager/* `; do
+ if ! [ -d "/org/backup.debian.org/staging/$i" ]; then
+ log warn
+ echo "Warning: source $i does not exist"
+ fi
+done
+for i in ` awk -F = '$1=="destination"{print $2}' /etc/da-backup-manager/* `; do
+ if ! [ -d "/org/backup.debian.org/backups/$i" ]; then
+ log warn
+ echo "Warning: destination $i does not exist (if it is new, it takes a day)"
+ fi
+done
+
+# check that everything that does exist has an entry in da-backup-manager
+cd /org/backup.debian.org/staging
+for i in */*; do
+ if ! [ -d "$i" ]; then
+ log warn
+ echo "WTF: staging/$i is not a dir"
+ continue
+ fi
+ if ! grep "source=$i" /etc/da-backup-manager/* > /dev/null; then
+ log warn
+ echo "staging/$i is not listed anywhere in /etc/da-backup-manager"
+ fi
+done
+cd /org/backup.debian.org/backups
+for i in */*; do
+ if ! [ -d "$i" ]; then
+ log warn
+ echo "WTF: backups/$i is not a dir"
+ continue
+ fi
+ if ! grep "destination=$i" /etc/da-backup-manager/* > /dev/null; then
+ log warn
+ echo "backups/$i is not listed anywhere in /etc/da-backup-manager"
+ fi
+done
+
+if [ "$err" = 0 ]; then
+ echo "da-backup seems to be properly configured"
+fi
+exit $err
--- /dev/null
+#!/usr/bin/perl -w
+
+# check _physical_ disk status of disks on HP smart array controllers
+# requires hpacucli
+#
+# does _not_ check raid status. use arrayprobe for that.
+
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+use strict;
+
+# nagios exit codes
+my %CODE = (
+ 'OK' => 0,
+ 'WARNING' => 1,
+ 'CRITICAL' => 2,
+ 'UNKNOWN' => 3
+);
+
+my $EXITCODE = 'OK';
+
+$SIG{'__DIE__'} = sub {
+ print STDERR @_;
+ exit $CODE{'UNKNOWN'};
+};
+
+sub runcmd($) {
+ my ($cmd) = @_;
+ $cmd = "sudo hpacucli $cmd";
+ open(FH, $cmd."|") or die ("Cannot run $cmd: $!");
+ my @lines = <FH>;
+ close FH;
+ die ("no results from $cmd\n") if (scalar @lines == 0);
+ return \@lines;
+}
+
+sub record($) {
+ my ($newexit) = @_;
+ die "code $newexit not defined\n" unless defined $CODE{$newexit};
+
+ if ($CODE{$newexit} > $CODE{$EXITCODE}) {
+ $EXITCODE = $newexit;
+ };
+}
+
+
+my $ctrlallshow = runcmd("controller all show");
+my @controllers;
+for (@$ctrlallshow) {
+ chomp;
+ next if /^$/;
+ if (/in Slot ([0-9]+) /) {
+ push @controllers, $1;
+ next;
+ };
+ die ("Cannot read line '$_' gotten from hpacucli controller all show\n");
+};
+
+if (scalar @controllers == 0) {
+ print "UNKNONW: No smartarray controllers found with hpacucli\n";
+ exit $CODE{'UNKNOWN'}
+};
+
+my @resultstr;
+
+for my $slot (sort @controllers) {
+ my $pds = runcmd("controller slot=$slot pd all show");
+ my @drives;
+ my $nodrives = 0;
+ my %status;
+ for (@$pds) {
+ chomp;
+ next if /^$/;
+ next if (/^\S.*in Slot $slot/);
+ next if /^ *array [A-Z]$/;
+ if (/^ *(array [A-Z]) \(Failed\)$/) {
+ record('CRITICAL');
+ push @{$status{'Failed'}}, $1;
+ } elsif (/^Error: The specified controller does not have any physical drives on it.$/) {
+ $nodrives = 1;
+ } elsif (/^ *physicaldrive (\S+) .* (OK|Predictive Failure|Failed|Rebuilding)(?:, spare)?\)$/) {
+ my $drive = $1;
+ my $status = $2;
+ push @{$status{$status}}, $drive;
+ if ($status eq 'OK') {
+ } elsif ($status eq 'Predictive Failure' ||
+ $status eq 'Rebuilding') {
+ record('WARNING');
+ } elsif ($status eq 'Failed') {
+ record('CRITICAL');
+ } else {
+ record('UNKNOWN');
+ };
+ push @drives, $drive;
+ } else {
+ die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot pd all show\n");
+ };
+ };
+
+ # Check that all drives have the proper transfer speed.
+ # sometimes stuff breaks and they fall back to 10mb/sec.
+ for my $drive (@drives) {
+ # skip drives that are known to have failed
+ next if (exists $status{'Failed'} && grep {$drive eq $_} @{$status{'Failed'}});
+ my $type;
+ if ($drive =~ /^[0-9]+:[0-9]+$/) { # scsi drives
+ $type = 'SCSI';
+ } elsif ($drive =~ /^[0-9]+I:[0-9]+:[0-9]+$/) { # SAS
+ $type = 'SAS';
+ } else {
+ # I'm not going to run pass arguments of unknown form to the shell..
+ warn ("Unknown diskdrive ID $drive\n");
+ next;
+ }
+
+ my $pd = runcmd("controller slot=$slot pd $drive show");
+ while (defined $pd->[0] && !($pd->[0] =~ /physicaldrive/)) {
+ shift @$pd;
+ };
+ shift @$pd;
+ my %value;
+ for (@$pd) {
+ if (m/^\s*(.*?):\s*(.*?)\s*$/) {
+ $value{$1} = $2;
+ }
+ }
+
+ my $key;
+ my $expected;
+ if ($type eq 'SCSI') {
+ $key = 'Transfer Speed';
+ if (!defined $value{'Transfer Mode'}) {
+ record('WARNING');
+ push @{$status{'unknown transfer mode'}}, $drive;
+ next;
+ } elsif ($value{'Transfer Mode'} eq 'Ultra 3 Wide') {
+ $expected = '160 MB/Sec';
+ } elsif ($value{'Transfer Mode'} eq 'Ultra 320 Wide') {
+ $expected = '320 MB/Sec';
+ } else {
+ record('WARNING');
+ push @{$status{'unknown transfer mode'}}, $drive."(".$value{'Transfer Mode'}.")";
+ next;
+ };
+ } elsif ($type eq 'SAS') {
+ $key = 'PHY Transfer Rate';
+ if ($value{'PHY Count'} eq '2') {
+ $expected = '3.0GBPS, Unknown';
+ } else {
+ $expected = '3.0GBPS';
+ }
+ } else {
+ warn "Should not be here. Do not know what to do with type '$type'\n";
+ next;
+ }
+
+ if (!defined $value{$key}) {
+ record('WARNING');
+ push @{$status{'unknown transfer speed'}}, $drive;
+ } elsif ($value{$key} ne $expected) {
+ record('WARNING');
+ push @{$status{'bad transfer speed'}}, $drive."(".$value{$key}.")";
+ };
+ };
+
+ if ($nodrives && scalar keys %status > 0) {
+ push @resultstr, "Slot $slot: have no drives but status results?";
+ record('UNKNOWN');
+ next;
+ } elsif ($nodrives) {
+ push @resultstr, "Slot $slot: no drives";
+ next;
+ };
+
+ my $cst = runcmd("controller slot=$slot show status");
+ for (@$cst) {
+ chomp;
+ next if /^$/;
+ next if (/^\S.*in Slot $slot/);
+ if (/^ *(.*) Status: (.*)$/) {
+ my $system = $1;
+ my $status = $2;
+ push @{$status{$status}}, $system;
+ if ($status ne 'OK') {
+ record('WARNING');
+ };
+ } else {
+ die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot show status\n");
+ };
+ };
+
+ my $status = join(" - ", (map { $_.": ".join(", ", @{$status{$_}}) } keys %status));
+ push @resultstr, "Slot $slot: $status";
+};
+
+print "$EXITCODE: ", join(" --- ", @resultstr), "\n";
+exit $CODE{$EXITCODE};
--- /dev/null
+#!/usr/bin/perl -w
+
+# nagios check for debian security sync checks
+#
+# Copyright (c) 2008 Alexander Wirt <formorer@debian.org>
+# Copyright (c) 2009 Peter Palfrader <peter@palfrader.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+
+use LWP::UserAgent;
+use Socket;
+use strict;
+use Date::Parse;
+use Getopt::Long;
+use Date::Parse;
+use Date::Format;
+use File::Basename;
+use English;
+use warnings;
+
+
+sub usage($$) {
+ my ($fh, $exit) = @_;
+ my $basename = basename($PROGRAM_NAME);
+ my $VERSION = '0.1';
+
+ print $fh "$basename $VERSION\n";
+ print $fh "Usage: $basename [--help|--version] [--verbose]\n";
+ print $fh "\n";
+ print $fh " --help Print this short help.\n";
+ print $fh " --version Report version number.\n";
+ print $fh " --verbose Be a little verbose.\n";
+ print $fh " --host hostname to check.\n";
+ print $fh " --path path to tracefile.\n";
+ print $fh "\n";
+ exit ($exit);
+};
+
+
+$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
+my $params;
+
+$params->{'host'} = 'security.debian.org'; #which host to check
+$params->{'path'} = 'project/trace/security-master.debian.org';
+
+my $OK = 0;
+my $WARNING = 1;
+my $CRITICAL = 2;
+my $UNKNOWN = 3;
+
+if (!GetOptions (
+ '--help' => \$params->{'help'},
+ '--verbose' => \$params->{'verbose'},
+ '--version' => \$params->{'version'},
+ '--host=s' => \$params->{'host'},
+ '--path=s' => \$params->{'path'},
+ )) {
+ usage(*STDERR,1)
+};
+usage(*STDOUT,0) if ($params->{'help'});
+usage(*STDERR,1) if (scalar @ARGV);
+
+my $host = $params->{'host'};
+my $path = $params->{'path'};
+my @slaves;
+my $status;
+my @exitstatus;
+my $exitcode = $OK;
+
+@slaves = gethostbyname($params->{'host'}) or die "Can't resolve " . $params->{'host'} .": $!\n";
+@slaves = map { inet_ntoa($_) } @slaves[4 .. $#slaves];
+print "Checking the following hosts:\n" . join("\n", @slaves) . "\n" if $params->{'verbose'};
+
+my @critical;
+
+foreach my $slave (@slaves) {
+ my $ua = LWP::UserAgent->new;
+ $ua->proxy('http', "http://$slave");
+ print "Requesting http://$host/$path from $slave\n" if $params->{'verbose'};
+ my $response = $ua->get("http://$host/$path");
+
+
+ if ($response->is_success) {
+ my $content = $response->content; # or whatever
+ my ($date, $foo, $bar) = split("\n", $content);
+ my $synctime = str2time($date);;
+ print "$slave last synced $synctime\n" if $params->{'verbose'};
+ $status->{$slave}->{'synced'} = $synctime;
+ }
+ else {
+ push @exitstatus, "$slave broken: " . $response->status_line;
+ $status->{$slave}->{'error'} = $response->status_line;
+ $exitcode = $CRITICAL;
+ push @critical, $slave;
+ }
+}
+
+
+my %seen;
+my $o_sync = scalar(grep !$seen{$_}++, map{$status->{$_}->{'synced'}} keys(%{$status}));
+if ($o_sync > 1) {
+ $exitcode = $CRITICAL;
+ $o_sync -= 1;
+ my @mirrors = sort { $status->{$a}->{'synced'} <=> $status->{$b}->{'synced'} } keys %{$status};
+ push @exitstatus, "$o_sync mirror(s) not in sync (from oldest to newest): ".
+ join(",", splice(@mirrors,0,$o_sync));
+} else {
+ print "All mirrors unique\n" if $params->{'verbose'};
+}
+
+if ($exitcode == $CRITICAL) {
+ print "CRITICAL: " . join(',',@exitstatus) . "\n";
+} elsif ($exitcode == $OK) {
+ print "OK: all mirrors up2date\n";
+}
+
+foreach my $mirror (keys(%{$status})) {
+ if ($status->{$mirror}->{'error'}) {
+ print "$mirror broken: " . $status->{$mirror}->{'error'} . "\n";
+ } else {
+ print "$mirror last synced: " . localtime($status->{$mirror}->{'synced'}) ."\n";
+ }
+}
+
+exit $exitcode;
--- /dev/null
+#!/usr/bin/perl
+
+# dsa-check-packages
+
+# checks for obsolete/local and upgradeable packages.
+#
+# packages for the obsolete/local check can be ignored, by
+# listing their full name in /etc/nagios/obsolete-packages-ignore
+# or by having a regex (starting a line with "/") that matches
+# the packagename in said file.
+#
+# Takes one optional argument, the location of the ignore file.
+
+
+# Copyright (C) 2008, 2009 Peter Palfrader <peter@palfrader.org>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+use strict;
+use warnings;
+use English;
+
+my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
+
+my %CODE = (
+ 'OK' => 0,
+ 'WARNING' => 1,
+ 'CRITICAL' => 2,
+ 'UNKNOWN' => 3
+);
+my $EXITCODE = 'OK';
+sub record($) {
+ my ($newexit) = @_;
+ die "code $newexit not defined\n" unless defined $CODE{$newexit};
+
+ if ($CODE{$newexit} > $CODE{$EXITCODE}) {
+ $EXITCODE = $newexit;
+ };
+}
+
+
+
+sub get_packages {
+ $ENV{'COLUMNS'} = 1000;
+ $ENV{'LC_ALL'} = 'C';
+ open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
+ my @lines = <F>;
+ close(F);
+ chomp(@lines);
+
+ shift @lines while ($lines[0] !~ /\+\+\+/);
+ shift @lines;
+
+ my %pkgs;
+ for my $line (@lines) {
+ my ($state, $pkg, $version, undef) = split(/ */, $line);
+ $pkgs{$state}{$pkg} = { 'installed' => $version }
+ }
+
+ my $installed = $pkgs{'ii'};
+ delete $pkgs{'ii'};
+
+ open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
+ open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
+
+ open (F, "apt-cache policy ".(join(" ", keys(%$installed)))." |") or die ("Cannot run apt-cache policy: $!\n");
+ @lines = <F>;
+ close(F);
+ chomp(@lines);
+ open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
+
+ my $line;
+ my $pkgname = undef;
+ while (defined($line = shift @lines)) {
+ if ($line =~ /^([^ ]*):$/) {
+ $pkgname = $1;
+ } elsif ($line =~ /^ +Installed: (.*)$/) {
+ # etch dpkg -l does not print epochs, so use this info, it's better
+ $installed->{$pkgname}{'installed'} = $1;
+ } elsif ($line =~ /^ +Candidate: (.*)$/) {
+ $installed->{$pkgname}{'candidate'} = $1;
+ } elsif ($line =~ /^ +\*\*\*/) {
+ my @l;
+ @l = split(/ +/, $line);
+ $line = shift @lines;
+ @l = split(/ +/, $line);
+ $installed->{$pkgname}{'origin'} = $l[2];
+ }
+ }
+
+ my (%current, %obsolete, %outofdate);
+ for my $pkgname (keys %$installed) {
+ my $pkg = $installed->{$pkgname};
+
+ unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
+ $obsolete{$pkgname} = $pkg;
+ next;
+ }
+
+ if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
+ $outofdate{$pkgname} = $pkg;
+ next;
+ };
+ if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
+ $obsolete{$pkgname} = $pkg;
+ next;
+ }
+ $current{$pkgname} = $pkg;
+ }
+
+ $pkgs{'current'} = \%current;
+ $pkgs{'outofdate'} = \%outofdate;
+ $pkgs{'obsolete'} = \%obsolete;
+ return \%pkgs;
+}
+
+sub load_ignores {
+ my ($ignorefile, $require_file) = @_;
+
+ my @ignores;
+ if (!$require_file and ! -e $ignorefile) {
+ return \@ignores;
+ }
+
+ open (F, "< $ignorefile") or die ("Cannot open $ignorefile: $!\n");
+ @ignores = <F>;
+ close F;
+ chomp(@ignores);
+ return \@ignores;
+}
+
+sub check_ignore {
+ my ($pkg, $ignores) = @_;
+
+ my $ignore_this = 0;
+ for my $ignore (@$ignores) {
+ my $ig = $ignore;
+ return 1 if ($ig eq $pkg);
+ if (substr($ig,0,1) eq '/') {
+ substr($ig, 0, 1, '');
+ $ig =~ s,/$,,;
+ return 1 if ($pkg =~ /$ig/);
+ }
+ }
+ return 0
+}
+
+sub filter_ignored {
+ my ($packages, $ignores) = @_;
+
+ my $obs = $packages->{'obsolete'};
+
+ my (%ignored, %bad);
+ for my $pkg (keys %$obs) {
+ if (check_ignore($pkg, $ignores)) {
+ $ignored{$pkg} = $obs->{$pkg};
+ } else {
+ $bad{$pkg} = $obs->{$pkg};
+ };
+ }
+ delete $packages->{'obsolete'};
+ $packages->{'obsolete'} = \%bad;
+ $packages->{'obsolete-ignored'} = \%ignored;
+};
+
+sub usage {
+ my ($fd, $exit) = @_;
+ print $fd "Usage: $PROGRAM_NAME [<ignorefile>]\n";
+ exit $exit;
+}
+
+my $ignorefile = $IGNORE;
+my $ignorefile_userset = 0;
+usage(\*STDERR, 1) if (@ARGV > 1);
+if (@ARGV == 1) {
+ usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
+ usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
+ $ignorefile = $ARGV[0];
+ $ignorefile_userset = 1;
+};
+
+my $ignores = load_ignores($ignorefile, $ignorefile_userset);
+my $packages = get_packages();
+
+filter_ignored($packages, $ignores);
+
+
+
+my @reportform = (
+ { 'key' => 'obsolete',
+ 'listpackages' => 1,
+ 'long' => "%d local or obsolete packages: %s",
+ 'short' => "%d obs",
+ 'status' => 'WARNING' },
+ { 'key' => 'outofdate',
+ 'listpackages' => 1,
+ 'long' => "%d out of date packages: %s",
+ 'short' => "%d updates",
+ 'status' => 'WARNING' },
+ { 'key' => 'current',
+ 'listpackages' => 0,
+ 'long' => "%d packages current.",
+ 'short' => "%d ok",
+ 'status' => 'OK' },
+ { 'key' => 'obsolete-ignored',
+ 'listpackages' => 1,
+ 'long' => "%d whitelisted local or obsolete packages: %s",
+ 'short' => "%d obs(ignored)",
+ 'status' => 'OK' },
+ { 'key' => 'rc',
+ 'listpackages' => 1,
+ 'long' => "%d packages removed but not purged: %s",
+ 'short' => "%d rc",
+ 'status' => 'OK' },
+ { 'key' => 'hi',
+ 'listpackages' => 1,
+ 'long' => "%d packages on hold: %s",
+ 'short' => "%d hi",
+ 'status' => 'OK' },
+ { 'key' => 'pc',
+ 'listpackages' => 1,
+ 'long' => "%d packages requested to be purged but conffiles still installed: %s",
+ 'short' => "%d pc",
+ 'status' => 'WARNING' },
+ );
+
+my @longout;
+my @shortout;
+for my $form (@reportform) {
+ my $pkgs = $packages->{$form->{'key'}};
+ delete $packages->{$form->{'key'}};
+ my $num = scalar keys %$pkgs;
+ next unless ($num > 0);
+ if ($form->{'listpackages'}) {
+ my $list = join(", ", keys %$pkgs);
+ push @longout, sprintf($form->{'long'}, $num, $list);
+ } else {
+ push @longout, sprintf($form->{'long'}, $num);
+ };
+ push @shortout, sprintf($form->{'short'}, $num);
+ record($form->{'status'});
+};
+if (scalar keys %$packages) {
+ record('WARNING');
+ unshift @shortout, "unk: ".join(", ", keys %$packages);
+ for my $status (sort {$b cmp $a} keys %$packages) {
+ my $pkgs = $packages->{$status};
+ my $list = join(", ", keys %$pkgs);
+ unshift @longout, "Unknown package status $status: $list";
+ };
+}
+
+my $shortout = $EXITCODE.": ".join(", ", @shortout);
+my $longout = join("\n", @longout);
+
+print $shortout,"\n";
+print $longout,"\n";
+
+exit $CODE{$EXITCODE};
--- /dev/null
+#!/usr/bin/env ruby
+
+require 'optparse'
+
+class CheckPuppet
+
+ VERSION = '0.1'
+ script_name = File.basename($0)
+
+ # default options
+ OPTIONS = {
+ :statefile => "/var/lib/puppet/state/state.yaml",
+ :interval => 60,
+ }
+
+ o = OptionParser.new do |o|
+ o.set_summary_indent(' ')
+ o.banner = "Usage: #{script_name} [OPTIONS]"
+ o.define_head "The check_puppet Nagios plug-in checks that the specified " +
+ "puppet state file is no older than specified interval."
+ o.separator ""
+ o.separator "Mandatory arguments to long options are mandatory for " +
+ "short options too."
+
+ o.on("-s", "--statefile=statefile", String, "The state file",
+ "Default: #{OPTIONS[:statefile]}") { |OPTIONS[:statefile]| }
+ o.on("-i", "--interval=value", Integer,
+ "Default: #{OPTIONS[:interval]} minutes") { |OPTIONS[:interval]| }
+
+ o.separator ""
+ o.on_tail("-h", "--help", "Show this help message.") do
+ puts o
+ exit
+ end
+
+ o.parse!(ARGV)
+ end
+
+ def check_state
+
+ # Set variables
+ curt = Time.now
+ intv = OPTIONS[:interval] * 60
+
+ # Check file time
+ @modt = 0
+ begin
+ @modt = File.mtime("#{OPTIONS[:statefile]}")
+ rescue
+ @file = 3
+ end
+
+ diff = (curt - @modt).to_i
+
+ @file = 2
+ @file = 0 if diff <= intv
+
+ end
+
+ def output_status
+
+ case @file
+ when 0
+ state = "state file status okay updated on " + @modt.strftime("%m/%d/%Y at %H:%M:%S")
+ when 2
+ state = "state file is missing or older than #{OPTIONS[:interval]} minutes"
+ when 3
+ state = "state file status unknown"
+ end
+
+ case @file
+ when 0
+ status = "OK"
+ exitcode = 0
+ when 2
+ status = "CRITICAL"
+ exitcode = 2
+ when 3
+ status = "UNKNOWN"
+ exitcide = 3
+ end
+
+ puts "PUPPET " + status + ": " + state
+ exit(exitcode)
+ end
+end
+
+cp = CheckPuppet.new
+cp.check_state
+cp.output_status
+
--- /dev/null
+#!/usr/bin/perl -Tw
+
+# Copyright (C) 2006 Peter Palfrader <peter@palfrader.org>
+
+# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers:
+#
+# nagios ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
+#
+
+use strict;
+use English;
+use Getopt::Long;
+
+$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
+my $TW_CLI = '/usr/local/bin/tw_cli';
+my $SVN_REVISION_STRING = '$Rev: 313 $';
+my ($SVN_REVISION) = ($SVN_REVISION_STRING =~ /([0-9]+)/);
+ $SVN_REVISION = 'unknown' unless defined $SVN_REVISION;
+my $VERSION = '0.0.0.'.$SVN_REVISION;
+
+# nagios exit codes
+my $UNKNOWN = -1;
+my $OK = 0;
+my $WARNING = 1;
+my $CRITICAL = 2;
+
+my $params = {
+ 'no-sudo' => 0,
+ 'controller' => 0,
+ 'unit' => 0
+ };
+
+Getopt::Long::config('bundling');
+if (!GetOptions (
+ '--help' => \$params->{'help'},
+ '--version' => \$params->{'version'},
+ '--verbose' => \$params->{'verbose'},
+ '--controller=i' => \$params->{'controller'},
+ '--unit=i' => \$params->{'unit'},
+ '--no-sudo' => \$params->{'no-sudo'},
+ )) {
+ die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=<n>] [--unit=<n>]\n");
+};
+if ($params->{'help'}) {
+ print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=<n>] [--unit=<n>]\n";
+ print "Checks status of 3ware raid arrays.\n";
+ exit (0);
+};
+if ($params->{'version'}) {
+ print "nagios-check-raid-3ware $VERSION\n";
+ print "nagios check for 3ware raids\n";
+ print "Copyright (c) 2006 Peter Palfrader <peter\@palfrader.org>\n";
+ exit (0);
+};
+
+$SIG{'__DIE__'} = sub {
+ print STDERR @_;
+ exit $UNKNOWN;
+};
+
+unless (-e $TW_CLI) {
+ print "Cannot find '$TW_CLI'.\n";
+ exit $UNKNOWN;
+};
+
+my $sudo = $params->{'no-sudo'} ? '' : 'sudo ';
+my $command = "$sudo $TW_CLI info c$params->{'controller'} u$params->{'unit'} status";
+print STDERR "Running $command\n" if $params->{'verbose'};
+open (TW, "$command|") or die ("Cannot run $command: $!\n");
+my @tw=<TW>;
+close TW;
+if ($CHILD_ERROR) { # program failed
+ die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
+};
+
+
+my $exit = $UNKNOWN;
+my $msg = '';
+for my $line (@tw) {
+ chomp $line;
+ next if $line =~ /^$/;
+ my ($device, $status) = $line =~ m#^(/c[0-9]+/u[0-9]+) status = ([A-Z]+)$#;
+ unless (defined($device) && defined($status)) {
+ print "Cannot parse line '$line'\n";
+ exit $UNKNOWN;
+ };
+ if ($status eq 'OK' ||
+ $status eq 'VERIFYING') {
+ $msg .= ($msg eq '' ? '' : '; '). "$device: $status";
+ $exit = $exit > $OK ? $exit : $OK;
+ } elsif ($status eq 'DEGRADED') {
+ $msg .= ($msg eq '' ? '' : '; '). "$device: $status";
+ $exit = $exit > $CRITICAL ? $exit : $CRITICAL;
+ } elsif ($status eq 'OFFLINE') {
+ $msg .= ($msg eq '' ? '' : '; '). "$device: $status";
+ $exit = $exit > $CRITICAL ? $exit : $CRITICAL;
+ } else {
+ $msg .= ($msg eq '' ? '' : '; '). "$device: UNKNOWN STATUS '$status'";
+ $exit = $exit > $UNKNOWN ? $exit : $UNKNOWN;
+ };
+};
+
+if ($msg eq '') {
+ $msg = "No devices found";
+ die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN);
+}
+
+print $msg,"\n";
+exit $exit;
--- /dev/null
+#!/usr/bin/perl
+
+# downloaded as check_areca from
+# http://www.nagiosexchange.org/cgi-bin/page.cgi?g=1486.html;d=1
+# on 20081001 by weasel.
+#
+# local changes: fix path to areca_cli
+
+#####################################################
+#Program to check the areca RAID controller for the status of the RAID
+#Created: 2007-11-27
+#Version: 1.1.0
+#Revised: 2008-07-23
+#Revised by: Erinn Looney-Triggs
+#Author: Erinn Looney-Triggs
+#Changelog:
+#1.1: Fixed issue with newer versions of the Areca CLI > 1.72 and
+#fixed a problem where the RAID name contained spaces
+#(Reported by Daniel Philipp). Also did a bit of cleanup.
+#####################################################
+
+use Carp;
+use English qw( -no_match_vars );
+use Getopt::Long; #Grab command line switches
+use Pod::Usage;
+use strict; #Do it right
+use warnings;
+
+$ENV{PATH} = '/usr/local/bin:/usr/bin:'; #Safer path
+my $areca_cli = '/usr/local/sbin/areca-cli';
+my $timeout = '10'; #Default timeout of 10 seconds
+my $VERSION = '1.1.0'; #Version number
+
+#Nagios plugin return values, in english
+my $OK = '0';
+my $WARNING = '1';
+my $CRITICAL = '2';
+my $UNKNOWN = '3';
+
+GetOptions( 'areca_cli|A=s' => \$areca_cli,
+ 'man' => sub { pod2usage(3) },
+ 'timeout|t=i' => \$timeout,
+ 'usage' => sub { pod2usage(1) },
+ 'version' => sub { VersionMessage() },
+ 'help' => sub { pod2usage(1) },
+);
+
+sanity_checks();
+parse_areca( check_areca() );
+
+sub check_areca{
+ my @output;
+
+ #Timer operation. Times out after $timeout seconds.
+ eval {
+
+ #Set the alarm and set the timeout
+ local $SIG{ALRM} = sub { die "alarm\n" };
+ alarm $timeout;
+
+ #Run the command
+ @output = `sudo $areca_cli vsf info`;
+ if ($?){
+ print "Command: cli vsf info failed, "
+ . "$OS_ERROR $CHILD_ERROR, aborting!\n";
+ exit $CRITICAL;
+ }
+
+ #Reset the alarm if successful
+ alarm 0;
+ };
+
+ #Test return value and exit if eval caught the alarm
+ if ($EVAL_ERROR) {
+ if ( $EVAL_ERROR eq "alarm\n" ) {
+ print "Operation timed out after $timeout seconds.\n";
+ exit $CRITICAL;
+ }
+ else {
+ print "An unknown error has occured: $EVAL_ERROR \n";
+ exit $UNKNOWN;
+ }
+ }
+
+ return @output;
+}
+
+sub parse_areca{
+ my @output = @_;
+
+ my $abnormal; #Holds count of non-normal returns
+
+ my @pertinent_lines = grep (/\s\d+\s/, @output);
+
+ for my $line (@pertinent_lines){
+ #Strip of leading spaces
+ $line =~ s/^\s+//;
+
+ #Split the line into discrete parts
+ my ( $number, $level, $capacity, $state, )
+ = (split (/\s+/, "$line"))[0,-4,-3,-1];
+
+ #If the state is normal continue on in loop
+ if (lc $state eq "normal"){
+ print "|Controller number: $number RAID level: $level "
+ . "Capacity: $capacity State: $state| ";
+ }
+
+ #If state is abnormal continue on in loop but add 1 to $abnormal
+ else{
+ print "|Controller number: $number RAID level: $level "
+ . "Capacity: $capacity State: $state| ";
+ $abnormal++;
+ }
+ }
+
+ #If any abnormalities exist ext with a critical error.
+ if ($abnormal){
+ exit $CRITICAL;
+ }
+ else {
+ exit $OK;
+ }
+
+ return; #This should never be reached
+}
+
+sub sanity_checks{
+ if (! -e $areca_cli){
+ print "$areca_cli does not exist, aborting!\n";
+ exit $CRITICAL;
+ }
+ if (! -x $areca_cli){
+ print "$areca_cli is not executable by the running user, aborting!\n";
+ exit $CRITICAL;
+ }
+
+ return; #This should never be reached
+}
+
+#Version message information displayed in both --version and --help
+sub main::VersionMessage {
+
+ print <<"EOF";
+This is version $VERSION of check_areca.
+
+Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs\@gmail.com).
+All rights reserved.
+
+This module is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License.
+See http://www.fsf.org/licensing/licenses/gpl.html
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+EOF
+
+ exit 1;
+}
+
+__END__
+
+=head1 NAME
+
+check_areca - Checks the status of an Areca RAID via the Areca CLI utility.
+
+=head1 VERSION
+
+This documentation refers to check_areca version 1.1.0
+
+=head1 USAGE
+
+check_areca.pl
+
+=head1 REQUIRED ARGUMENTS
+
+None
+
+=head1 OPTIONS
+
+ --areca_cli (-A) Set the location of the Areca cli executable.
+ --help Display usage information.
+ --man Display the entire POD documentation
+ --timeout (-t) Sets the timeout, defaults to 10 seconds.
+ --usage Display usage information (same as --help)
+ --version Display the version number
+
+
+=head1 DESCRIPTION
+
+This is a Nagios plugin that runs the Areca CLI to check the status of the
+RAID controller. It then parses the resultant exit information and
+passes the output to NRPE.
+
+=head1 DIAGNOSTICS
+
+=head2 Command: cli vsf info failed, aborting!
+
+For some reason the command trying to be run failed. Try running it by hand
+and seeing if it runs properly.
+
+=head2 Operation timed out after <timeout> seconds.
+
+Running the command failed after a certain amount of time (defaults to 10
+seconds). Try using the --timeout (-t) switch and increasing the timeout
+threshold. Also try running the command by hand and see if it is hanging.
+
+=head2 An unknown error has occurred:
+
+Just what it says, running the cli command threw an unknown error and the
+process died. Run the CLI command by hand and see if you receive proper
+output.
+
+=head2 <areca cli> does not exist, aborting!
+
+The binary that the script is looking to run does not exist. By default
+check_areca looks in /usr/local/areca/bin/ for the cli. However, you can
+change this default by setting the --areca_cli (-A) flag from the command
+line
+
+=head2 <areca cli> is not executable by the running user, aborting!
+
+The cli program was found but it is not executable by the current user,
+usually this is the nagios user.
+
+=head1 CONFIGURATION AND ENVIRONMENT
+
+The Areca cli program should be available on the system. By default
+check_areca looks in /usr/local/areca/bin/cli for the cli. You can set the
+location using the --areca_cli (-A) flag from the command line.
+
+It is helpful to have an Areca RAID controller on the system being checked.
+
+=head1 DEPENDENCIES
+
+ check_areca depends on the following modules:
+ POSIX Standard Perl 5.8 module
+ Getopt::Long Standard Perl 5.8 module
+ Pod::USAGE Standard Perl 5.8 module
+
+=head1 INCOMPATIBILITIES
+
+None known yet.
+
+=head1 BUGS AND LIMITATIONS
+
+Bugs, never heard of 'em ;).
+If you encounter any bugs let me know. (erinn.looneytriggs@gmail.com)
+
+=head1 AUTHOR
+
+Erinn Looney-Triggs (erinn.looneytriggs@gmail.com)
+
+=head1 LICENCE AND COPYRIGHT
+
+Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs@gmail.com).
+All rights reserved.
+
+This module is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License.
+See L<http://www.fsf.org/licensing/licenses/gpl.html>.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--- /dev/null
+#!/bin/sh
+
+# Nagios check for Mylex DAC960/AcceleRAID/eXtremeRAID PCI RAID Controllers
+#
+# Some background information on the driver is available at
+# http://home.germany.net/100-120220/mylex/DAC960.README
+#
+# Written 2008 Peter Palfrader
+
+if [ -e /proc/rd/status ]; then
+ status=`cat /proc/rd/status`
+ if [ "$status" = "OK" ]; then
+ echo "OK: all DAC960 controllers operating normally; no (non-standby) failures have occurred"
+ exit 0;
+ else
+ echo "CRITICAL: proc/rd/status is $status"
+ exit 2;
+ fi;
+else
+ echo "UNKNOWN: No DAC960 controllers in the system"
+ exit 3;
+fi
--- /dev/null
+#!/usr/bin/perl -Tw
+
+# Copyright (C) 2008 Peter Palfrader <peter@palfrader.org>
+
+# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers:
+#
+# nagios ALL=(ALL) NOPASSWD: /usr/sbin/mpt-status -s
+#
+
+use strict;
+use English;
+use Getopt::Long;
+
+$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
+my $MPT_STATUS = '/usr/sbin/mpt-status';
+
+# nagios exit codes
+my $UNKNOWN = -1;
+my $OK = 0;
+my $WARNING = 1;
+my $CRITICAL = 2;
+
+$SIG{'__DIE__'} = sub {
+ print STDERR @_;
+ exit $UNKNOWN;
+};
+
+unless (-e $MPT_STATUS) {
+ print "Cannot find '$MPT_STATUS'.\n";
+ exit $UNKNOWN;
+};
+
+my $command = "sudo $MPT_STATUS -s";
+open (MPT, "$command|") or die ("Cannot run $command: $!\n");
+my @tw=<MPT>;
+close MPT;
+if ($CHILD_ERROR) { # program failed
+ die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
+};
+
+
+my $exit = $UNKNOWN;
+my $msg = '';
+for my $line (@tw) {
+ chomp $line;
+ next if $line =~ /^$/;
+ my ($device, $num, $status) = $line =~ m#^(log_id|vol_id|phys_id)\s+([0-9]+)\s+(.*)$#;
+ unless (defined($device) && defined($num) && defined($status)) {
+ print "Cannot parse line '$line'\n";
+ exit $UNKNOWN;
+ };
+ if ($status eq 'OPTIMAL' ||
+ $status eq 'ONLINE') {
+ $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status";
+ $exit = $exit > $OK ? $exit : $OK;
+ } else {
+ $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status";
+ $exit = $exit > $CRITICAL ? $exit : $CRITICAL;
+ };
+};
+
+if ($msg eq '') {
+ $msg = "No devices found";
+ die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN);
+}
+
+print $msg,"\n";
+exit $exit;
--- /dev/null
+#!/usr/bin/perl -w
+# ------------------------------------------------------------------------------
+# File Name: chech_raid.pl
+# Author: Thomas Nilsen - Norway
+# Date: 14/06/2003
+# Version: 0.1
+# Description: This script will check to see if any software raid
+# devices are down.
+# Email: thomas.nilsen@doc-s.co.uk
+# WWW: www.doc-s.co.uk
+# ------------------------------------------------------------------------------
+# Copyright 2003 (c) Thomas Nilsen
+# Credits go to Ethan Galstad for coding Nagios
+# License GPL
+# ------------------------------------------------------------------------------
+# Date Author Reason
+# ---- ------ ------
+# 2008-03-31 Peter Palfrader Return warning on running resync
+# 2007-11-07 Peter Palfrader Return unknown if /proc/mdstat does not exist
+# 05/10/2004 Peter Palfrader Make it work without that 'use util (vars)'
+# 14/06/2003 TN Initial Release
+# - Format of mdstat assumed to be "2 line" per
+# device with [??] on the second line.
+# ------------------------------------------------------------------------------
+
+use strict;
+use warnings;
+use Getopt::Long;;
+use vars qw($opt_V $opt_h $opt_t $opt_F $PROGNAME);
+use lib '/usr/local/nagios/libexec/';
+my $TIMEOUT=15;
+my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 );
+
+
+$PROGNAME="check_raid";
+
+sub print_help ();
+sub print_usage ();
+
+$ENV{'PATH'}='';
+$ENV{'BASH_ENV'}='';
+$ENV{'ENV'}='';
+my ( $line, $stat, $state ,@device, $msg, $status, $timeout);
+
+$stat="/proc/mdstat";
+
+#Option checking
+Getopt::Long::Configure('bundling');
+$status = GetOptions(
+ "V" => \$opt_V, "version" => \$opt_V,
+ "h" => \$opt_h, "help" => \$opt_h,
+ "F" => \$opt_F, "filename" => \$opt_F,
+ "t" => \$opt_t, "timeout" => \$opt_t);
+# Version
+if ($opt_V) {
+ print($PROGNAME,': $Revision: 0.1 $');
+ exit $ERRORS{'OK'};
+}
+# Help
+if ($opt_h) {
+ print_help();
+ exit $ERRORS{'OK'};
+}
+# Filename supplied
+if ($opt_F) {
+ $opt_F = shift;
+ $stat = $1 if ($opt_F =~ /^(.*)$/);
+
+ if ( ! -r $stat ) {
+ print "Invalid mdstat file: $opt_F\n";
+ exit $ERRORS{'UNKNOWN'};
+ }
+}
+
+$timeout = $TIMEOUT;
+($opt_t) && ($opt_t =~ /^([0-9]+)$/) && ($timeout = $1);
+
+# Just in case of problems, let's not hang Nagios
+$SIG{'ALRM'} = sub {
+ print ("ERROR: No response (alarm)\n");
+ exit $ERRORS{'UNKNOWN'};
+};
+alarm($timeout);
+
+# Start checking the file...
+open (FH, $stat) or print("UNKNOWN: Cannot open $stat: $!\n"), exit $ERRORS{'UNKNOWN'};
+
+my @failed = ();
+my @resyncing = ();
+my $device = '';
+
+# Now check the mdstat file..
+while (<FH>) {
+ $line = $_;
+ if ($line =~ /^(md\S*) /) {
+ $device = $1;
+ } elsif( $line =~ / \[_|_\]|U_|_U /) {
+ push @failed, $device;
+ }
+ elsif ( $line =~ / resync /) {
+ # [==>..................] resync = 10.3% (15216320/146994624) finish=2153.2min speed=1018K/sec
+ my ($percent) = ($line =~ m# resync = ([0-9.]+%)#);
+ my ($finish) = ($line =~ m# finish=([0-9.]+min)#);
+ my ($speed) = ($line =~ m# speed=([0-9.]+K/sec)#);
+ push @resyncing, "$device ($percent done, finish in $finish at $speed)";
+ }
+}
+close (FH);
+
+if (scalar @failed > 0) {
+ if (scalar @failed == 1) {
+ print "CRITICAL - Device $failed[0] has failed.\n";
+ } else {
+ print "CRITICAL - Devices ".join(", ", @failed)." have failed.\n"
+ };
+ exit $ERRORS{'CRITICAL'};
+} elsif (scalar @resyncing > 0 ) {
+ print "WARNING: Resyncing: ".(join "; ", @resyncing)."\n";
+ exit $ERRORS{'WARNING'};
+} else {
+ print "OK - All devices are online\n";
+ exit $ERRORS{'OK'};
+};
+
+
+sub print_usage () {
+ print "Usage: $PROGNAME -t <timeout> -F <filename>\n";
+}
+
+sub print_help () {
+ print_revision($PROGNAME,'$Revision: 0.1 $');
+ print "Copyright (c) 2003 Thomas Nilsen/Karl DeBisschop\n";
+ print "\n";
+ print_usage();
+ print "Checks the mdstat file for errors on any configured software raid.\n
+-t ( --timeout=INTEGER)
+ Seconds before script times out (default: 10)\n
+-F ( --filename=FILE)
+ Full path and name to mdstat file (usually '/proc/mdstat') \n\n";
+}
--- /dev/null
+#!/bin/bash
+
+# Check if the running kernel has the same version string as the on-disk
+# kernel image.
+
+# Copyright 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+OK=0;
+WARNING=1;
+CRITICAL=2;
+UNKNOWN=3;
+
+get_offset() {
+ local file needle
+
+ file="$1"
+ needle="$2"
+ perl -e '
+ undef $/;
+ $i = index(<>, "'"$needle"'");
+ if ($i < 0) {
+ exit 1;
+ };
+ print $i,"\n"' < "$file"
+}
+
+get_image() {
+ local image GZHDR1 GZHDR2 off
+
+ image="$1"
+
+ GZHDR1="\x1f\x8b\x08\x00"
+ GZHDR2="\x1f\x8b\x08\x08"
+
+ off=`get_offset "$image" $GZHDR1`
+ [ "$?" != "0" ] && off="-1"
+ if [ "$off" -eq "-1" ]; then
+ off=`get_offset "$image" $GZHDR2`
+ [ "$?" != "0" ] && off="-1"
+ fi
+ if [ "$off" -eq "0" ]; then
+ zcat < "$image"
+ return
+ elif [ "$off" -ne "-1" ]; then
+ (dd ibs="$off" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | zcat 2>/dev/null
+ return
+ fi
+
+ echo "ERROR: Unable to extract kernel image." 2>&1
+ exit 1
+}
+
+searched=""
+for on_disk in \
+ "/boot/vmlinuz-`uname -r`"\
+ "/boot/vmlinux-`uname -r`"; do
+
+ if [ -e "$on_disk" ]; then
+ on_disk_version="`get_image "$on_disk" | strings | grep 'Linux version' | head -n1`"
+ [ -z "$on_disk_version" ] || break
+ on_disk_version="`cat "$on_disk" | strings | grep 'Linux version' | head -n1`"
+ [ -z "$on_disk_version" ] || break
+
+ echo "UNKNOWN: Failed to get a version string from image $on_disk"
+ exit $UNKNOWN
+ fi
+ searched="$searched $on_disk"
+done
+
+if ! [ -e "$on_disk" ]; then
+ echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running"
+ exit $WARNING
+fi
+
+
+running_version="`cat /proc/version`"
+if [ -z "$running_version" ] ; then
+ echo "UNKNOWN: Failed to get a version string from running system"
+ exit $UNKNOWN
+fi
+
+if [ "$running_version" != "$on_disk_version" ]; then
+ echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]"
+ exit $WARNING
+else
+ echo "OK: Running kernel matches on disk image: [$running_version]"
+ exit $OK
+fi
--- /dev/null
+#!/usr/bin/perl -w
+
+# check_samhain.pl - check to see how many policy violations are reported
+# by the samhain file integrity checker.
+#
+# Copyright Rainer Wichmann (2004)
+# Copyright Martin Zobel-Helas (2008)
+#
+# License Information:
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+############################################################################
+
+# -------------------------------------------------------------------[ Uses ]--
+
+use strict;
+use Getopt::Long;
+use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval);
+use lib "/usr/lib/nagios/plugins";
+use utils qw(%ERRORS &print_revision);
+
+#my $TIMEOUT = 15;
+#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
+#sub print_revision ($$);
+
+# ----------------------------------------------------[ Function Prototypes ]--
+
+sub print_help ();
+sub print_usage ();
+sub process_arguments ();
+
+# ------------------------------------------------------------[ Environment ]--
+
+$ENV{'PATH'}='';
+$ENV{'BASH_ENV'}='';
+$ENV{'ENV'}='';
+
+# -----------------------------------------------------------------[ Global ]--
+
+$PROGNAME = "dsa-check-samhain";
+$SAMHAIN = "/usr/sbin/samhain";
+
+# ----------------------------------------------------------------[ options ]--
+
+Getopt::Long::Configure('bundling');
+$status = process_arguments();
+if ($status){
+ print "ERROR: processing arguments\n";
+ exit $ERRORS{"UNKNOWN"};
+}
+
+# ----------------------------------------------------------------[ timeout ]--
+
+$SIG{'ALRM'} = sub {
+ print ("ERROR: timed out waiting for $SAMHAIN\n");
+ exit $ERRORS{"WARNING"};
+};
+alarm($opt_t);
+
+# ----------------------------------------------------------[ start samhain ]--
+
+if ( defined $SAMHAIN && -x $SAMHAIN ) {
+ if (! open (SHPIPE, "/usr/bin/sudo $SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) {
+ print "ERROR: could not popen $SAMHAIN \n";
+ exit $ERRORS{'UNKNOWN'};
+ }
+}else{
+ print "ERROR: Could not find samhain executable!\n";
+ exit $ERRORS{'UNKNOWN'};
+}
+
+# ---------------------------------------------------------[ read from pipe ]--
+
+$status = 0;
+
+while (<SHPIPE>) {
+ if (/POLICY/) {
+ ++$status;
+ print $_ if $verbose;
+ }
+}
+
+if ($status < $opt_w) {
+ $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)";
+ $state = $ERRORS{'OK'};
+} elsif ($status >= $opt_w && $status < $opt_c) {
+ $msg = "WARNING: $status policy violations (threshold w=$opt_w)";
+ $state = $ERRORS{'WARNING'};
+} else {
+ $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)";
+ $state = $ERRORS{'CRITICAL'};
+}
+
+# -------------------------------------------------------------[ close pipe ]--
+
+close (SHPIPE);
+
+# declare an error if we also get a non-zero return code from samhain
+
+if ( $? ) {
+ $retval = $? / 256;
+ if ( $! ) {
+ print "Error closing $SAMHAIN: $!\n" if $verbose;
+ } else {
+ print "$SAMHAIN returned exit status $retval\n" if $verbose;
+ }
+ if ($state == $ERRORS{"CRITICAL"}) {
+ $state = $ERRORS{"CRITICAL"};
+ } else {
+ print "ERROR: $SAMHAIN exit status $retval\n";
+ exit $ERRORS{'UNKNOWN'};
+ }
+}
+
+# -------------------------------------------------------------------[ exit ]--
+
+print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n";
+exit $state;
+
+
+# ------------------------------------------------------------[ Subroutines ]--
+
+sub process_arguments(){
+ GetOptions
+ ("V" => \$opt_V, "version" => \$opt_V,
+ "h" => \$opt_h, "help" => \$opt_h,
+ "v" => \$opt_v, "verbose" => \$opt_v,
+ "w=i" => \$opt_w, "warning=i" => \$opt_w,
+ "c=i" => \$opt_c, "critical=i" => \$opt_c,
+ "t=i" => \$opt_t, "timeout=i" => \$opt_t
+ );
+
+ if ($opt_V) {
+ print_revision($PROGNAME,'$Revision: 1.0 $ ');
+ exit $ERRORS{'OK'};
+ }
+
+ if ($opt_h) {
+ print_help();
+ exit $ERRORS{'OK'};
+ }
+
+ if (defined $opt_v ){
+ $verbose = $opt_v;
+ }
+
+ unless (defined $opt_t) {
+ $opt_t = $utils::TIMEOUT ; # default timeout
+ # $opt_t = $TIMEOUT ;
+ }
+
+ unless (defined $opt_w) {
+ $opt_w = 1;
+ }
+
+ unless (defined $opt_c) {
+ $opt_c = 1;
+ }
+
+ if ( $opt_w > $opt_c) {
+ print "Warning cannot be greater than Critical!\n";
+ exit $ERRORS{'UNKNOWN'};
+ }
+
+ return $ERRORS{'OK'};
+}
+
+sub print_usage () {
+ print "Usage: $PROGNAME [-w <warn>] [-c <crit>] [-t <timeout>]\n";
+}
+
+sub print_help () {
+ print_revision($PROGNAME, '$Revision: 1.0 $');
+ print "Copyright (c) 2004 Rainer Wichmann
+
+This plugin checks the number of policy violations reported by the
+samhain file intgrity checker
+
+";
+ print_usage();
+ print "
+-w, --warning=INTEGER
+ Minimum number of policy violations for which a WARNING status will result
+-c, --critical=INTEGER
+ Minimum number of policy violations for which a CRITICAL status will result
+-t, --timeout=SECONDS
+ The number of seconds after which a the plugin will timeout
+-v, --verbose
+ Verbose output
+-h, --help
+ Show this help message
+-V, --version
+ Show the version of the plugin
+
+";
+}
+
+#sub print_revision ($$) {
+# my $commandName = shift;
+# my $pluginRevision = shift;
+# $pluginRevision =~ s/^\$Revision: //;
+# $pluginRevision =~ s/ \$\s*$//;
+# print "$commandName (samhain 2.2.3) $pluginRevision\n";
+#}
--- /dev/null
+#!/usr/bin/ruby
+
+# Copyright 2006 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'resolv'
+require 'optparse'
+require 'yaml'
+
+NAGIOS_STATUS = { :OK => 0, :WARNING => 1, :CRITICAL => 2, :UNKNOWN => -1 };
+@verbose = 0;
+@additional_nameservers = []
+
+def show_help(parser, code=0, io=STDOUT)
+ program_name = File.basename($0, '.*')
+ io.puts "Usage: #{program_name} [options] <domainname> [<domainname> ...]"
+ io.puts parser.summarize
+ exit(code)
+end
+ARGV.options do |opts|
+ opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) }
+ opts.on("-v", "--verbose" , String, "Be verbose") { @verbose += 1 }
+ opts.on("-a", "--add=HOST" , String, "Also check SOA on <nameserver>") { |val| @additional_nameservers << val }
+ opts.parse!
+end
+show_help(ARGV.options, 1, STDERR) if ARGV.length == 0
+
+warnings = []
+oks = []
+
+dns = Resolv::DNS.new
+ARGV.each{ |domain|
+ serial = []
+ nameservers = dns.getresources(domain, Resolv::DNS::Resource::IN::NS)
+ nameservernames = nameservers.collect{ |ns| ns.name.to_s }
+ nameservernames = nameservernames.concat @additional_nameservers
+ nameservernames.each{ |nameserver|
+ puts "Testing nameserver #{nameserver} for #{domain}" if @verbose > 0
+ arecords = dns.getresources(nameserver, Resolv::DNS::Resource::IN::A)
+ warnings << "Nameserver #{nameserver} for #{domain} has #{arecords.length} A records" if arecords.length != 1
+ arecords.each{ |a|
+ puts " Nameserver #{nameserver} is at #{a.address}" if @verbose > 0
+ begin
+ resolver = Resolv::DNS.new({:nameserver => a.address.to_s})
+ soas = resolver.getresources(domain, Resolv::DNS::Resource::IN::SOA)
+ rescue SystemCallError => e
+ warnings << "Could not resolve #{domain} on #{nameserver}: #{e.message}"
+ else
+ resolver.close
+ warnings << "Nameserver #{nameserver} for #{domain} returns #{soas.length} SOAs" if soas.length != 1
+ soas.each{ |soa|
+ puts " Nameserver #{nameserver} returns serial #{soa.serial} for #{domain}" if @verbose > 0
+ serial << soa.serial unless serial.include? soa.serial
+ }
+ end
+ }
+ }
+ case serial.length
+ when 0
+ warnings << "Found no serials for #{domain}"
+ when 1
+ oks << "#{domain} is at #{serial.first}"
+ else
+ warnings << "Nameservers disagree on serials for #{domain}: found #{serial.join(', ')}" if serial.length != 1
+ end
+}
+dns.close
+
+if warnings.length > 0
+ puts warnings.join('; ')
+ exit NAGIOS_STATUS[:WARNING]
+else
+ puts oks.join('; ')
+ exit NAGIOS_STATUS[:OK]
+end
--- /dev/null
+#!/usr/bin/ruby
+
+# Relay the status of a check that was previously run and which stored
+# its result in a file to nagios.
+#
+# Copyright 2008 Peter Palfrader
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'resolv'
+require 'optparse'
+
+NAGIOS_STATUS = { "OK" => 0, "WARNING" => 1, "CRITICAL" => 2, "UNKNOWN" => 3 }
+UNITS_TO_SECONDS = { 's' => 1, 'm' => 60, 'h' => 60*60, 'd' => 24*60*60 }
+
+def show_help(parser, code=0, io=STDOUT)
+ program_name = File.basename($0, '.*')
+ io.puts "Usage: #{program_name} [options] <statusfile>"
+ io.puts parser.summarize
+ exit(code)
+end
+
+max_age = "26h"
+ARGV.options do |opts|
+ opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) }
+ opts.on("-a", "--age=AGE" , String, "maximum age, in seconds (or use Nm, Nh or Nd) - default is 26h") { |max_age| }
+ opts.parse!
+end
+show_help(ARGV.options, 1, STDERR) if ARGV.length != 1
+
+statusfile = ARGV.shift
+
+# find out what the max age is that we accept
+unless (m = /^([0-9]+)([smhd])?$/.match max_age)
+ STDERR.puts "Invalid age #{age}."
+ show_help(ARGV.options, 1, STDERR) if ARGV.length != 1
+end
+max_age = m[1].to_i * UNITS_TO_SECONDS[m[2] ? m[2] : 's']
+
+# let's see if it exists
+unless File.exists? statusfile
+ puts "UNKNOWN: #{statusfile} does not exist."
+ exit NAGIOS_STATUS['UNKNOWN']
+end
+
+
+mtime = File.stat(statusfile).mtime
+if mtime + max_age < Time.now
+ puts "WARNING: #{statusfile} is old: #{mtime}"
+ exit NAGIOS_STATUS['WARNING']
+end
+
+status = File.new(statusfile)
+returnvalue = status.readline.chomp
+
+unless NAGIOS_STATUS.has_key? returnvalue
+ puts "UNKNOWN: #{statusfile} has invalid return value: #{returnvalue}"
+ exit NAGIOS_STATUS['UNKNOWN']
+end
+
+status.readlines.each do |line|
+ print line
+end
+exit NAGIOS_STATUS[returnvalue]
--- /dev/null
+#!/usr/bin/perl -w
+
+use strict;
+my %CODE = (
+ 'UNDEF' => -1,
+ 'OK' => 0,
+ 'WARNING' => 1,
+ 'CRITICAL' => 2,
+ 'UNKNOWN' => 3
+);
+
+my $f;
+
+$SIG{__DIE__ } = sub() {
+ print shift;
+ exit $CODE{'UNKNOWN'};
+};
+
+if ( -e "/var/lib/misc/thishost/passwd.tdb" ) {
+ $f = "/var/lib/misc/thishost/passwd.tdb";
+} else {
+ my $hostname = `hostname -f`;
+ chomp $hostname;
+ $hostname =~ m/^([a-z]+(?:\.[a-z]+)+)$/;
+ die "Weird hostname '$hostname'\n" unless defined $1;
+ $hostname = $1;
+ if ( -e "/var/lib/misc/$hostname/passwd.tdb" ) {
+ $f = "/var/lib/misc/$hostname/passwd.tdb";
+ };
+};
+
+die "Could not find passwd.tdb" unless defined $f;
+
+my @stat = stat($f) or die ("Cannot stat $f: $!\n");
+my $age = time - $stat[10];
+my $hage;
+if ($age > 48 * 3600) {
+ $hage = sprintf("%.1f days", $age / 24 / 3600);
+} elsif ($age > 3600) {
+ $hage = sprintf("%.1f hours", $age / 3600);
+} else {
+ $hage = sprintf("%d minutes", $age / 60);
+};
+
+if ($age > 60*60) {
+ print "WARNING: ud-ldap info is $hage old\n";
+ exit $CODE{'WARNING'};
+};
+print "OK: ud-ldap info is $hage old\n";
+exit $CODE{'OK'};
--- /dev/null
+#!/bin/sh
+
+UPDATE_RUNS=3
+STATUS=/var/cache/dsa/nagios/apt
+SLEEP_MAX=$(( 15 * 60 ))
+MAX_AGE=$(( 23 * 60 * 60 ))
+
+# we want to run if any of the following things is true
+# - we have never run before
+# - var/lib/dpkg/status has been touched since the last run
+# - var/cache/apt/pkgcache.bin has been touched since the last run
+# - our last run ended with 'apt-get update failed'
+# - our last run has been more than MAX_AGE (23hrs) ago
+run_required() {
+ local run=0
+ local norun=1
+
+ [ -e "$STATUS" ] || return $run
+ [ /var/lib/dpkg/status -nt "$STATUS" ] && return $run
+ [ /var/cache/apt/pkgcache.bin -nt "$STATUS" ] && return $run
+ grep "apt-get update failed" "$STATUS" > /dev/null && return $run
+
+ local last_mod
+ last_mod=`stat -c "%Y" "$STATUS"`
+ now=`date +%s`
+ age=$(( $now - $last_mod ))
+ [ "$age" -gt "$MAX_AGE" ] && return $run
+
+ return $norun
+}
+
+# do stuff only when required
+run_required || exit
+
+# sleep if called non-interactively
+if [ -z "$TERM" -o "$TERM" = "dumb" ]; then
+ sleep $(( $RANDOM % $SLEEP_MAX ))
+fi
+
+# run apt-get update, retry a few times if it fails
+count=0
+while [ "$count" -lt "$UPDATE_RUNS" ]; do
+ apt-get update -qq >/dev/null >&2
+ if [ "$?" = "0" ]; then break; fi
+ sleep $(( $RANDOM % 600 ))
+ count="$(( $count + 1 ))"
+done
+if [ "$count" -ge "$UPDATE_RUNS" ]; then
+ (echo "WARNING"
+ echo "apt-get update failed") > "$STATUS"
+ exit 1
+fi
+
+# run the apt check itself
+tmp=`tempfile`
+trap "rm -f '$tmp'" exit
+#/usr/share/dsa/apt-status-check --noupdate --timeout=600 > "$tmp"
+/usr/lib/nagios/plugins/dsa-check-packages > "$tmp"
+result="$?"
+case "$result" in
+ 0)
+ st="OK"
+ ;;
+ 1)
+ st="WARNING"
+ ;;
+ 2)
+ st="CRITICAL"
+ ;;
+ *)
+ st="UNKNOWN"
+ ;;
+esac
+(echo "$st"; cat "$tmp") > "$STATUS"
--- /dev/null
+#!/bin/sh
+
+STATUS=/var/cache/dsa/nagios/samhain
+
+tmp=`tempfile`
+trap "rm -f '$tmp'" exit
+/usr/lib/nagios/plugins/dsa-check-samhain -t 1800 > "$tmp"
+result="$?"
+case "$result" in
+ 0)
+ st="OK"
+ ;;
+ 1)
+ st="WARNING"
+ ;;
+ 2)
+ st="CRITICAL"
+ ;;
+ *)
+ st="UNKNOWN"
+ ;;
+esac
+(echo "$st"; cat "$tmp") > "$STATUS"
--- /dev/null
+/linux-image-.*/
+/kernel-image-.*/
+buildd
+sbuild
--- /dev/null
+#!/usr/bin/perl
+
+# This cheak is based on code from the Debian/OpenSSL Weak Key Detector
+# written by Florian Weimer <fw@deneb.enyo.de>.
+# The code has been modified and enhanced by Alexander Wirt
+# <formorer@debian.org> to use it as a nagios check.
+#
+# Copyright (c) 2008, Florian Weimer <fw@deneb.enyo.de> for the original
+# Debian/OpenSSL Weak Key Detector
+# (http://security.debian.org/project/extra/dowkd/dowkd.pl.gz)
+#
+# Copyright (c) 2008, Alexander Wirt <formorer@debian.org> for check_weakkeys
+#
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+=pod
+
+=head1 NAME
+
+B<check_weakkeys> - checks system for weak ssh keys
+
+=cut
+
+=head1 SYNOPSIS
+
+B<check_weakkeys> [options]
+
+=cut
+
+=head1 DESCRIPTION
+
+B<check_weakkeys> checks for all users if there id_rsa, id_dsa or
+authorized_key files if they contain weak ssh keys created by a Debian with a
+broken libssl (see DSA-1571 for more informations). Optionally <check_weakkeys>
+can spit out a warning of there are any DSA keys left in key or authorized_key
+files. To work it needs a database of precomputed hashes of known weak keys.
+This file is expected as an bdb database with the hash (like
+03:a2:f0:46:7f:13:9f:5f:96:71:a9:b8:a0:1c:01:05) as key. See <gen_fprdb> for
+such a database generator. <check_weakkeys> outputs his data to STDOUT or to a
+file. It meaned to be picked up by an nagios check like B<dsa-check-statusfile>
+from Peter Palfrader.
+
+=cut
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-h, --help>
+
+Prints out a brief help
+
+=item B<-s, --statusfile> "statusfile"
+
+Use 'F<statusfile>' instead of 'F<STDOUT>'.
+
+=item B<-f, --fprdb> "database" (default: /var/lib/dsa/ssh-weak-keys.db)
+
+Use 'F<database>' instead of 'F</var/lib/dsa/ssh-weak-keys.db>'
+as fingerprint database.
+
+=item B<-n, --dsa_nowarn>
+
+Don't warn for DSA keys
+
+=back
+
+=cut
+
+use strict;
+use warnings;
+
+use File::Temp;
+use BerkeleyDB;
+use Pod::Usage;
+use Getopt::Long;
+use IPC::Open3;
+
+my $fprdb_fname = "/var/lib/dsa/ssh-weak-keys.db" ;
+my ($outfile, $help);
+my $dsa_nowarn = 0;
+
+GetOptions( 'help|h' => \$help, #Help function
+ 'statusfile|s=s' => \$outfile,
+ 'fprdb|f=s' => \$fprdb_fname,
+ 'n|dsa_nowarn' => \$dsa_nowarn,
+);
+
+pod2usage(1) if $help;
+
+my $fh;
+if ($outfile) {
+ open ($fh, '>', $outfile)
+ or die "Could not open statusfile '$outfile' for writing: $!";
+} else {
+ $fh = *STDOUT;
+}
+
+my %fpr_hash;
+tie %fpr_hash, 'BerkeleyDB::Btree',
+ -Filename => $fprdb_fname,
+ -Flags => DB_RDONLY
+ or die "Cannot open fingerprint db $fprdb_fname: $! $BerkeleyDB::Error\n";
+
+
+my ($weak_keys,$checked_keys) = 0;
+my $dsa_keys = 0;
+my $weird_keyfiles = 0;
+my $text = '';
+my %key_sizes;
+
+
+
+#&from_user_all;
+&from_debianorg_places;
+&from_ssh_host(qw(localhost));
+
+my $status="OK";
+if ($weak_keys) {
+ $status = "CRITICAL";
+} elsif ($dsa_keys && ! $dsa_nowarn || $weird_keyfiles) {
+ $status = "WARNING";
+}
+
+print $fh "$status\n";
+print $fh "Checked $checked_keys keys - $weak_keys weak - $dsa_keys dsa keys\n";
+print $fh "Sizes: ";
+foreach my $size (sort(keys(%key_sizes))) {
+ print $fh "$size:$key_sizes{$size} ";
+}
+
+print $fh "\n";
+print $fh "$text" if $text;
+
+
+
+sub safe_backtick (@) {
+ my @args = @_;
+
+ my ($wtr, $fh, $err);
+
+ open3($wtr,$fh,$err, @args)
+ or die "error: failed to spawn $args[0]: $!\n";
+ my @result;
+ if (wantarray) {
+ @result = <$fh>;
+ } else {
+ local $/;
+ @result = scalar(<$fh>);
+ }
+ close $fh;
+ $? == 0 or return undef;
+ if (wantarray) {
+ return @result;
+ } else {
+ return $result[0];
+ }
+}
+
+sub ssh_fprint_file ($) {
+ my $name = shift;
+ my $data = safe_backtick qw/ssh-keygen -l -f/, $name;
+ defined $data or return ();
+ my @data = $data =~ /^(\d+) ([0-9a-f]{2}(?::[0-9a-f]{2}){15})/;
+ return @data if @data == 2;
+ return ();
+}
+
+sub ssh_fprint_check ($$$) {
+ my ($name, $length, $hash) = @_;
+ if (exists $key_sizes{$length}) {
+ $key_sizes{$length}++;
+ } else {
+ $key_sizes{$length}=1;
+ }
+ $checked_keys++;
+ if (exists $fpr_hash{$hash}) {
+ $weak_keys++;
+ $text .= "$name weak ($hash)\n";
+ }
+}
+
+
+sub from_ssh_key_file ($) {
+ my $name = shift;
+ if (open (my $FH, '<', $name)) {
+ my $key = <$FH>;
+ if (! defined $key) {
+ $weird_keyfiles++;
+ $text .= "cannot read $name properly - empty?\n";
+ } elsif ($key =~ m/ssh-dss/) {
+ $dsa_keys++;
+ $text .= "$name is a DSA key\n";
+ }
+ } else {
+ $text .= "Could not open $name: $!";
+ }
+ my ($length, $hash) = ssh_fprint_file $name;
+ if ($length && $hash) {
+ ssh_fprint_check "$name:1", $length, $hash;
+ } else {
+ $text .= "$name:1: warning: failed to parse SSH key file\n";
+ }
+}
+
+sub clear_tmp ($) {
+ my $tmp = shift;
+ seek $tmp, 0, 0 or die "seek: $!";
+ truncate $tmp, 0 or die "truncate: $!";
+}
+
+sub from_ssh_auth_file ($) {
+ my $name = shift;
+ my $auth;
+ unless (open $auth, '<', $name) {
+ warn "$name:0: error: open failed: $!\n";
+ return;
+ }
+ my $tmp = new File::Temp;
+ while (my $line = <$auth>) {
+ chomp $line;
+ my $lineno = $.;
+ clear_tmp $tmp;
+ next if $line =~ m/^$/; # ignore empty lines
+ next if $line =~ m/^#/; # ignore comments
+ if ($line =~ m/ssh-dss/) {
+ $dsa_keys++;
+ $text .= "$name:$lineno is a DSA key\n";
+ }
+ print $tmp "$line\n" or die "print: $!";
+ $tmp->flush;
+ my ($length, $hash) = ssh_fprint_file "$tmp";
+ if ($length && $hash) {
+ ssh_fprint_check "$name:$lineno", $length, $hash;
+ } else {
+ $text .= "$name:$lineno: warning: unparsable line\n";
+ }
+ }
+}
+
+sub from_ssh_host (@) {
+ my @names = @_;
+ my @lines;
+ push @lines, safe_backtick qw|ssh-keyscan -t rsa|, @names;
+ push @lines, safe_backtick qw|ssh-keyscan -t dsa|, @names;
+
+ my $tmp = new File::Temp;
+ for my $line (@lines) {
+ next if $line =~ /^#/;
+ next if $line =~ /^no hostkey alg/;
+ my ($host, $data) = $line =~ /^(\S+) (.*)$/;
+ clear_tmp $tmp;
+ print $tmp "$data\n" or die "print: $!";
+ $tmp->flush;
+ my ($length, $hash) = ssh_fprint_file "$tmp";
+ if ($length && $hash) {
+ ssh_fprint_check "$host", $length, $hash;
+ } else {
+ $text .= "$host: warning: unparsable line\n";
+ }
+ }
+}
+
+sub from_user ($) {
+ my $user = shift;
+ my ($name,$passwd,$uid,$gid,
+ $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user);
+ my $file = "$dir/.ssh/authorized_keys";
+ from_ssh_auth_file $file if -r $file;
+ $file = "$dir/.ssh/authorized_keys2";
+ from_ssh_auth_file $file if -r $file;
+ $file = "$dir/.ssh/id_rsa.pub";
+ from_ssh_key_file $file if -r $file;
+ $file = "$dir/.ssh/id_dsa.pub";
+ from_ssh_key_file $file if -r $file;
+}
+
+sub from_user_all () {
+ setpwent;
+ while (my $name = getpwent) {
+ from_user $name;
+ }
+ endpwent;
+}
+
+
+sub from_debianorg_places () {
+ open(F, "/etc/ssh/sshd_config") or die ("Cannot open /etc/ssh/sshd_config: $!\n");
+ my @lines = <F>;
+ close(F);
+
+ my @ak = grep { /^AuthorizedKeysFile\s/i } @lines;
+ my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines;
+
+ if (scalar @ak != 1) {
+ print $fh "UNKNOWN\n";
+ print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n";
+ exit
+ }
+ if (scalar @ak2 != 1) {
+ print $fh "UNKNOWN\n";
+ print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n";
+ exit
+ }
+ unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) {
+ print $fh "UNKNOWN\n";
+ print $fh "The AuthorizedKeysFile definition has an unexpected value. Should be /etc/ssh/userkeys/%u\n";
+ exit
+ }
+ unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) {
+ print $fh "UNKNOWN\n";
+ print $fh "The AuthorizedKeysFile2 definition has an unexpected value. Should be /var/lib/misc/userkeys/%u\n";
+ exit
+ }
+
+ for my $d (qw{/etc/ssh/userkeys /var/lib/misc/userkeys}) {
+ next unless (-d $d);
+ opendir(D, $d) or die "Cannot opendir $d: $!\n";
+ for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) {
+ next if ($file eq 'README-DSA-BUILDD');
+ my $f = $d.'/'.$file;
+ from_ssh_key_file $f if -r $f;
+ };
+ };
+}
+
+
+++ /dev/null
-#!/usr/bin/perl -Tw
-
-# $Id: nagios-check-apt-updates 352 2008-05-20 21:36:54Z weasel $
-
-# nagios check for debian (security) updates,
-# based on net-snmp glue to security updates via apt-get.
-# Copyright (C) 2004 SILVER SERVER Gmbh
-# Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-
-use strict;
-use English;
-use Getopt::Long;
-use IO::Handle;
-use IPC::Open2;
-use IPC::Open3;
-
-$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
-delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-
-my $APT = '/usr/bin/apt-get';
-my $VERBOSE;
-
-sub do_check($$$$$$) {
- my ($pre_command, $timeout, $noupdate, $name, $updates_security, $updates_other) = @_;
- my $fh;
- my $pid;
- my @command;
-
- unless ($noupdate) {
- print STDERR "Running $APT update in $name\n" if $VERBOSE;
- @command = ($APT, 'update');
- unshift @command, @$pre_command;
- $fh = new IO::Handle;
- $pid = open3(\*STDIN, $fh, $fh, @command) or die ("Cannot run $APT update in $name: $!\n");
- local $SIG{ALRM} = sub { die "Timeout for apt-get update.\n" };
- alarm $timeout;
- my @ignore=<$fh>;
- alarm 0;
- close $fh;
- waitpid $pid, 0;
- if ($CHILD_ERROR) { # program failed
- die("$APT update returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n");
- };
- };
-
- print STDERR "Running $APT --simulate upgrade in $name\n" if $VERBOSE;
- @command = ($APT, qw{--simulate upgrade});
- unshift @command, @$pre_command;
- $fh = new IO::Handle;
- $pid = open2($fh, \*STDIN, @command) or die ("Cannot run $APT --simulate upgrade | sort -u in $name: $!\n");
- local $SIG{ALRM} = sub { die "Timeout for apt-get --simulate upgrade.\n" };
- alarm $timeout;
- my @lines=<$fh>;
- close $fh;
- alarm 0;
- waitpid $pid, 0;
- if ($CHILD_ERROR) { # program failed
- die("$APT --simulate upgrade | sort -u returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n");
- };
-
- @lines = sort {$a cmp $b} @lines;
- my %uniq;
- @lines = grep {!$uniq{$_}++} @lines;
-
- print STDERR "Processing information for $name\n" if $VERBOSE;
- for my $line (@lines) {
- if ($line =~ m/^Inst\s+(\S+)\s+/) {
- my $package = $1;
- if ($line =~ m/^Inst\s+\S+\s+.*security/i) {
- push @$updates_security, $package.($name ne '/' ? "($name)" : '');
- } else {
- push @$updates_other, $package.($name ne '/' ? "($name)" : '');
- };
- }
- }
-}
-
-
-
-my $VERSION = '0.0.3 - $Rev: 352 $';
-my $use_sudo = 1;
-my $params;
-
-# nagios exit codes
-my $OK = 0;
-my $WARNING = 1;
-my $CRITICAL = 2;
-my $UNKNOWN = 3;
-
-$params->{'chroots'} = [];
-$params->{'vservers'} = [];
-$params->{'timeout'} = 20;
-Getopt::Long::config('bundling');
-if (!GetOptions (
- '--help' => \$params->{'help'},
- '--version' => \$params->{'version'},
- '--sudo' => \$params->{'sudo'},
- '--noupdate' => \$params->{'noupdate'},
- '--nosudo' => \$params->{'nosudo'},
- '--verbose' => \$params->{'verbose'},
- '--warnifupdates' => \$params->{'warnifupdates'},
- '--timeout=i' => \$params->{'timeout'},
- '--chroot=s' => $params->{'chroots'},
- '--vserver=s' => $params->{'vservers'}
- )) {
- die ("Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--timeout=<timeout>] [--verbose]\n");
-};
-if ($params->{'help'}) {
- print "nagios-check-apt-updates $VERSION\n";
- print "Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--verbose]\n";
- print "Reports packages to upgrade, updating the list if necessary.\n";
- print "\n";
- print " --help Print this short help.\n";
- print " --version Report version number.\n";
- print " --sudo Use sudo to call apt-get (default).\n";
- print " --noupdate Do not run apt-get update first.\n";
- print " --nosudo Do not use sudo to call apt-get.\n";
- print " --warnifupdates Exit with a WARNING status if any updates are available.\n";
- print " --timeout=<timeout> Timeout in seconds for each of the two apt-get runs.\n";
- print " --verbose Be a little verbose.\n";
- print " --chroot=<path> Run check in path.\n";
- print " --vserver=<vserver> Run check in vserver.\n";
- print "\n";
- print "Note that for --sudo (default) you will need entries in /etc/sudoers like these:\n";
- print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get update\n";
- print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate upgrade\n";
- print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get update\n";
- print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get --simulate upgrade\n";
- print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get update\n";
- print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get --simulate upgrade\n";
- print "\n";
- exit (0);
-};
-if ($params->{'version'}) {
- print "nagios-check-apt-updates $VERSION\n";
- print "nagios check for availability of debian (security) updates\n";
- print "Copyright (c) 2004 SILVER SERVER Gmbh\n";
- print "Copyright (c) 2004,2005 Peter Palfrader <peter\@palfrader.org>\n";
- exit (0);
-};
-if ($params->{'sudo'} && $params->{'nosudo'}) {
- die ("$PROGRAM_NAME: --sudo and --nosudo are mutually exclusive.\n");
-};
-if ($params->{'sudo'}) {
- $use_sudo = 1;
-};
-if ($params->{'nosudo'}) {
- $use_sudo = 0;
-};
-if (scalar @{$params->{'chroots'}} == 0 && scalar @{$params->{'vservers'}} == 0) {
- $params->{'chroots'} = ['/'];
-};
-$VERBOSE = $params->{'verbose'};
-
-
-$SIG{'__DIE__'} = sub {
- print STDERR @_;
- exit $UNKNOWN;
-};
-
-
-my @updates_security;
-my @updates_other;
-
-
-# Make sure chroot paths are nice;
-my @chroots = ();
-for my $root (@{$params->{'chroots'}}) {
- if ($root =~ m#^(/[a-zA-Z0-9/.-]*)$#) {
- push @chroots, $1;
- } else {
- die ("Chroot path $root is not nice.\n");
- };
-};
-for my $root (@chroots) {
- my @pre_command = ();
- unshift @pre_command, 'chroot', $root if ($root ne '/');
- unshift @pre_command, 'sudo' if $use_sudo;
- do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $root, \@updates_security, \@updates_other);
-}
-
-# Make sure vserver names are nice;
-my @vservers = ();
-for my $vserver (@{$params->{'vservers'}}) {
- if ($vserver =~ m#^([a-zA-Z0-9.-]+)$#) {
- push @vservers, $1;
- } else {
- die ("Vserver name $vserver is not nice.\n");
- };
-};
-for my $vserver (@vservers) {
- my @pre_command = ();
- unshift @pre_command, '/usr/sbin/vserver', $vserver, 'exec';
- unshift @pre_command, 'sudo' if $use_sudo;
- do_check(\@pre_command, $params->{'timeout'}, $params->{'noupdate'}, $vserver, \@updates_security, \@updates_other);
-}
-
-
-
-
-my $exit = $OK;
-
-my $updateinfo;
-if (@updates_security) {
- $updateinfo .= 'Security updates ('.(scalar @updates_security).'): '.join(', ', @updates_security)."; ";
- $exit = $CRITICAL;
-}
-if (@updates_other) {
- $updateinfo .= 'Other Updates ('.(scalar @updates_other).'): '.join(', ', @updates_other)."; ";
- $exit = $WARNING if ($params->{'warnifupdates'} and $exit == $OK);
-};
-$updateinfo = 'No updates available' unless defined $updateinfo;
-
-
-print $updateinfo,"\n";
-exit $exit;
+++ /dev/null
-dsa-nagios-nrpe-config for Debian
----------------------------------
-
-This package is automatically created from the debian.org nagios
-config.
-
- -- Peter Palfrader <weasel@debian.org> Wed, 2 Apr 2008 22:19:07 +0200
+++ /dev/null
-dsa-nagios-nrpe-config (68) unstable; urgency=low
-
- * dsa-update-apt-status: Ensure apt-get update is quiet even when stuff
- goes wrong.
-
- -- Peter Palfrader <weasel@debian.org> Wed, 11 Feb 2009 21:59:55 +0100
-
-dsa-nagios-nrpe-config (67) unstable; urgency=low
-
- * Minor tweak to dsa-check-packages: reorder ok and obs(ign), change
- long text for obs(ign).
-
- -- Peter Palfrader <weasel@debian.org> Wed, 4 Feb 2009 09:40:26 +0000
-
-dsa-nagios-nrpe-config (66) unstable; urgency=low
-
- * Add dsa-check-packages
- * Make apt-status-check use dsa-check-packages.
- * And install obsolete-packages-ignore into etc/nagios.
-
- -- Peter Palfrader <weasel@debian.org> Tue, 03 Feb 2009 20:39:01 +0100
-
-dsa-nagios-nrpe-config (65) unstable; urgency=low
-
- * Add dsa-check-soas
-
- -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 23:11:19 +0000
-
-dsa-nagios-nrpe-config (64) unstable; urgency=low
-
- * dsa-check-mirrorsync: make it work in embedded perl again.
-
- -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 22:59:06 +0000
-
-dsa-nagios-nrpe-config (63) unstable; urgency=low
-
- * dsa-check-mirrorsync: print help if additional args are given (we don't
- support any)
-
- -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 22:14:44 +0000
-
-dsa-nagios-nrpe-config (62) unstable; urgency=low
-
- * Add check_securitymirror by formorer.
-
- -- Peter Palfrader <weasel@debian.org> Tue, 23 Dec 2008 21:59:47 +0000
-
-dsa-nagios-nrpe-config (61) unstable; urgency=low
-
- * dsa-check-hpacucli: Do not create the 'Failed' array while checking if an
- entry is in there. If it doesn't exist that's also good.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 06 Oct 2008 14:08:30 +0200
-
-dsa-nagios-nrpe-config (60) unstable; urgency=low
-
- * Add dsa-check-raid-areca.
-
- -- Peter Palfrader <weasel@debian.org> Wed, 01 Oct 2008 16:23:33 +0200
-
-dsa-nagios-nrpe-config (59) unstable; urgency=low
-
- * apt-status-check: Ignore stderr during apt-get update.
-
- -- Peter Palfrader <weasel@debian.org> Tue, 30 Sep 2008 19:58:36 +0200
-
-dsa-nagios-nrpe-config (58) unstable; urgency=low
-
- * Rename dsa-check-da-in-aliases to dsa-check-config.
- * dsa-check-config: check if ldap.conf is configured correctly.
-
- -- Peter Palfrader <weasel@debian.org> Fri, 26 Sep 2008 15:02:53 +0200
-
-dsa-nagios-nrpe-config (57) unstable; urgency=low
-
- * dsa-check-hpacucli: Do not inspect drives in detail when they are
- listed as Failed in the overview already.
-
- -- Peter Palfrader <weasel@debian.org> Wed, 24 Sep 2008 16:02:31 +0200
-
-dsa-nagios-nrpe-config (56) unstable; urgency=low
-
- * fix dsa-check-samhain.
- sudo is not in $PATH.
-
- -- Martin Zobel-Helas <zobel@debian.org> Mon, 22 Sep 2008 06:45:19 +0000
-
-dsa-nagios-nrpe-config (55) unstable; urgency=low
-
- * And another one, weasel should sleep.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 22 Sep 2008 00:29:15 +0000
-
-dsa-nagios-nrpe-config (54) unstable; urgency=low
-
- * dsa-check-dabackup-server fixes.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 22 Sep 2008 00:27:41 +0000
-
-dsa-nagios-nrpe-config (53) unstable; urgency=low
-
- * Add dsa-check-dabackup-server.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 22 Sep 2008 00:19:28 +0000
-
-dsa-nagios-nrpe-config (52) unstable; urgency=low
-
- * The nagios _check_ package should probably not be the one that
- depends on the stuff we want on most or all hosts, thus removing
- dependency on samhain, which should probably get pulled in via
- debian.org.
-
- -- Peter Palfrader <weasel@debian.org> Sun, 21 Sep 2008 23:41:01 +0000
-
-dsa-nagios-nrpe-config (51) unstable; urgency=low
-
- * Add check for samhain.
-
- -- Martin Zobel-Helas <zobel@samosa.debian.org> Sat, 20 Sep 2008 07:29:23 +0000
-
-dsa-nagios-nrpe-config (50) unstable; urgency=low
-
- * dsa-check-hpacucli: Handle 'pd all show' output with failed arrays.
-
- -- Peter Palfrader <weasel@debian.org> Sat, 09 Aug 2008 11:39:55 +0200
-
-dsa-nagios-nrpe-config (49) unstable; urgency=low
-
- * dsa-check-hpacucli: Learn correct transfer speed for Ultra 3 Wide (160mb/s)
-
- -- Peter Palfrader <weasel@debian.org> Wed, 23 Jul 2008 00:56:54 +0200
-
-dsa-nagios-nrpe-config (48) unstable; urgency=low
-
- * Don't just print the sudoers lines to stdout, tell the admin to add them
- also.
-
- -- Peter Palfrader <weasel@debian.org> Tue, 22 Jul 2008 21:25:56 +0000
-
-dsa-nagios-nrpe-config (47) unstable; urgency=low
-
- * dsa-check-hpacucli: Check transfer speed of disks.
-
- -- Peter Palfrader <weasel@debian.org> Tue, 22 Jul 2008 23:14:50 +0200
-
-dsa-nagios-nrpe-config (46) unstable; urgency=low
-
- * Move apt status update from cron.daily to usr/sbin/dsa-update-apt-status.
- * Move script calls from cron.daily to cron.d @daily and @reboot.
- * Introduce hourly runs for dsa-update-apt-status that happen if the system
- changed in the meantime, that is if /var/lib/dpkg/status or
- /var/cache/apt/pkgcache.bin are newer than the status file.
- Also run if the status file does not exist, or if the last apt-get update
- call failed, or if the last run was more than a day ago.
- * No longer do @daily runs of dsa-update-apt-status
-
- -- Peter Palfrader <weasel@debian.org> Sun, 06 Jul 2008 11:51:27 +0200
-
-dsa-nagios-nrpe-config (45) unstable; urgency=low
-
- * Add apt upgrades check.
-
- -- Peter Palfrader <weasel@debian.org> Tue, 20 May 2008 22:01:07 +0000
-
-dsa-nagios-nrpe-config (44) unstable; urgency=low
-
- * Fix ssh-dss detection. It need not be at the start of a line
- (think >from="1.2.3.4" ssh-dss< ...).
-
- -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 14:34:23 +0000
-
-dsa-nagios-nrpe-config (43) unstable; urgency=low
-
- * Depend on ruby.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 14:19:10 +0000
-
-dsa-nagios-nrpe-config (42) unstable; urgency=low
-
- * weak-ssh-keys-check: Ignore empty lines in authorized-keys files.
- * weak-ssh-keys-check: Handle servers not doing DSA in from_ssh_host().
- * Run weak-ssh-keys-check on install.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 14:05:10 +0000
-
-dsa-nagios-nrpe-config (41) unstable; urgency=low
-
- * Add dsa-check-statusfile.
- * Add weak-ssh-keys-check to be run from cron.daily. Depend on
- libberkeleydb-perl and dsa-ssh-weak-keys now.
- * Remove up /var/cache/dsa/nagios/weak-ssh-keys in postrm purge.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 15:55:43 +0200
-
-dsa-nagios-nrpe-config (40) unstable; urgency=low
-
- * Teach dsa-check-hpacucli about rebuilding.
-
- -- Peter Palfrader <weasel@debian.org> Fri, 9 May 2008 12:55:07 +0000
-
-dsa-nagios-nrpe-config (39) unstable; urgency=low
-
- * Add dsa-check-hpacucli.
- * Suggest hpacucli.
-
- -- Peter Palfrader <weasel@debian.org> Wed, 7 May 2008 19:54:55 +0000
-
-dsa-nagios-nrpe-config (38) unstable; urgency=low
-
- * Try harder to find version string.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 5 May 2008 17:48:42 +0000
-
-dsa-nagios-nrpe-config (37) unstable; urgency=low
-
- * dsa-check-running-kernel: also check /boot/vmlinux-`uname -r`
- * Depend on binutils for string(1).
-
- -- Peter Palfrader <weasel@debian.org> Mon, 5 May 2008 17:41:13 +0000
-
-dsa-nagios-nrpe-config (36) unstable; urgency=low
-
- * Add dsa-check-running-kernel
-
- -- Peter Palfrader <weasel@debian.org> Mon, 5 May 2008 17:11:54 +0000
-
-dsa-nagios-nrpe-config (35) unstable; urgency=low
-
- * dsa-check-raid-mpt
-
- -- Peter Palfrader <weasel@debian.org> Tue, 29 Apr 2008 12:57:50 +0000
-
-dsa-nagios-nrpe-config (34) unstable; urgency=low
-
- * dsa-check-raid-3ware
-
- -- Peter Palfrader <weasel@debian.org> Thu, 24 Apr 2008 19:37:47 +0000
-
-dsa-nagios-nrpe-config (33) unstable; urgency=low
-
- * Add dsa-check-raid-dac960
-
- -- Peter Palfrader <weasel@debian.org> Thu, 24 Apr 2008 19:20:57 +0000
-
-dsa-nagios-nrpe-config (32) unstable; urgency=low
-
- * Add dsa-check-udldap-freshness.
-
- -- Peter Palfrader <weasel@debian.org> Wed, 16 Apr 2008 07:39:21 -0400
-
-dsa-nagios-nrpe-config (31) unstable; urgency=low
-
- * dsa-check-dabackup: Use last time's log file if backup is currently running.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 17:37:54 -0400
-
-dsa-nagios-nrpe-config (30) unstable; urgency=low
-
- * dsa-check-raid-sw: cleaner output.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 17:05:17 -0400
-
-dsa-nagios-nrpe-config (29) unstable; urgency=low
-
- * dsa-check-dabackup: terser output.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 13:09:07 -0400
-
-dsa-nagios-nrpe-config (28) unstable; urgency=low
-
- * dsa-check-dabackup: ignore .bak files in confdir.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:23:25 -0400
-
-dsa-nagios-nrpe-config (27) unstable; urgency=low
-
- * Change OK text when da-backup not installed.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:19:00 -0400
-
-dsa-nagios-nrpe-config (26) unstable; urgency=low
-
- * dsa-check-dabackup: Warn if installed but no backups configured.
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:13:30 -0400
-
-dsa-nagios-nrpe-config (25) unstable; urgency=low
-
- * Install dsa-check-dabackup
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 12:05:11 -0400
-
-dsa-nagios-nrpe-config (24) unstable; urgency=low
-
- * Check for dsa-check-backup sudoers entry
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 11:48:48 -0400
-
-dsa-nagios-nrpe-config (23) unstable; urgency=low
-
- * Add dsa-check-dabackup
-
- -- Peter Palfrader <weasel@debian.org> Mon, 14 Apr 2008 10:56:32 -0400
-
-dsa-nagios-nrpe-config (22) unstable; urgency=low
-
- * Add a very easy dsa-check-da-in-aliases.
-
- -- Peter Palfrader <weasel@debian.org> Fri, 11 Apr 2008 10:25:54 -0400
-
-dsa-nagios-nrpe-config (21) unstable; urgency=low
-
- * Add dsa-check-raid-sw.
-
- -- Peter Palfrader <weasel@debian.org> Thu, 3 Apr 2008 06:22:44 -0400
-
-dsa-nagios-nrpe-config (20) unstable; urgency=low
-
- * Do away with a new changelog entry and version for every build of the
- package - it floods us with useless commit mails - and just
- increase the version to $TIMESTAMP in the build area.
-
- -- Peter Palfrader <weasel@debian.org> Thu, 3 Apr 2008 05:38:27 -0400
-
-dsa-nagios-nrpe-config (1) unstable; urgency=low
-
- * Initial release.
-
- -- Peter Palfrader <weasel@debian.org> Wed, 2 Apr 2008 22:24:12 +0200
+++ /dev/null
-Source: dsa-nagios-nrpe-config
-Section: local
-Priority: extra
-Maintainer: Peter Palfrader <weasel@debian.org>
-Build-Depends: debhelper (>= 5)
-Standards-Version: 3.7.2
-
-Package: dsa-nagios-nrpe-config
-Architecture: all
-Depends: nagios-nrpe-server, nagios-plugins-basic, ${misc:Depends}, binutils, libberkeleydb-perl, dsa-ssh-weak-keys, ruby
-Suggests: hpacucli
-Description: debian.org nagios-nrpe-server configuration
- This package provides the debian.org configuration for the
- nagios-nrpe-server, automatically created from the debian.org
- nagios setup.
- .
- It also ships a few nagios checks.
+++ /dev/null
-This package was debianized by Peter Palfrader <weasel@debian.org> on
-Wed, 2 Apr 2008 22:19:07 +0200.
-
-The config file shipped with this package is generated automatically
-from the debian.org nagios config.
-
-
-########################################################################
-dsa-check-raid-sw:
- Copied from http://svn.noreply.org/svn/weaselutils/trunk/nagios-check-raid.pl at r330
- Copyright 2003 Thomas Nilsen
- Copyright 2004, 2007, 2008 Peter Palfrader
- License: GPL
-
-########################################################################
-dsa-check-dabackup:
- Copyright: 2007 Stephen Gran
- Copyright: 2008 Peter Palfrader
- License: MIT
-
-########################################################################
-dsa-check-dabackup-server:
- Copyright: 2008 Peter Palfrader
- License: MIT
-
-########################################################################
-dsa-check-raid-3ware:
- Copyright: 2006 Peter Palfrader
- License: MIT
-
-########################################################################
-dsa-check-running-kernel:
- Copyright: 2008 Peter Palfrader
- License: MIT
-
-########################################################################
-dsa-check-hpacucli:
- Copyright: 2008 Peter Palfrader
- License: MIT
-
-########################################################################
-dsa-check-statusfile:
- Copyright: 2008 Peter Palfrader
- License: MIT
-
-########################################################################
-weak-ssh-keys-check:
- Copyright: 2008 Florian Weimer, Alexander Wirt
- License: ISC
-
-########################################################################
-apt-status-check:
- Copyright (C) 2004 SILVER SERVER Gmbh
- Copyright (C) 2004, 2005, 2006, 2007, 2008 Peter Palfrader
- License: GPL
-
-########################################################################
-dsa-check-samhain:
- Copyright: 2004 Rainer Wichmann
- Copyright: 2008 Martin Zobel-Helas
- License: GPL
-
-########################################################################
-dsa-check-raid-areca:
- Copyright: 2007, 2008 Erinn Looney-Triggs
- License: GPL
-
-########################################################################
-dsa-check-mirrorsync:
- Copyright: 2008: Alexander Wirt
- Copyright: 2008: Peter Palfrader
- License: GPL
-
-########################################################################
-dsa-check-packages:
- Copyright: 2008,2009 Peter Palfrader
- License: MIT
-
-########################################################################
-dsa-check-soas:
- Copyright: 2006 Peter Palfrader
- License: MIT
+++ /dev/null
-@reboot root sleep 10m && [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys
-@daily root [ -x /usr/share/dsa/weak-ssh-keys-check ] && /usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys
-
-@hourly root [ -x /usr/sbin/dsa-update-apt-status ] && /usr/sbin/dsa-update-apt-status
-13 */4 * * * root [ -x /usr/sbin/dsa-update-samhain-status ] && /usr/sbin/dsa-update-samhain-status
-
-# vim:ft=crontab:
+++ /dev/null
-etc/nagios
-usr/lib/nagios/plugins
-usr/share/dsa
-var/cache/dsa/nagios
-usr/sbin
+++ /dev/null
-#!/bin/sh
-
-set -e
-
-NAGIOS_MASTER=192.25.206.57
-
-if [ -e /etc/nagios/nrpe.cfg ] ; then
- if ! grep '^include=/etc/nagios/nrpe_dsa.cfg$' /etc/nagios/nrpe.cfg > /dev/null; then
- echo
- echo "WARNING: /etc/nagios/nrpe.cfg does not include /etc/nagios/nrpe_dsa.cfg. Please fix."
- echo
- fi
- if ! grep '^allowed_hosts=' /etc/nagios/nrpe.cfg > /dev/null; then
- echo
- echo "WARNING: /etc/nagios/nrpe.cfg does not define allowed_hosts. Please fix (set allowed_hosts=$NAGIOS_MASTER)."
- echo
- else
- found=0
- for host in `grep '^allowed_hosts=' /etc/nagios/nrpe.cfg | sed -e 's/.*=//' | tr ',' "\n"`; do
- if [ "$host" = "$NAGIOS_MASTER" ]; then
- found=1
- break
- fi
- done
- if [ "$found" = "0" ]; then
- echo
- echo "WARNING: /etc/nagios/nrpe.cfg does not have $NAGIOS_MASTER in allowed_hosts. Please fix."
- echo
- fi
- fi
-fi
-
-if [ -e /etc/default/nagios-nrpe-server ] ; then
- if ! grep '^DAEMON_OPTS="--no-ssl"$' /etc/default/nagios-nrpe-server > /dev/null; then
- echo
- echo "WARNING: /etc/default/nagios-nrpe-server probably does not set DAEMON_OPTS=\"--no-ssl\". Please fix."
- echo
- fi
-fi
-
-if [ -e /etc/sudoers ] ; then
- if ! grep '^nagios.*/usr/lib/nagios/plugins/dsa-check-dabackup' /etc/sudoers > /dev/null; then
- echo
- echo 'WARNIG: Add this line to sudoers:'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""'
- echo
- fi
-fi
-
-if [ -e /etc/sudoers ] ; then
- if ! grep '^nagios.*/usr/sbin/samhain' /etc/sudoers > /dev/null; then
- echo
- echo 'WARNIG: Add this line to sudoers:'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none'
- echo
- fi
-fi
-
-if [ -e /usr/sbin/hpacucli ] && [ -e /dev/cciss/c0d0 ] ; then
- if ! grep '^nagios.*hpacucli' /etc/sudoers > /dev/null; then
- echo
- echo 'WARNIG: Add these lines to sudoers:'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status'
- echo
- elif ! grep '^nagios.*hpacucli.* pd .*:.* show' /etc/sudoers > /dev/null; then
- echo
- echo 'WARNIG: Add these lines to sudoers:'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show'
- echo 'nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show'
- fi
-fi
-
-if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- invoke-rc.d nagios-nrpe-server restart || exit $?
-else
- /etc/init.d/nagios-nrpe-server restart || exit $?
-fi
-
-/usr/share/dsa/weak-ssh-keys-check -s /var/cache/dsa/nagios/weak-ssh-keys
-
-#DEBHELPER#
-
-exit 0
+++ /dev/null
-#!/bin/sh
-# postrm script for dsa-ssh-weak-keys
-#
-# see: dh_installdeb(1)
-
-set -e
-
-case "$1" in
- purge)
- rm -f /var/cache/dsa/nagios/weak-ssh-keys
- ;;
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
+++ /dev/null
-#!/usr/bin/make -f
-
-clean:
- dh_testdir
- dh_testroot
- dh_clean
-
-build:
-
-install:
- dh_testdir
- dh_testroot
- dh_clean -k
- dh_installdirs
-
- install -m 644 nrpe_dsa.cfg $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios
- install -m 755 dsa-check-hpacucli $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-raid-areca $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-raid-dac960 $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-raid-mpt $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-raid-sw $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-raid-3ware $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-running-kernel $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-config $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-dabackup $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-dabackup-server $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-udldap-freshness $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-statusfile $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-samhain $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-mirrorsync $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-soas $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
-
- install -m 755 dsa-check-puppet $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 755 dsa-check-packages $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/lib/nagios/plugins
- install -m 644 obsolete-packages-ignore $(CURDIR)/debian/dsa-nagios-nrpe-config/etc/nagios
-
- install -m 755 apt-status-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa
- install -m 755 weak-ssh-keys-check $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/share/dsa
-
- install -m 755 dsa-update-apt-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin
- install -m 755 dsa-update-samhain-status $(CURDIR)/debian/dsa-nagios-nrpe-config/usr/sbin
-
-
-binary-indep: install
- dh_testdir
- dh_testroot
- dh_installchangelogs
- dh_installdocs
- dh_installcron
- dh_compress
- dh_fixperms
- dh_installdeb
- dh_shlibdeps
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
-binary-arch: install
-binary: binary-indep binary-arch
-
-.PHONY: clean binary-indep binary-arch binary install build
+++ /dev/null
-#!/bin/sh
-
-# Check that debian-admin is in /etc/aliases for root.
-# Peter Palfrader, 2008
-
-#my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 );
-
-set -e
-err=0
-
-log() {
- if [ "$0" == "ok" ] && [ "$err" == 0 ]; then
- err=0
- elif [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then
- err=1
- elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then
- err=2
- elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then
- err=3
- fi
- if [ "`eval echo \\$$1`" = "" ]; then
- eval $1="\"$2\""
- else
- eval $1="\"`eval echo \\$$1`; $2\""
- fi
-}
-
-
-check_aliases() {
- if ! [ -e /etc/aliases ]; then
- log unknown "/etc/aliases not found"
- return
- fi
-
- if egrep '^root:.*debian-admin@debian.org' /etc/aliases > /dev/null; then
- log ok "debian-admin found in aliases"
- return
- fi
-
- log warn "debian-admin not found in root entry in aliases"
-}
-
-check_ldap_conf() {
- if ! [ -e /etc/ldap/ldap.conf ]; then
- log unknown "/etc/ldap/ldap.conf not found"
- return
- fi
-
- if egrep '^URI.*ldap://db.debian.org' /etc/ldap/ldap.conf > /dev/null &&
- egrep '^BASE.*dc=debian,dc=org' /etc/ldap/ldap.conf > /dev/null &&
- egrep '^TLS_CACERT.*/etc/ssl/certs/spi-cacert-2008.pem' /etc/ldap/ldap.conf > /dev/null &&
- egrep '^TLS_REQCERT.*hard' /etc/ldap/ldap.conf > /dev/null ; then
- log ok "ldap.conf configured properly"
- return
- fi
-
- log warn "ldap.conf does not have URI, BASE, TLS_CACERT, TLS_REQCERT all configured correctly"
-}
-
-check_aliases
-check_ldap_conf
-
-[ "$critical" = "" ] || echo -n "Critical: $critical; "
-[ "$warn" = "" ] || echo -n "Warning: $warn; "
-[ "$unknown" = "" ] || echo -n "Unknown: $unknown; "
-[ "$ok" = "" ] || echo -n "OK: $ok"
-echo
-exit $err
+++ /dev/null
-#!/usr/bin/perl -w
-
-# Check the status of da-backup backups
-# Copyright 2007 Stephen Gran <sgran@debian.org>
-# Copyright 2008 Peter Palfrader
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-use Getopt::Long;
-use Fcntl qw(:seek);
-
-my $DABACKUP_CONF = '/etc/da-backup.conf';
-my $MAX_AGE = 30*60*60;
-my $TOO_FRESH = 5*60;
-my %CODE = (
- 'UNDEF' => -1,
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-$SIG{__DIE__ } = sub() {
- print shift;
- exit $CODE{'UNKNOWN'};
-};
-
-
-my $EXITCODE = 'UNDEF';
-my %MESSAGE = ();
-
-sub problem($$$) {
- my ($code, $msg, $resource) = @_;
- $MESSAGE{$msg} = [] unless defined $MESSAGE{$msg};
- push @{$MESSAGE{$msg}}, $resource;
- $EXITCODE = ($CODE{$code} > $CODE{$EXITCODE}) ? $code : $EXITCODE;
-};
-
-
-sub help($$) {
- my ($exitcode, $fd) = @_;
- version ($fd, 0);
- print $fd "Usage: $PROGRAM_NAME --help\n";
- print $fd "Usage: $PROGRAM_NAME";
- exit $exitcode
-};
-
-my $params = {};
-
-Getopt::Long::config('bundling');
-if (!GetOptions (
- 'h|help' => \$params->{'help'},
- )) {
- die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [-fwhv]\n");
-};
-
-help(0, *STDOUT) if $params->{'help'};
-help(1, *STDERR) if scalar @ARGV > 0;
-
-
-unless (-e $DABACKUP_CONF) {
- if (-e '/etc/da-backup') {
- print "WARNING: No $DABACKUP_CONF, but we have /etc/da-backup/\n";
- exit $CODE{'WARNING'};
- };
- if (-e '/var/log/da-backup') {
- print "WARNING: No $DABACKUP_CONF, but we have /var/log/da-backup/\n";
- exit $CODE{'WARNING'};
- };
- print "OK: da-backup not installed\n";
- exit $CODE{'OK'};
-};
-
-my $confdir;
-my $logdir;
-
-open (FH, "< $DABACKUP_CONF") or die ("Cannot open $DABACKUP_CONF: $!\n");
-while (<FH>) {
- if (/confdir=(.*)/) {
- $confdir = $1;
- } elsif (/logdir=(.*)/) {
- $logdir = $1;
- };
-};
-
-die ("No confdir found in $DABACKUP_CONF") unless defined $confdir;
-die ("No logdir found in $DABACKUP_CONF") unless defined $logdir;
-
-opendir(DIR, $confdir) or die ("Cannot opendir $confdir: $!\n");
-my %conffiles = map {$_ => 1} grep { !/^\./ && !/\.bak$/} readdir(DIR);
-closedir(DIR);
-
-opendir(DIR, $logdir) or die ("Cannot opendir $logdir: $!\n");
-my %logfiles = map {$_ => 1} grep { !/^\./ && !/\.[0-9]+(\.gz)?$/} readdir(DIR);
-closedir(DIR);
-
-if (scalar keys %conffiles == 0) {
- print "WARNING: da-backup installed but no backups configured\n";
- exit $CODE{'WARNING'};
-};
-
-for my $f (keys %conffiles) {
- unless (exists $logfiles{$f}) {
- problem('WARNING', 'no log', $f);
- }
-}
-
-FILE:
-for my $f (sort {$a cmp $b} keys %logfiles) {
- unless (exists $conffiles{$f}) {
- problem('WARNING', 'no config', $f);
- next;
- }
-
- my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n");
- my $age = time - $stat[10];
-
- if ($age < $TOO_FRESH) { # File is too new, let's use the old one
- if (-e "$logdir/$f.0") {
- $f .= ".0";
- my @stat = stat("$logdir/$f") or die ("Cannot stat $logdir/$f: $!\n");
- $age = time - $stat[10];
- };
- };
-
- if ($age < 0) {
- problem('WARNING', 'future timestamp', $f);
- next;
- } elsif ($age > $MAX_AGE) {
- my $hage;
-
- if ($age > 48 * 3600) {
- $hage = sprintf("%d days", $age / 24 / 3600);
- } else {
- $hage = sprintf("%d hours", $age / 3600);
- };
- problem('WARNING', 'old', "$f ($hage)");
- next;
- };
-
- open(FH, "< $logdir/$f") or die ("Cannot open $logdir/$f: $!\n");
- sysseek(FH, -1024, SEEK_END); # just try it - doesn't matter if it fails
- my $last2 = '';
- my $last = '';
- while (<FH>) {
- chomp;
- if (/^sent\s+\d+\s+bytes\s+received\s+\d+\s+bytes\s+[\d\.]+\s+bytes\/sec$/) {
- problem('OK', 'probably ok', $f);
- close(FH);
- next FILE;
- };
- $last2 = $last;
- $last = $_;
- };
- problem('CRITICAL', 'FAILED', "$f ($last2 $last)");
-};
-
-my $msg = join("; ", map {"$_: ".join(', ', @{$MESSAGE{$_}}) } (sort {$a cmp $b} keys %MESSAGE));
-print $EXITCODE, ": ", $msg, "\n";
-exit $CODE{$EXITCODE};
+++ /dev/null
-#!/bin/sh
-
-# some tests weasel uses to check if da-backup is properly configured:
-# Copyright 2008 Peter Palfrader
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
-set -e
-set -u
-
-err=0
-
-log() {
- if [ "$1" == "warn" ] && [ "$err" -lt 1 ]; then
- err=1
- elif [ "$1" == "critical" ] && [ "$err" -lt 2 ]; then
- err=2
- elif [ "$1" == "unknown" ] && [ "$err" == 0 ]; then
- err=3
- fi
-}
-
-cd /etc/da-backup-manager
-
-# check that the files have proper names
-for i in *; do
- s=`cat "$i" | awk -F = '$1=="source" {print $2}'`
- if [ "$s" = "master.debian.org/debian" ] && [ "$i" = "listarchive" ]; then
- # historical exception
- continue
- fi
- if [ "`echo $s | tr / -`" != "$i" ]; then
- log warn
- echo "Mismatch: Filename $i but backup source $s"
- fi
-done
-
-# and that source == destination everywhere
-for i in *; do
- s=`cat $i | awk -F = '$1=="source"{print $2}'`
- d=`cat $i | awk -F = '$1=="destination"{print $2}'`
- if [ "$d" != "$s" ]; then
- log warn
- echo "source != dest in $i. ($s != $d)"
- fi
-done
-
-# check that everything that has an entry in authorized_keys has one in /etc/da-backup-manager
-rsync_targets=`tempfile`
-backup_manager_sources=`tempfile`
-trap "rm -f '$rsync_targets' '$backup_manager_sources'" 0 1 2 5 15
-cat /root/.ssh/authorized_keys |
- grep '^command=' |
- sed -e 's/",no-por.*//' -e 's/.*--ignore-errors . //' -e 's#/org/backup.debian.org/staging/##' |
- sort > "$rsync_targets"
-grep -h source /etc/da-backup-manager/* |
- sed -e 's/source=//' |
- sort > "$backup_manager_sources"
-if ! diff "$rsync_targets" "$backup_manager_sources" > /dev/null; then
- log warn
- echo "authorized_keys vs. /etc/da-backup-manage mismatch:"
- diff "$rsync_targets" "$backup_manager_sources"
-fi
-
-# check that everything listed as either source or destination by da-backup-manager does exist - if stuff is new it might still be missing tho
-for i in `awk -F = '$1=="source" {print $2}' /etc/da-backup-manager/* `; do
- if ! [ -d "/org/backup.debian.org/staging/$i" ]; then
- log warn
- echo "Warning: source $i does not exist"
- fi
-done
-for i in ` awk -F = '$1=="destination"{print $2}' /etc/da-backup-manager/* `; do
- if ! [ -d "/org/backup.debian.org/backups/$i" ]; then
- log warn
- echo "Warning: destination $i does not exist (if it is new, it takes a day)"
- fi
-done
-
-# check that everything that does exist has an entry in da-backup-manager
-cd /org/backup.debian.org/staging
-for i in */*; do
- if ! [ -d "$i" ]; then
- log warn
- echo "WTF: staging/$i is not a dir"
- continue
- fi
- if ! grep "source=$i" /etc/da-backup-manager/* > /dev/null; then
- log warn
- echo "staging/$i is not listed anywhere in /etc/da-backup-manager"
- fi
-done
-cd /org/backup.debian.org/backups
-for i in */*; do
- if ! [ -d "$i" ]; then
- log warn
- echo "WTF: backups/$i is not a dir"
- continue
- fi
- if ! grep "destination=$i" /etc/da-backup-manager/* > /dev/null; then
- log warn
- echo "backups/$i is not listed anywhere in /etc/da-backup-manager"
- fi
-done
-
-if [ "$err" = 0 ]; then
- echo "da-backup seems to be properly configured"
-fi
-exit $err
+++ /dev/null
-#!/usr/bin/perl -w
-
-# check _physical_ disk status of disks on HP smart array controllers
-# requires hpacucli
-#
-# does _not_ check raid status. use arrayprobe for that.
-
-# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-
-# nagios exit codes
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-
-my $EXITCODE = 'OK';
-
-$SIG{'__DIE__'} = sub {
- print STDERR @_;
- exit $CODE{'UNKNOWN'};
-};
-
-sub runcmd($) {
- my ($cmd) = @_;
- $cmd = "sudo hpacucli $cmd";
- open(FH, $cmd."|") or die ("Cannot run $cmd: $!");
- my @lines = <FH>;
- close FH;
- die ("no results from $cmd\n") if (scalar @lines == 0);
- return \@lines;
-}
-
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-my $ctrlallshow = runcmd("controller all show");
-my @controllers;
-for (@$ctrlallshow) {
- chomp;
- next if /^$/;
- if (/in Slot ([0-9]+) /) {
- push @controllers, $1;
- next;
- };
- die ("Cannot read line '$_' gotten from hpacucli controller all show\n");
-};
-
-if (scalar @controllers == 0) {
- print "UNKNONW: No smartarray controllers found with hpacucli\n";
- exit $CODE{'UNKNOWN'}
-};
-
-my @resultstr;
-
-for my $slot (sort @controllers) {
- my $pds = runcmd("controller slot=$slot pd all show");
- my @drives;
- my $nodrives = 0;
- my %status;
- for (@$pds) {
- chomp;
- next if /^$/;
- next if (/^\S.*in Slot $slot/);
- next if /^ *array [A-Z]$/;
- if (/^ *(array [A-Z]) \(Failed\)$/) {
- record('CRITICAL');
- push @{$status{'Failed'}}, $1;
- } elsif (/^Error: The specified controller does not have any physical drives on it.$/) {
- $nodrives = 1;
- } elsif (/^ *physicaldrive (\S+) .* (OK|Predictive Failure|Failed|Rebuilding)(?:, spare)?\)$/) {
- my $drive = $1;
- my $status = $2;
- push @{$status{$status}}, $drive;
- if ($status eq 'OK') {
- } elsif ($status eq 'Predictive Failure' ||
- $status eq 'Rebuilding') {
- record('WARNING');
- } elsif ($status eq 'Failed') {
- record('CRITICAL');
- } else {
- record('UNKNOWN');
- };
- push @drives, $drive;
- } else {
- die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot pd all show\n");
- };
- };
-
- # Check that all drives have the proper transfer speed.
- # sometimes stuff breaks and they fall back to 10mb/sec.
- for my $drive (@drives) {
- # skip drives that are known to have failed
- next if (exists $status{'Failed'} && grep {$drive eq $_} @{$status{'Failed'}});
- my $type;
- if ($drive =~ /^[0-9]+:[0-9]+$/) { # scsi drives
- $type = 'SCSI';
- } elsif ($drive =~ /^[0-9]+I:[0-9]+:[0-9]+$/) { # SAS
- $type = 'SAS';
- } else {
- # I'm not going to run pass arguments of unknown form to the shell..
- warn ("Unknown diskdrive ID $drive\n");
- next;
- }
-
- my $pd = runcmd("controller slot=$slot pd $drive show");
- while (defined $pd->[0] && !($pd->[0] =~ /physicaldrive/)) {
- shift @$pd;
- };
- shift @$pd;
- my %value;
- for (@$pd) {
- if (m/^\s*(.*?):\s*(.*?)\s*$/) {
- $value{$1} = $2;
- }
- }
-
- my $key;
- my $expected;
- if ($type eq 'SCSI') {
- $key = 'Transfer Speed';
- if (!defined $value{'Transfer Mode'}) {
- record('WARNING');
- push @{$status{'unknown transfer mode'}}, $drive;
- next;
- } elsif ($value{'Transfer Mode'} eq 'Ultra 3 Wide') {
- $expected = '160 MB/Sec';
- } elsif ($value{'Transfer Mode'} eq 'Ultra 320 Wide') {
- $expected = '320 MB/Sec';
- } else {
- record('WARNING');
- push @{$status{'unknown transfer mode'}}, $drive."(".$value{'Transfer Mode'}.")";
- next;
- };
- } elsif ($type eq 'SAS') {
- $key = 'PHY Transfer Rate';
- if ($value{'PHY Count'} eq '2') {
- $expected = '3.0GBPS, Unknown';
- } else {
- $expected = '3.0GBPS';
- }
- } else {
- warn "Should not be here. Do not know what to do with type '$type'\n";
- next;
- }
-
- if (!defined $value{$key}) {
- record('WARNING');
- push @{$status{'unknown transfer speed'}}, $drive;
- } elsif ($value{$key} ne $expected) {
- record('WARNING');
- push @{$status{'bad transfer speed'}}, $drive."(".$value{$key}.")";
- };
- };
-
- if ($nodrives && scalar keys %status > 0) {
- push @resultstr, "Slot $slot: have no drives but status results?";
- record('UNKNOWN');
- next;
- } elsif ($nodrives) {
- push @resultstr, "Slot $slot: no drives";
- next;
- };
-
- my $cst = runcmd("controller slot=$slot show status");
- for (@$cst) {
- chomp;
- next if /^$/;
- next if (/^\S.*in Slot $slot/);
- if (/^ *(.*) Status: (.*)$/) {
- my $system = $1;
- my $status = $2;
- push @{$status{$status}}, $system;
- if ($status ne 'OK') {
- record('WARNING');
- };
- } else {
- die ("Cannot read line '$_' gotten from hpacucli controller slot=$slot show status\n");
- };
- };
-
- my $status = join(" - ", (map { $_.": ".join(", ", @{$status{$_}}) } keys %status));
- push @resultstr, "Slot $slot: $status";
-};
-
-print "$EXITCODE: ", join(" --- ", @resultstr), "\n";
-exit $CODE{$EXITCODE};
+++ /dev/null
-#!/usr/bin/perl -w
-
-# nagios check for debian security sync checks
-#
-# Copyright (c) 2008 Alexander Wirt <formorer@debian.org>
-# Copyright (c) 2009 Peter Palfrader <peter@palfrader.org>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA
-
-use LWP::UserAgent;
-use Socket;
-use strict;
-use Date::Parse;
-use Getopt::Long;
-use Date::Parse;
-use Date::Format;
-use File::Basename;
-use English;
-use warnings;
-
-
-sub usage($$) {
- my ($fh, $exit) = @_;
- my $basename = basename($PROGRAM_NAME);
- my $VERSION = '0.1';
-
- print $fh "$basename $VERSION\n";
- print $fh "Usage: $basename [--help|--version] [--verbose]\n";
- print $fh "\n";
- print $fh " --help Print this short help.\n";
- print $fh " --version Report version number.\n";
- print $fh " --verbose Be a little verbose.\n";
- print $fh " --host hostname to check.\n";
- print $fh " --path path to tracefile.\n";
- print $fh "\n";
- exit ($exit);
-};
-
-
-$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
-delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-
-my $params;
-
-$params->{'host'} = 'security.debian.org'; #which host to check
-$params->{'path'} = 'project/trace/security-master.debian.org';
-
-my $OK = 0;
-my $WARNING = 1;
-my $CRITICAL = 2;
-my $UNKNOWN = 3;
-
-if (!GetOptions (
- '--help' => \$params->{'help'},
- '--verbose' => \$params->{'verbose'},
- '--version' => \$params->{'version'},
- '--host=s' => \$params->{'host'},
- '--path=s' => \$params->{'path'},
- )) {
- usage(*STDERR,1)
-};
-usage(*STDOUT,0) if ($params->{'help'});
-usage(*STDERR,1) if (scalar @ARGV);
-
-my $host = $params->{'host'};
-my $path = $params->{'path'};
-my @slaves;
-my $status;
-my @exitstatus;
-my $exitcode = $OK;
-
-@slaves = gethostbyname($params->{'host'}) or die "Can't resolve " . $params->{'host'} .": $!\n";
-@slaves = map { inet_ntoa($_) } @slaves[4 .. $#slaves];
-print "Checking the following hosts:\n" . join("\n", @slaves) . "\n" if $params->{'verbose'};
-
-my @critical;
-
-foreach my $slave (@slaves) {
- my $ua = LWP::UserAgent->new;
- $ua->proxy('http', "http://$slave");
- print "Requesting http://$host/$path from $slave\n" if $params->{'verbose'};
- my $response = $ua->get("http://$host/$path");
-
-
- if ($response->is_success) {
- my $content = $response->content; # or whatever
- my ($date, $foo, $bar) = split("\n", $content);
- my $synctime = str2time($date);;
- print "$slave last synced $synctime\n" if $params->{'verbose'};
- $status->{$slave}->{'synced'} = $synctime;
- }
- else {
- push @exitstatus, "$slave broken: " . $response->status_line;
- $status->{$slave}->{'error'} = $response->status_line;
- $exitcode = $CRITICAL;
- push @critical, $slave;
- }
-}
-
-
-my %seen;
-my $o_sync = scalar(grep !$seen{$_}++, map{$status->{$_}->{'synced'}} keys(%{$status}));
-if ($o_sync > 1) {
- $exitcode = $CRITICAL;
- $o_sync -= 1;
- my @mirrors = sort { $status->{$a}->{'synced'} <=> $status->{$b}->{'synced'} } keys %{$status};
- push @exitstatus, "$o_sync mirror(s) not in sync (from oldest to newest): ".
- join(",", splice(@mirrors,0,$o_sync));
-} else {
- print "All mirrors unique\n" if $params->{'verbose'};
-}
-
-if ($exitcode == $CRITICAL) {
- print "CRITICAL: " . join(',',@exitstatus) . "\n";
-} elsif ($exitcode == $OK) {
- print "OK: all mirrors up2date\n";
-}
-
-foreach my $mirror (keys(%{$status})) {
- if ($status->{$mirror}->{'error'}) {
- print "$mirror broken: " . $status->{$mirror}->{'error'} . "\n";
- } else {
- print "$mirror last synced: " . localtime($status->{$mirror}->{'synced'}) ."\n";
- }
-}
-
-exit $exitcode;
+++ /dev/null
-#!/usr/bin/perl
-
-# dsa-check-packages
-
-# checks for obsolete/local and upgradeable packages.
-#
-# packages for the obsolete/local check can be ignored, by
-# listing their full name in /etc/nagios/obsolete-packages-ignore
-# or by having a regex (starting a line with "/") that matches
-# the packagename in said file.
-#
-# Takes one optional argument, the location of the ignore file.
-
-
-# Copyright (C) 2008, 2009 Peter Palfrader <peter@palfrader.org>
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-use strict;
-use warnings;
-use English;
-
-my $IGNORE = "/etc/nagios/obsolete-packages-ignore";
-
-my %CODE = (
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-my $EXITCODE = 'OK';
-sub record($) {
- my ($newexit) = @_;
- die "code $newexit not defined\n" unless defined $CODE{$newexit};
-
- if ($CODE{$newexit} > $CODE{$EXITCODE}) {
- $EXITCODE = $newexit;
- };
-}
-
-
-
-sub get_packages {
- $ENV{'COLUMNS'} = 1000;
- $ENV{'LC_ALL'} = 'C';
- open(F, "dpkg -l|") or die ("Cannot run dpkg: $!\n");
- my @lines = <F>;
- close(F);
- chomp(@lines);
-
- shift @lines while ($lines[0] !~ /\+\+\+/);
- shift @lines;
-
- my %pkgs;
- for my $line (@lines) {
- my ($state, $pkg, $version, undef) = split(/ */, $line);
- $pkgs{$state}{$pkg} = { 'installed' => $version }
- }
-
- my $installed = $pkgs{'ii'};
- delete $pkgs{'ii'};
-
- open my $olderr, ">&STDERR" or die "Can't dup STDERR: $!";
- open STDERR, ">/dev/null" or die "Can't dup STDOUT: $!";
-
- open (F, "apt-cache policy ".(join(" ", keys(%$installed)))." |") or die ("Cannot run apt-cache policy: $!\n");
- @lines = <F>;
- close(F);
- chomp(@lines);
- open STDERR, ">&", $olderr or die "Can't dup OLDERR: $!";
-
- my $line;
- my $pkgname = undef;
- while (defined($line = shift @lines)) {
- if ($line =~ /^([^ ]*):$/) {
- $pkgname = $1;
- } elsif ($line =~ /^ +Installed: (.*)$/) {
- # etch dpkg -l does not print epochs, so use this info, it's better
- $installed->{$pkgname}{'installed'} = $1;
- } elsif ($line =~ /^ +Candidate: (.*)$/) {
- $installed->{$pkgname}{'candidate'} = $1;
- } elsif ($line =~ /^ +\*\*\*/) {
- my @l;
- @l = split(/ +/, $line);
- $line = shift @lines;
- @l = split(/ +/, $line);
- $installed->{$pkgname}{'origin'} = $l[2];
- }
- }
-
- my (%current, %obsolete, %outofdate);
- for my $pkgname (keys %$installed) {
- my $pkg = $installed->{$pkgname};
-
- unless (defined($pkg->{'candidate'}) && defined($pkg->{'origin'})) {
- $obsolete{$pkgname} = $pkg;
- next;
- }
-
- if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
- $outofdate{$pkgname} = $pkg;
- next;
- };
- if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
- $obsolete{$pkgname} = $pkg;
- next;
- }
- $current{$pkgname} = $pkg;
- }
-
- $pkgs{'current'} = \%current;
- $pkgs{'outofdate'} = \%outofdate;
- $pkgs{'obsolete'} = \%obsolete;
- return \%pkgs;
-}
-
-sub load_ignores {
- my ($ignorefile, $require_file) = @_;
-
- my @ignores;
- if (!$require_file and ! -e $ignorefile) {
- return \@ignores;
- }
-
- open (F, "< $ignorefile") or die ("Cannot open $ignorefile: $!\n");
- @ignores = <F>;
- close F;
- chomp(@ignores);
- return \@ignores;
-}
-
-sub check_ignore {
- my ($pkg, $ignores) = @_;
-
- my $ignore_this = 0;
- for my $ignore (@$ignores) {
- my $ig = $ignore;
- return 1 if ($ig eq $pkg);
- if (substr($ig,0,1) eq '/') {
- substr($ig, 0, 1, '');
- $ig =~ s,/$,,;
- return 1 if ($pkg =~ /$ig/);
- }
- }
- return 0
-}
-
-sub filter_ignored {
- my ($packages, $ignores) = @_;
-
- my $obs = $packages->{'obsolete'};
-
- my (%ignored, %bad);
- for my $pkg (keys %$obs) {
- if (check_ignore($pkg, $ignores)) {
- $ignored{$pkg} = $obs->{$pkg};
- } else {
- $bad{$pkg} = $obs->{$pkg};
- };
- }
- delete $packages->{'obsolete'};
- $packages->{'obsolete'} = \%bad;
- $packages->{'obsolete-ignored'} = \%ignored;
-};
-
-sub usage {
- my ($fd, $exit) = @_;
- print $fd "Usage: $PROGRAM_NAME [<ignorefile>]\n";
- exit $exit;
-}
-
-my $ignorefile = $IGNORE;
-my $ignorefile_userset = 0;
-usage(\*STDERR, 1) if (@ARGV > 1);
-if (@ARGV == 1) {
- usage(\*STDOUT, 0) if ($ARGV[0] eq "-h");
- usage(\*STDOUT, 0) if ($ARGV[0] eq "--help");
- $ignorefile = $ARGV[0];
- $ignorefile_userset = 1;
-};
-
-my $ignores = load_ignores($ignorefile, $ignorefile_userset);
-my $packages = get_packages();
-
-filter_ignored($packages, $ignores);
-
-
-
-my @reportform = (
- { 'key' => 'obsolete',
- 'listpackages' => 1,
- 'long' => "%d local or obsolete packages: %s",
- 'short' => "%d obs",
- 'status' => 'WARNING' },
- { 'key' => 'outofdate',
- 'listpackages' => 1,
- 'long' => "%d out of date packages: %s",
- 'short' => "%d updates",
- 'status' => 'WARNING' },
- { 'key' => 'current',
- 'listpackages' => 0,
- 'long' => "%d packages current.",
- 'short' => "%d ok",
- 'status' => 'OK' },
- { 'key' => 'obsolete-ignored',
- 'listpackages' => 1,
- 'long' => "%d whitelisted local or obsolete packages: %s",
- 'short' => "%d obs(ignored)",
- 'status' => 'OK' },
- { 'key' => 'rc',
- 'listpackages' => 1,
- 'long' => "%d packages removed but not purged: %s",
- 'short' => "%d rc",
- 'status' => 'OK' },
- { 'key' => 'hi',
- 'listpackages' => 1,
- 'long' => "%d packages on hold: %s",
- 'short' => "%d hi",
- 'status' => 'OK' },
- { 'key' => 'pc',
- 'listpackages' => 1,
- 'long' => "%d packages requested to be purged but conffiles still installed: %s",
- 'short' => "%d pc",
- 'status' => 'WARNING' },
- );
-
-my @longout;
-my @shortout;
-for my $form (@reportform) {
- my $pkgs = $packages->{$form->{'key'}};
- delete $packages->{$form->{'key'}};
- my $num = scalar keys %$pkgs;
- next unless ($num > 0);
- if ($form->{'listpackages'}) {
- my $list = join(", ", keys %$pkgs);
- push @longout, sprintf($form->{'long'}, $num, $list);
- } else {
- push @longout, sprintf($form->{'long'}, $num);
- };
- push @shortout, sprintf($form->{'short'}, $num);
- record($form->{'status'});
-};
-if (scalar keys %$packages) {
- record('WARNING');
- unshift @shortout, "unk: ".join(", ", keys %$packages);
- for my $status (sort {$b cmp $a} keys %$packages) {
- my $pkgs = $packages->{$status};
- my $list = join(", ", keys %$pkgs);
- unshift @longout, "Unknown package status $status: $list";
- };
-}
-
-my $shortout = $EXITCODE.": ".join(", ", @shortout);
-my $longout = join("\n", @longout);
-
-print $shortout,"\n";
-print $longout,"\n";
-
-exit $CODE{$EXITCODE};
+++ /dev/null
-#!/usr/bin/env ruby
-
-require 'optparse'
-
-class CheckPuppet
-
- VERSION = '0.1'
- script_name = File.basename($0)
-
- # default options
- OPTIONS = {
- :statefile => "/var/lib/puppet/state/state.yaml",
- :interval => 60,
- }
-
- o = OptionParser.new do |o|
- o.set_summary_indent(' ')
- o.banner = "Usage: #{script_name} [OPTIONS]"
- o.define_head "The check_puppet Nagios plug-in checks that the specified " +
- "puppet state file is no older than specified interval."
- o.separator ""
- o.separator "Mandatory arguments to long options are mandatory for " +
- "short options too."
-
- o.on("-s", "--statefile=statefile", String, "The state file",
- "Default: #{OPTIONS[:statefile]}") { |OPTIONS[:statefile]| }
- o.on("-i", "--interval=value", Integer,
- "Default: #{OPTIONS[:interval]} minutes") { |OPTIONS[:interval]| }
-
- o.separator ""
- o.on_tail("-h", "--help", "Show this help message.") do
- puts o
- exit
- end
-
- o.parse!(ARGV)
- end
-
- def check_state
-
- # Set variables
- curt = Time.now
- intv = OPTIONS[:interval] * 60
-
- # Check file time
- @modt = 0
- begin
- @modt = File.mtime("#{OPTIONS[:statefile]}")
- rescue
- @file = 3
- end
-
- diff = (curt - @modt).to_i
-
- @file = 2
- @file = 0 if diff <= intv
-
- end
-
- def output_status
-
- case @file
- when 0
- state = "state file status okay updated on " + @modt.strftime("%m/%d/%Y at %H:%M:%S")
- when 2
- state = "state file is missing or older than #{OPTIONS[:interval]} minutes"
- when 3
- state = "state file status unknown"
- end
-
- case @file
- when 0
- status = "OK"
- exitcode = 0
- when 2
- status = "CRITICAL"
- exitcode = 2
- when 3
- status = "UNKNOWN"
- exitcide = 3
- end
-
- puts "PUPPET " + status + ": " + state
- exit(exitcode)
- end
-end
-
-cp = CheckPuppet.new
-cp.check_state
-cp.output_status
-
+++ /dev/null
-#!/usr/bin/perl -Tw
-
-# Copyright (C) 2006 Peter Palfrader <peter@palfrader.org>
-
-# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers:
-#
-# nagios ALL=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
-#
-
-use strict;
-use English;
-use Getopt::Long;
-
-$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
-delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-
-my $TW_CLI = '/usr/local/bin/tw_cli';
-my $SVN_REVISION_STRING = '$Rev: 313 $';
-my ($SVN_REVISION) = ($SVN_REVISION_STRING =~ /([0-9]+)/);
- $SVN_REVISION = 'unknown' unless defined $SVN_REVISION;
-my $VERSION = '0.0.0.'.$SVN_REVISION;
-
-# nagios exit codes
-my $UNKNOWN = -1;
-my $OK = 0;
-my $WARNING = 1;
-my $CRITICAL = 2;
-
-my $params = {
- 'no-sudo' => 0,
- 'controller' => 0,
- 'unit' => 0
- };
-
-Getopt::Long::config('bundling');
-if (!GetOptions (
- '--help' => \$params->{'help'},
- '--version' => \$params->{'version'},
- '--verbose' => \$params->{'verbose'},
- '--controller=i' => \$params->{'controller'},
- '--unit=i' => \$params->{'unit'},
- '--no-sudo' => \$params->{'no-sudo'},
- )) {
- die ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=<n>] [--unit=<n>]\n");
-};
-if ($params->{'help'}) {
- print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--no-sudo] [--controller=<n>] [--unit=<n>]\n";
- print "Checks status of 3ware raid arrays.\n";
- exit (0);
-};
-if ($params->{'version'}) {
- print "nagios-check-raid-3ware $VERSION\n";
- print "nagios check for 3ware raids\n";
- print "Copyright (c) 2006 Peter Palfrader <peter\@palfrader.org>\n";
- exit (0);
-};
-
-$SIG{'__DIE__'} = sub {
- print STDERR @_;
- exit $UNKNOWN;
-};
-
-unless (-e $TW_CLI) {
- print "Cannot find '$TW_CLI'.\n";
- exit $UNKNOWN;
-};
-
-my $sudo = $params->{'no-sudo'} ? '' : 'sudo ';
-my $command = "$sudo $TW_CLI info c$params->{'controller'} u$params->{'unit'} status";
-print STDERR "Running $command\n" if $params->{'verbose'};
-open (TW, "$command|") or die ("Cannot run $command: $!\n");
-my @tw=<TW>;
-close TW;
-if ($CHILD_ERROR) { # program failed
- die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
-};
-
-
-my $exit = $UNKNOWN;
-my $msg = '';
-for my $line (@tw) {
- chomp $line;
- next if $line =~ /^$/;
- my ($device, $status) = $line =~ m#^(/c[0-9]+/u[0-9]+) status = ([A-Z]+)$#;
- unless (defined($device) && defined($status)) {
- print "Cannot parse line '$line'\n";
- exit $UNKNOWN;
- };
- if ($status eq 'OK' ||
- $status eq 'VERIFYING') {
- $msg .= ($msg eq '' ? '' : '; '). "$device: $status";
- $exit = $exit > $OK ? $exit : $OK;
- } elsif ($status eq 'DEGRADED') {
- $msg .= ($msg eq '' ? '' : '; '). "$device: $status";
- $exit = $exit > $CRITICAL ? $exit : $CRITICAL;
- } elsif ($status eq 'OFFLINE') {
- $msg .= ($msg eq '' ? '' : '; '). "$device: $status";
- $exit = $exit > $CRITICAL ? $exit : $CRITICAL;
- } else {
- $msg .= ($msg eq '' ? '' : '; '). "$device: UNKNOWN STATUS '$status'";
- $exit = $exit > $UNKNOWN ? $exit : $UNKNOWN;
- };
-};
-
-if ($msg eq '') {
- $msg = "No devices found";
- die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN);
-}
-
-print $msg,"\n";
-exit $exit;
+++ /dev/null
-#!/usr/bin/perl
-
-# downloaded as check_areca from
-# http://www.nagiosexchange.org/cgi-bin/page.cgi?g=1486.html;d=1
-# on 20081001 by weasel.
-#
-# local changes: fix path to areca_cli
-
-#####################################################
-#Program to check the areca RAID controller for the status of the RAID
-#Created: 2007-11-27
-#Version: 1.1.0
-#Revised: 2008-07-23
-#Revised by: Erinn Looney-Triggs
-#Author: Erinn Looney-Triggs
-#Changelog:
-#1.1: Fixed issue with newer versions of the Areca CLI > 1.72 and
-#fixed a problem where the RAID name contained spaces
-#(Reported by Daniel Philipp). Also did a bit of cleanup.
-#####################################################
-
-use Carp;
-use English qw( -no_match_vars );
-use Getopt::Long; #Grab command line switches
-use Pod::Usage;
-use strict; #Do it right
-use warnings;
-
-$ENV{PATH} = '/usr/local/bin:/usr/bin:'; #Safer path
-my $areca_cli = '/usr/local/sbin/areca-cli';
-my $timeout = '10'; #Default timeout of 10 seconds
-my $VERSION = '1.1.0'; #Version number
-
-#Nagios plugin return values, in english
-my $OK = '0';
-my $WARNING = '1';
-my $CRITICAL = '2';
-my $UNKNOWN = '3';
-
-GetOptions( 'areca_cli|A=s' => \$areca_cli,
- 'man' => sub { pod2usage(3) },
- 'timeout|t=i' => \$timeout,
- 'usage' => sub { pod2usage(1) },
- 'version' => sub { VersionMessage() },
- 'help' => sub { pod2usage(1) },
-);
-
-sanity_checks();
-parse_areca( check_areca() );
-
-sub check_areca{
- my @output;
-
- #Timer operation. Times out after $timeout seconds.
- eval {
-
- #Set the alarm and set the timeout
- local $SIG{ALRM} = sub { die "alarm\n" };
- alarm $timeout;
-
- #Run the command
- @output = `sudo $areca_cli vsf info`;
- if ($?){
- print "Command: cli vsf info failed, "
- . "$OS_ERROR $CHILD_ERROR, aborting!\n";
- exit $CRITICAL;
- }
-
- #Reset the alarm if successful
- alarm 0;
- };
-
- #Test return value and exit if eval caught the alarm
- if ($EVAL_ERROR) {
- if ( $EVAL_ERROR eq "alarm\n" ) {
- print "Operation timed out after $timeout seconds.\n";
- exit $CRITICAL;
- }
- else {
- print "An unknown error has occured: $EVAL_ERROR \n";
- exit $UNKNOWN;
- }
- }
-
- return @output;
-}
-
-sub parse_areca{
- my @output = @_;
-
- my $abnormal; #Holds count of non-normal returns
-
- my @pertinent_lines = grep (/\s\d+\s/, @output);
-
- for my $line (@pertinent_lines){
- #Strip of leading spaces
- $line =~ s/^\s+//;
-
- #Split the line into discrete parts
- my ( $number, $level, $capacity, $state, )
- = (split (/\s+/, "$line"))[0,-4,-3,-1];
-
- #If the state is normal continue on in loop
- if (lc $state eq "normal"){
- print "|Controller number: $number RAID level: $level "
- . "Capacity: $capacity State: $state| ";
- }
-
- #If state is abnormal continue on in loop but add 1 to $abnormal
- else{
- print "|Controller number: $number RAID level: $level "
- . "Capacity: $capacity State: $state| ";
- $abnormal++;
- }
- }
-
- #If any abnormalities exist ext with a critical error.
- if ($abnormal){
- exit $CRITICAL;
- }
- else {
- exit $OK;
- }
-
- return; #This should never be reached
-}
-
-sub sanity_checks{
- if (! -e $areca_cli){
- print "$areca_cli does not exist, aborting!\n";
- exit $CRITICAL;
- }
- if (! -x $areca_cli){
- print "$areca_cli is not executable by the running user, aborting!\n";
- exit $CRITICAL;
- }
-
- return; #This should never be reached
-}
-
-#Version message information displayed in both --version and --help
-sub main::VersionMessage {
-
- print <<"EOF";
-This is version $VERSION of check_areca.
-
-Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs\@gmail.com).
-All rights reserved.
-
-This module is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License.
-See http://www.fsf.org/licensing/licenses/gpl.html
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-EOF
-
- exit 1;
-}
-
-__END__
-
-=head1 NAME
-
-check_areca - Checks the status of an Areca RAID via the Areca CLI utility.
-
-=head1 VERSION
-
-This documentation refers to check_areca version 1.1.0
-
-=head1 USAGE
-
-check_areca.pl
-
-=head1 REQUIRED ARGUMENTS
-
-None
-
-=head1 OPTIONS
-
- --areca_cli (-A) Set the location of the Areca cli executable.
- --help Display usage information.
- --man Display the entire POD documentation
- --timeout (-t) Sets the timeout, defaults to 10 seconds.
- --usage Display usage information (same as --help)
- --version Display the version number
-
-
-=head1 DESCRIPTION
-
-This is a Nagios plugin that runs the Areca CLI to check the status of the
-RAID controller. It then parses the resultant exit information and
-passes the output to NRPE.
-
-=head1 DIAGNOSTICS
-
-=head2 Command: cli vsf info failed, aborting!
-
-For some reason the command trying to be run failed. Try running it by hand
-and seeing if it runs properly.
-
-=head2 Operation timed out after <timeout> seconds.
-
-Running the command failed after a certain amount of time (defaults to 10
-seconds). Try using the --timeout (-t) switch and increasing the timeout
-threshold. Also try running the command by hand and see if it is hanging.
-
-=head2 An unknown error has occurred:
-
-Just what it says, running the cli command threw an unknown error and the
-process died. Run the CLI command by hand and see if you receive proper
-output.
-
-=head2 <areca cli> does not exist, aborting!
-
-The binary that the script is looking to run does not exist. By default
-check_areca looks in /usr/local/areca/bin/ for the cli. However, you can
-change this default by setting the --areca_cli (-A) flag from the command
-line
-
-=head2 <areca cli> is not executable by the running user, aborting!
-
-The cli program was found but it is not executable by the current user,
-usually this is the nagios user.
-
-=head1 CONFIGURATION AND ENVIRONMENT
-
-The Areca cli program should be available on the system. By default
-check_areca looks in /usr/local/areca/bin/cli for the cli. You can set the
-location using the --areca_cli (-A) flag from the command line.
-
-It is helpful to have an Areca RAID controller on the system being checked.
-
-=head1 DEPENDENCIES
-
- check_areca depends on the following modules:
- POSIX Standard Perl 5.8 module
- Getopt::Long Standard Perl 5.8 module
- Pod::USAGE Standard Perl 5.8 module
-
-=head1 INCOMPATIBILITIES
-
-None known yet.
-
-=head1 BUGS AND LIMITATIONS
-
-Bugs, never heard of 'em ;).
-If you encounter any bugs let me know. (erinn.looneytriggs@gmail.com)
-
-=head1 AUTHOR
-
-Erinn Looney-Triggs (erinn.looneytriggs@gmail.com)
-
-=head1 LICENCE AND COPYRIGHT
-
-Copyright (c) 2007-2008 Erinn Looney-Triggs (erinn.looneytriggs@gmail.com).
-All rights reserved.
-
-This module is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License.
-See L<http://www.fsf.org/licensing/licenses/gpl.html>.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+++ /dev/null
-#!/bin/sh
-
-# Nagios check for Mylex DAC960/AcceleRAID/eXtremeRAID PCI RAID Controllers
-#
-# Some background information on the driver is available at
-# http://home.germany.net/100-120220/mylex/DAC960.README
-#
-# Written 2008 Peter Palfrader
-
-if [ -e /proc/rd/status ]; then
- status=`cat /proc/rd/status`
- if [ "$status" = "OK" ]; then
- echo "OK: all DAC960 controllers operating normally; no (non-standby) failures have occurred"
- exit 0;
- else
- echo "CRITICAL: proc/rd/status is $status"
- exit 2;
- fi;
-else
- echo "UNKNOWN: No DAC960 controllers in the system"
- exit 3;
-fi
+++ /dev/null
-#!/usr/bin/perl -Tw
-
-# Copyright (C) 2008 Peter Palfrader <peter@palfrader.org>
-
-# Need to allow /usr/local/bin/tw_cli info c0 u0 status in sudoers:
-#
-# nagios ALL=(ALL) NOPASSWD: /usr/sbin/mpt-status -s
-#
-
-use strict;
-use English;
-use Getopt::Long;
-
-$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
-delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
-
-my $MPT_STATUS = '/usr/sbin/mpt-status';
-
-# nagios exit codes
-my $UNKNOWN = -1;
-my $OK = 0;
-my $WARNING = 1;
-my $CRITICAL = 2;
-
-$SIG{'__DIE__'} = sub {
- print STDERR @_;
- exit $UNKNOWN;
-};
-
-unless (-e $MPT_STATUS) {
- print "Cannot find '$MPT_STATUS'.\n";
- exit $UNKNOWN;
-};
-
-my $command = "sudo $MPT_STATUS -s";
-open (MPT, "$command|") or die ("Cannot run $command: $!\n");
-my @tw=<MPT>;
-close MPT;
-if ($CHILD_ERROR) { # program failed
- die("$command returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
-};
-
-
-my $exit = $UNKNOWN;
-my $msg = '';
-for my $line (@tw) {
- chomp $line;
- next if $line =~ /^$/;
- my ($device, $num, $status) = $line =~ m#^(log_id|vol_id|phys_id)\s+([0-9]+)\s+(.*)$#;
- unless (defined($device) && defined($num) && defined($status)) {
- print "Cannot parse line '$line'\n";
- exit $UNKNOWN;
- };
- if ($status eq 'OPTIMAL' ||
- $status eq 'ONLINE') {
- $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status";
- $exit = $exit > $OK ? $exit : $OK;
- } else {
- $msg .= ($msg eq '' ? '' : '; '). "$device $num: $status";
- $exit = $exit > $CRITICAL ? $exit : $CRITICAL;
- };
-};
-
-if ($msg eq '') {
- $msg = "No devices found";
- die ("exit is not UNKNOWN but $exit") if ($exit != $UNKNOWN);
-}
-
-print $msg,"\n";
-exit $exit;
+++ /dev/null
-#!/usr/bin/perl -w
-# ------------------------------------------------------------------------------
-# File Name: chech_raid.pl
-# Author: Thomas Nilsen - Norway
-# Date: 14/06/2003
-# Version: 0.1
-# Description: This script will check to see if any software raid
-# devices are down.
-# Email: thomas.nilsen@doc-s.co.uk
-# WWW: www.doc-s.co.uk
-# ------------------------------------------------------------------------------
-# Copyright 2003 (c) Thomas Nilsen
-# Credits go to Ethan Galstad for coding Nagios
-# License GPL
-# ------------------------------------------------------------------------------
-# Date Author Reason
-# ---- ------ ------
-# 2008-03-31 Peter Palfrader Return warning on running resync
-# 2007-11-07 Peter Palfrader Return unknown if /proc/mdstat does not exist
-# 05/10/2004 Peter Palfrader Make it work without that 'use util (vars)'
-# 14/06/2003 TN Initial Release
-# - Format of mdstat assumed to be "2 line" per
-# device with [??] on the second line.
-# ------------------------------------------------------------------------------
-
-use strict;
-use warnings;
-use Getopt::Long;;
-use vars qw($opt_V $opt_h $opt_t $opt_F $PROGNAME);
-use lib '/usr/local/nagios/libexec/';
-my $TIMEOUT=15;
-my %ERRORS = ( OK => 0, WARNING => 1, CRITICAL => 2, UNKNOWN => -1 );
-
-
-$PROGNAME="check_raid";
-
-sub print_help ();
-sub print_usage ();
-
-$ENV{'PATH'}='';
-$ENV{'BASH_ENV'}='';
-$ENV{'ENV'}='';
-my ( $line, $stat, $state ,@device, $msg, $status, $timeout);
-
-$stat="/proc/mdstat";
-
-#Option checking
-Getopt::Long::Configure('bundling');
-$status = GetOptions(
- "V" => \$opt_V, "version" => \$opt_V,
- "h" => \$opt_h, "help" => \$opt_h,
- "F" => \$opt_F, "filename" => \$opt_F,
- "t" => \$opt_t, "timeout" => \$opt_t);
-# Version
-if ($opt_V) {
- print($PROGNAME,': $Revision: 0.1 $');
- exit $ERRORS{'OK'};
-}
-# Help
-if ($opt_h) {
- print_help();
- exit $ERRORS{'OK'};
-}
-# Filename supplied
-if ($opt_F) {
- $opt_F = shift;
- $stat = $1 if ($opt_F =~ /^(.*)$/);
-
- if ( ! -r $stat ) {
- print "Invalid mdstat file: $opt_F\n";
- exit $ERRORS{'UNKNOWN'};
- }
-}
-
-$timeout = $TIMEOUT;
-($opt_t) && ($opt_t =~ /^([0-9]+)$/) && ($timeout = $1);
-
-# Just in case of problems, let's not hang Nagios
-$SIG{'ALRM'} = sub {
- print ("ERROR: No response (alarm)\n");
- exit $ERRORS{'UNKNOWN'};
-};
-alarm($timeout);
-
-# Start checking the file...
-open (FH, $stat) or print("UNKNOWN: Cannot open $stat: $!\n"), exit $ERRORS{'UNKNOWN'};
-
-my @failed = ();
-my @resyncing = ();
-my $device = '';
-
-# Now check the mdstat file..
-while (<FH>) {
- $line = $_;
- if ($line =~ /^(md\S*) /) {
- $device = $1;
- } elsif( $line =~ / \[_|_\]|U_|_U /) {
- push @failed, $device;
- }
- elsif ( $line =~ / resync /) {
- # [==>..................] resync = 10.3% (15216320/146994624) finish=2153.2min speed=1018K/sec
- my ($percent) = ($line =~ m# resync = ([0-9.]+%)#);
- my ($finish) = ($line =~ m# finish=([0-9.]+min)#);
- my ($speed) = ($line =~ m# speed=([0-9.]+K/sec)#);
- push @resyncing, "$device ($percent done, finish in $finish at $speed)";
- }
-}
-close (FH);
-
-if (scalar @failed > 0) {
- if (scalar @failed == 1) {
- print "CRITICAL - Device $failed[0] has failed.\n";
- } else {
- print "CRITICAL - Devices ".join(", ", @failed)." have failed.\n"
- };
- exit $ERRORS{'CRITICAL'};
-} elsif (scalar @resyncing > 0 ) {
- print "WARNING: Resyncing: ".(join "; ", @resyncing)."\n";
- exit $ERRORS{'WARNING'};
-} else {
- print "OK - All devices are online\n";
- exit $ERRORS{'OK'};
-};
-
-
-sub print_usage () {
- print "Usage: $PROGNAME -t <timeout> -F <filename>\n";
-}
-
-sub print_help () {
- print_revision($PROGNAME,'$Revision: 0.1 $');
- print "Copyright (c) 2003 Thomas Nilsen/Karl DeBisschop\n";
- print "\n";
- print_usage();
- print "Checks the mdstat file for errors on any configured software raid.\n
--t ( --timeout=INTEGER)
- Seconds before script times out (default: 10)\n
--F ( --filename=FILE)
- Full path and name to mdstat file (usually '/proc/mdstat') \n\n";
-}
+++ /dev/null
-#!/bin/bash
-
-# Check if the running kernel has the same version string as the on-disk
-# kernel image.
-
-# Copyright 2008 Peter Palfrader
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-OK=0;
-WARNING=1;
-CRITICAL=2;
-UNKNOWN=3;
-
-get_offset() {
- local file needle
-
- file="$1"
- needle="$2"
- perl -e '
- undef $/;
- $i = index(<>, "'"$needle"'");
- if ($i < 0) {
- exit 1;
- };
- print $i,"\n"' < "$file"
-}
-
-get_image() {
- local image GZHDR1 GZHDR2 off
-
- image="$1"
-
- GZHDR1="\x1f\x8b\x08\x00"
- GZHDR2="\x1f\x8b\x08\x08"
-
- off=`get_offset "$image" $GZHDR1`
- [ "$?" != "0" ] && off="-1"
- if [ "$off" -eq "-1" ]; then
- off=`get_offset "$image" $GZHDR2`
- [ "$?" != "0" ] && off="-1"
- fi
- if [ "$off" -eq "0" ]; then
- zcat < "$image"
- return
- elif [ "$off" -ne "-1" ]; then
- (dd ibs="$off" skip=1 count=0 && dd bs=512k) < "$image" 2>/dev/null | zcat 2>/dev/null
- return
- fi
-
- echo "ERROR: Unable to extract kernel image." 2>&1
- exit 1
-}
-
-searched=""
-for on_disk in \
- "/boot/vmlinuz-`uname -r`"\
- "/boot/vmlinux-`uname -r`"; do
-
- if [ -e "$on_disk" ]; then
- on_disk_version="`get_image "$on_disk" | strings | grep 'Linux version' | head -n1`"
- [ -z "$on_disk_version" ] || break
- on_disk_version="`cat "$on_disk" | strings | grep 'Linux version' | head -n1`"
- [ -z "$on_disk_version" ] || break
-
- echo "UNKNOWN: Failed to get a version string from image $on_disk"
- exit $UNKNOWN
- fi
- searched="$searched $on_disk"
-done
-
-if ! [ -e "$on_disk" ]; then
- echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running"
- exit $WARNING
-fi
-
-
-running_version="`cat /proc/version`"
-if [ -z "$running_version" ] ; then
- echo "UNKNOWN: Failed to get a version string from running system"
- exit $UNKNOWN
-fi
-
-if [ "$running_version" != "$on_disk_version" ]; then
- echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]"
- exit $WARNING
-else
- echo "OK: Running kernel matches on disk image: [$running_version]"
- exit $OK
-fi
+++ /dev/null
-#!/usr/bin/perl -w
-
-# check_samhain.pl - check to see how many policy violations are reported
-# by the samhain file integrity checker.
-#
-# Copyright Rainer Wichmann (2004)
-# Copyright Martin Zobel-Helas (2008)
-#
-# License Information:
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-############################################################################
-
-# -------------------------------------------------------------------[ Uses ]--
-
-use strict;
-use Getopt::Long;
-use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval);
-use lib "/usr/lib/nagios/plugins";
-use utils qw(%ERRORS &print_revision);
-
-#my $TIMEOUT = 15;
-#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
-#sub print_revision ($$);
-
-# ----------------------------------------------------[ Function Prototypes ]--
-
-sub print_help ();
-sub print_usage ();
-sub process_arguments ();
-
-# ------------------------------------------------------------[ Environment ]--
-
-$ENV{'PATH'}='';
-$ENV{'BASH_ENV'}='';
-$ENV{'ENV'}='';
-
-# -----------------------------------------------------------------[ Global ]--
-
-$PROGNAME = "dsa-check-samhain";
-$SAMHAIN = "/usr/sbin/samhain";
-
-# ----------------------------------------------------------------[ options ]--
-
-Getopt::Long::Configure('bundling');
-$status = process_arguments();
-if ($status){
- print "ERROR: processing arguments\n";
- exit $ERRORS{"UNKNOWN"};
-}
-
-# ----------------------------------------------------------------[ timeout ]--
-
-$SIG{'ALRM'} = sub {
- print ("ERROR: timed out waiting for $SAMHAIN\n");
- exit $ERRORS{"WARNING"};
-};
-alarm($opt_t);
-
-# ----------------------------------------------------------[ start samhain ]--
-
-if ( defined $SAMHAIN && -x $SAMHAIN ) {
- if (! open (SHPIPE, "/usr/bin/sudo $SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) {
- print "ERROR: could not popen $SAMHAIN \n";
- exit $ERRORS{'UNKNOWN'};
- }
-}else{
- print "ERROR: Could not find samhain executable!\n";
- exit $ERRORS{'UNKNOWN'};
-}
-
-# ---------------------------------------------------------[ read from pipe ]--
-
-$status = 0;
-
-while (<SHPIPE>) {
- if (/POLICY/) {
- ++$status;
- print $_ if $verbose;
- }
-}
-
-if ($status < $opt_w) {
- $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)";
- $state = $ERRORS{'OK'};
-} elsif ($status >= $opt_w && $status < $opt_c) {
- $msg = "WARNING: $status policy violations (threshold w=$opt_w)";
- $state = $ERRORS{'WARNING'};
-} else {
- $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)";
- $state = $ERRORS{'CRITICAL'};
-}
-
-# -------------------------------------------------------------[ close pipe ]--
-
-close (SHPIPE);
-
-# declare an error if we also get a non-zero return code from samhain
-
-if ( $? ) {
- $retval = $? / 256;
- if ( $! ) {
- print "Error closing $SAMHAIN: $!\n" if $verbose;
- } else {
- print "$SAMHAIN returned exit status $retval\n" if $verbose;
- }
- if ($state == $ERRORS{"CRITICAL"}) {
- $state = $ERRORS{"CRITICAL"};
- } else {
- print "ERROR: $SAMHAIN exit status $retval\n";
- exit $ERRORS{'UNKNOWN'};
- }
-}
-
-# -------------------------------------------------------------------[ exit ]--
-
-print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n";
-exit $state;
-
-
-# ------------------------------------------------------------[ Subroutines ]--
-
-sub process_arguments(){
- GetOptions
- ("V" => \$opt_V, "version" => \$opt_V,
- "h" => \$opt_h, "help" => \$opt_h,
- "v" => \$opt_v, "verbose" => \$opt_v,
- "w=i" => \$opt_w, "warning=i" => \$opt_w,
- "c=i" => \$opt_c, "critical=i" => \$opt_c,
- "t=i" => \$opt_t, "timeout=i" => \$opt_t
- );
-
- if ($opt_V) {
- print_revision($PROGNAME,'$Revision: 1.0 $ ');
- exit $ERRORS{'OK'};
- }
-
- if ($opt_h) {
- print_help();
- exit $ERRORS{'OK'};
- }
-
- if (defined $opt_v ){
- $verbose = $opt_v;
- }
-
- unless (defined $opt_t) {
- $opt_t = $utils::TIMEOUT ; # default timeout
- # $opt_t = $TIMEOUT ;
- }
-
- unless (defined $opt_w) {
- $opt_w = 1;
- }
-
- unless (defined $opt_c) {
- $opt_c = 1;
- }
-
- if ( $opt_w > $opt_c) {
- print "Warning cannot be greater than Critical!\n";
- exit $ERRORS{'UNKNOWN'};
- }
-
- return $ERRORS{'OK'};
-}
-
-sub print_usage () {
- print "Usage: $PROGNAME [-w <warn>] [-c <crit>] [-t <timeout>]\n";
-}
-
-sub print_help () {
- print_revision($PROGNAME, '$Revision: 1.0 $');
- print "Copyright (c) 2004 Rainer Wichmann
-
-This plugin checks the number of policy violations reported by the
-samhain file intgrity checker
-
-";
- print_usage();
- print "
--w, --warning=INTEGER
- Minimum number of policy violations for which a WARNING status will result
--c, --critical=INTEGER
- Minimum number of policy violations for which a CRITICAL status will result
--t, --timeout=SECONDS
- The number of seconds after which a the plugin will timeout
--v, --verbose
- Verbose output
--h, --help
- Show this help message
--V, --version
- Show the version of the plugin
-
-";
-}
-
-#sub print_revision ($$) {
-# my $commandName = shift;
-# my $pluginRevision = shift;
-# $pluginRevision =~ s/^\$Revision: //;
-# $pluginRevision =~ s/ \$\s*$//;
-# print "$commandName (samhain 2.2.3) $pluginRevision\n";
-#}
+++ /dev/null
-#!/usr/bin/ruby
-
-# Copyright 2006 Peter Palfrader
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-require 'resolv'
-require 'optparse'
-require 'yaml'
-
-NAGIOS_STATUS = { :OK => 0, :WARNING => 1, :CRITICAL => 2, :UNKNOWN => -1 };
-@verbose = 0;
-@additional_nameservers = []
-
-def show_help(parser, code=0, io=STDOUT)
- program_name = File.basename($0, '.*')
- io.puts "Usage: #{program_name} [options] <domainname> [<domainname> ...]"
- io.puts parser.summarize
- exit(code)
-end
-ARGV.options do |opts|
- opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) }
- opts.on("-v", "--verbose" , String, "Be verbose") { @verbose += 1 }
- opts.on("-a", "--add=HOST" , String, "Also check SOA on <nameserver>") { |val| @additional_nameservers << val }
- opts.parse!
-end
-show_help(ARGV.options, 1, STDERR) if ARGV.length == 0
-
-warnings = []
-oks = []
-
-dns = Resolv::DNS.new
-ARGV.each{ |domain|
- serial = []
- nameservers = dns.getresources(domain, Resolv::DNS::Resource::IN::NS)
- nameservernames = nameservers.collect{ |ns| ns.name.to_s }
- nameservernames = nameservernames.concat @additional_nameservers
- nameservernames.each{ |nameserver|
- puts "Testing nameserver #{nameserver} for #{domain}" if @verbose > 0
- arecords = dns.getresources(nameserver, Resolv::DNS::Resource::IN::A)
- warnings << "Nameserver #{nameserver} for #{domain} has #{arecords.length} A records" if arecords.length != 1
- arecords.each{ |a|
- puts " Nameserver #{nameserver} is at #{a.address}" if @verbose > 0
- begin
- resolver = Resolv::DNS.new({:nameserver => a.address.to_s})
- soas = resolver.getresources(domain, Resolv::DNS::Resource::IN::SOA)
- rescue SystemCallError => e
- warnings << "Could not resolve #{domain} on #{nameserver}: #{e.message}"
- else
- resolver.close
- warnings << "Nameserver #{nameserver} for #{domain} returns #{soas.length} SOAs" if soas.length != 1
- soas.each{ |soa|
- puts " Nameserver #{nameserver} returns serial #{soa.serial} for #{domain}" if @verbose > 0
- serial << soa.serial unless serial.include? soa.serial
- }
- end
- }
- }
- case serial.length
- when 0
- warnings << "Found no serials for #{domain}"
- when 1
- oks << "#{domain} is at #{serial.first}"
- else
- warnings << "Nameservers disagree on serials for #{domain}: found #{serial.join(', ')}" if serial.length != 1
- end
-}
-dns.close
-
-if warnings.length > 0
- puts warnings.join('; ')
- exit NAGIOS_STATUS[:WARNING]
-else
- puts oks.join('; ')
- exit NAGIOS_STATUS[:OK]
-end
+++ /dev/null
-#!/usr/bin/ruby
-
-# Relay the status of a check that was previously run and which stored
-# its result in a file to nagios.
-#
-# Copyright 2008 Peter Palfrader
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-require 'resolv'
-require 'optparse'
-
-NAGIOS_STATUS = { "OK" => 0, "WARNING" => 1, "CRITICAL" => 2, "UNKNOWN" => 3 }
-UNITS_TO_SECONDS = { 's' => 1, 'm' => 60, 'h' => 60*60, 'd' => 24*60*60 }
-
-def show_help(parser, code=0, io=STDOUT)
- program_name = File.basename($0, '.*')
- io.puts "Usage: #{program_name} [options] <statusfile>"
- io.puts parser.summarize
- exit(code)
-end
-
-max_age = "26h"
-ARGV.options do |opts|
- opts.on_tail("-h", "--help" , "Display this help screen") { show_help(opts) }
- opts.on("-a", "--age=AGE" , String, "maximum age, in seconds (or use Nm, Nh or Nd) - default is 26h") { |max_age| }
- opts.parse!
-end
-show_help(ARGV.options, 1, STDERR) if ARGV.length != 1
-
-statusfile = ARGV.shift
-
-# find out what the max age is that we accept
-unless (m = /^([0-9]+)([smhd])?$/.match max_age)
- STDERR.puts "Invalid age #{age}."
- show_help(ARGV.options, 1, STDERR) if ARGV.length != 1
-end
-max_age = m[1].to_i * UNITS_TO_SECONDS[m[2] ? m[2] : 's']
-
-# let's see if it exists
-unless File.exists? statusfile
- puts "UNKNOWN: #{statusfile} does not exist."
- exit NAGIOS_STATUS['UNKNOWN']
-end
-
-
-mtime = File.stat(statusfile).mtime
-if mtime + max_age < Time.now
- puts "WARNING: #{statusfile} is old: #{mtime}"
- exit NAGIOS_STATUS['WARNING']
-end
-
-status = File.new(statusfile)
-returnvalue = status.readline.chomp
-
-unless NAGIOS_STATUS.has_key? returnvalue
- puts "UNKNOWN: #{statusfile} has invalid return value: #{returnvalue}"
- exit NAGIOS_STATUS['UNKNOWN']
-end
-
-status.readlines.each do |line|
- print line
-end
-exit NAGIOS_STATUS[returnvalue]
+++ /dev/null
-#!/usr/bin/perl -w
-
-use strict;
-my %CODE = (
- 'UNDEF' => -1,
- 'OK' => 0,
- 'WARNING' => 1,
- 'CRITICAL' => 2,
- 'UNKNOWN' => 3
-);
-
-my $f;
-
-$SIG{__DIE__ } = sub() {
- print shift;
- exit $CODE{'UNKNOWN'};
-};
-
-if ( -e "/var/lib/misc/thishost/passwd.tdb" ) {
- $f = "/var/lib/misc/thishost/passwd.tdb";
-} else {
- my $hostname = `hostname -f`;
- chomp $hostname;
- $hostname =~ m/^([a-z]+(?:\.[a-z]+)+)$/;
- die "Weird hostname '$hostname'\n" unless defined $1;
- $hostname = $1;
- if ( -e "/var/lib/misc/$hostname/passwd.tdb" ) {
- $f = "/var/lib/misc/$hostname/passwd.tdb";
- };
-};
-
-die "Could not find passwd.tdb" unless defined $f;
-
-my @stat = stat($f) or die ("Cannot stat $f: $!\n");
-my $age = time - $stat[10];
-my $hage;
-if ($age > 48 * 3600) {
- $hage = sprintf("%.1f days", $age / 24 / 3600);
-} elsif ($age > 3600) {
- $hage = sprintf("%.1f hours", $age / 3600);
-} else {
- $hage = sprintf("%d minutes", $age / 60);
-};
-
-if ($age > 60*60) {
- print "WARNING: ud-ldap info is $hage old\n";
- exit $CODE{'WARNING'};
-};
-print "OK: ud-ldap info is $hage old\n";
-exit $CODE{'OK'};
+++ /dev/null
-#!/bin/sh
-
-UPDATE_RUNS=3
-STATUS=/var/cache/dsa/nagios/apt
-SLEEP_MAX=$(( 15 * 60 ))
-MAX_AGE=$(( 23 * 60 * 60 ))
-
-# we want to run if any of the following things is true
-# - we have never run before
-# - var/lib/dpkg/status has been touched since the last run
-# - var/cache/apt/pkgcache.bin has been touched since the last run
-# - our last run ended with 'apt-get update failed'
-# - our last run has been more than MAX_AGE (23hrs) ago
-run_required() {
- local run=0
- local norun=1
-
- [ -e "$STATUS" ] || return $run
- [ /var/lib/dpkg/status -nt "$STATUS" ] && return $run
- [ /var/cache/apt/pkgcache.bin -nt "$STATUS" ] && return $run
- grep "apt-get update failed" "$STATUS" > /dev/null && return $run
-
- local last_mod
- last_mod=`stat -c "%Y" "$STATUS"`
- now=`date +%s`
- age=$(( $now - $last_mod ))
- [ "$age" -gt "$MAX_AGE" ] && return $run
-
- return $norun
-}
-
-# do stuff only when required
-run_required || exit
-
-# sleep if called non-interactively
-if [ -z "$TERM" -o "$TERM" = "dumb" ]; then
- sleep $(( $RANDOM % $SLEEP_MAX ))
-fi
-
-# run apt-get update, retry a few times if it fails
-count=0
-while [ "$count" -lt "$UPDATE_RUNS" ]; do
- apt-get update -qq >/dev/null >&2
- if [ "$?" = "0" ]; then break; fi
- sleep $(( $RANDOM % 600 ))
- count="$(( $count + 1 ))"
-done
-if [ "$count" -ge "$UPDATE_RUNS" ]; then
- (echo "WARNING"
- echo "apt-get update failed") > "$STATUS"
- exit 1
-fi
-
-# run the apt check itself
-tmp=`tempfile`
-trap "rm -f '$tmp'" exit
-#/usr/share/dsa/apt-status-check --noupdate --timeout=600 > "$tmp"
-/usr/lib/nagios/plugins/dsa-check-packages > "$tmp"
-result="$?"
-case "$result" in
- 0)
- st="OK"
- ;;
- 1)
- st="WARNING"
- ;;
- 2)
- st="CRITICAL"
- ;;
- *)
- st="UNKNOWN"
- ;;
-esac
-(echo "$st"; cat "$tmp") > "$STATUS"
+++ /dev/null
-#!/bin/sh
-
-STATUS=/var/cache/dsa/nagios/samhain
-
-tmp=`tempfile`
-trap "rm -f '$tmp'" exit
-/usr/lib/nagios/plugins/dsa-check-samhain -t 1800 > "$tmp"
-result="$?"
-case "$result" in
- 0)
- st="OK"
- ;;
- 1)
- st="WARNING"
- ;;
- 2)
- st="CRITICAL"
- ;;
- *)
- st="UNKNOWN"
- ;;
-esac
-(echo "$st"; cat "$tmp") > "$STATUS"
+++ /dev/null
-/linux-image-.*/
-/kernel-image-.*/
-buildd
-sbuild
+++ /dev/null
-#!/usr/bin/perl
-
-# This cheak is based on code from the Debian/OpenSSL Weak Key Detector
-# written by Florian Weimer <fw@deneb.enyo.de>.
-# The code has been modified and enhanced by Alexander Wirt
-# <formorer@debian.org> to use it as a nagios check.
-#
-# Copyright (c) 2008, Florian Weimer <fw@deneb.enyo.de> for the original
-# Debian/OpenSSL Weak Key Detector
-# (http://security.debian.org/project/extra/dowkd/dowkd.pl.gz)
-#
-# Copyright (c) 2008, Alexander Wirt <formorer@debian.org> for check_weakkeys
-#
-# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-#
-
-=pod
-
-=head1 NAME
-
-B<check_weakkeys> - checks system for weak ssh keys
-
-=cut
-
-=head1 SYNOPSIS
-
-B<check_weakkeys> [options]
-
-=cut
-
-=head1 DESCRIPTION
-
-B<check_weakkeys> checks for all users if there id_rsa, id_dsa or
-authorized_key files if they contain weak ssh keys created by a Debian with a
-broken libssl (see DSA-1571 for more informations). Optionally <check_weakkeys>
-can spit out a warning of there are any DSA keys left in key or authorized_key
-files. To work it needs a database of precomputed hashes of known weak keys.
-This file is expected as an bdb database with the hash (like
-03:a2:f0:46:7f:13:9f:5f:96:71:a9:b8:a0:1c:01:05) as key. See <gen_fprdb> for
-such a database generator. <check_weakkeys> outputs his data to STDOUT or to a
-file. It meaned to be picked up by an nagios check like B<dsa-check-statusfile>
-from Peter Palfrader.
-
-=cut
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-h, --help>
-
-Prints out a brief help
-
-=item B<-s, --statusfile> "statusfile"
-
-Use 'F<statusfile>' instead of 'F<STDOUT>'.
-
-=item B<-f, --fprdb> "database" (default: /var/lib/dsa/ssh-weak-keys.db)
-
-Use 'F<database>' instead of 'F</var/lib/dsa/ssh-weak-keys.db>'
-as fingerprint database.
-
-=item B<-n, --dsa_nowarn>
-
-Don't warn for DSA keys
-
-=back
-
-=cut
-
-use strict;
-use warnings;
-
-use File::Temp;
-use BerkeleyDB;
-use Pod::Usage;
-use Getopt::Long;
-use IPC::Open3;
-
-my $fprdb_fname = "/var/lib/dsa/ssh-weak-keys.db" ;
-my ($outfile, $help);
-my $dsa_nowarn = 0;
-
-GetOptions( 'help|h' => \$help, #Help function
- 'statusfile|s=s' => \$outfile,
- 'fprdb|f=s' => \$fprdb_fname,
- 'n|dsa_nowarn' => \$dsa_nowarn,
-);
-
-pod2usage(1) if $help;
-
-my $fh;
-if ($outfile) {
- open ($fh, '>', $outfile)
- or die "Could not open statusfile '$outfile' for writing: $!";
-} else {
- $fh = *STDOUT;
-}
-
-my %fpr_hash;
-tie %fpr_hash, 'BerkeleyDB::Btree',
- -Filename => $fprdb_fname,
- -Flags => DB_RDONLY
- or die "Cannot open fingerprint db $fprdb_fname: $! $BerkeleyDB::Error\n";
-
-
-my ($weak_keys,$checked_keys) = 0;
-my $dsa_keys = 0;
-my $weird_keyfiles = 0;
-my $text = '';
-my %key_sizes;
-
-
-
-#&from_user_all;
-&from_debianorg_places;
-&from_ssh_host(qw(localhost));
-
-my $status="OK";
-if ($weak_keys) {
- $status = "CRITICAL";
-} elsif ($dsa_keys && ! $dsa_nowarn || $weird_keyfiles) {
- $status = "WARNING";
-}
-
-print $fh "$status\n";
-print $fh "Checked $checked_keys keys - $weak_keys weak - $dsa_keys dsa keys\n";
-print $fh "Sizes: ";
-foreach my $size (sort(keys(%key_sizes))) {
- print $fh "$size:$key_sizes{$size} ";
-}
-
-print $fh "\n";
-print $fh "$text" if $text;
-
-
-
-sub safe_backtick (@) {
- my @args = @_;
-
- my ($wtr, $fh, $err);
-
- open3($wtr,$fh,$err, @args)
- or die "error: failed to spawn $args[0]: $!\n";
- my @result;
- if (wantarray) {
- @result = <$fh>;
- } else {
- local $/;
- @result = scalar(<$fh>);
- }
- close $fh;
- $? == 0 or return undef;
- if (wantarray) {
- return @result;
- } else {
- return $result[0];
- }
-}
-
-sub ssh_fprint_file ($) {
- my $name = shift;
- my $data = safe_backtick qw/ssh-keygen -l -f/, $name;
- defined $data or return ();
- my @data = $data =~ /^(\d+) ([0-9a-f]{2}(?::[0-9a-f]{2}){15})/;
- return @data if @data == 2;
- return ();
-}
-
-sub ssh_fprint_check ($$$) {
- my ($name, $length, $hash) = @_;
- if (exists $key_sizes{$length}) {
- $key_sizes{$length}++;
- } else {
- $key_sizes{$length}=1;
- }
- $checked_keys++;
- if (exists $fpr_hash{$hash}) {
- $weak_keys++;
- $text .= "$name weak ($hash)\n";
- }
-}
-
-
-sub from_ssh_key_file ($) {
- my $name = shift;
- if (open (my $FH, '<', $name)) {
- my $key = <$FH>;
- if (! defined $key) {
- $weird_keyfiles++;
- $text .= "cannot read $name properly - empty?\n";
- } elsif ($key =~ m/ssh-dss/) {
- $dsa_keys++;
- $text .= "$name is a DSA key\n";
- }
- } else {
- $text .= "Could not open $name: $!";
- }
- my ($length, $hash) = ssh_fprint_file $name;
- if ($length && $hash) {
- ssh_fprint_check "$name:1", $length, $hash;
- } else {
- $text .= "$name:1: warning: failed to parse SSH key file\n";
- }
-}
-
-sub clear_tmp ($) {
- my $tmp = shift;
- seek $tmp, 0, 0 or die "seek: $!";
- truncate $tmp, 0 or die "truncate: $!";
-}
-
-sub from_ssh_auth_file ($) {
- my $name = shift;
- my $auth;
- unless (open $auth, '<', $name) {
- warn "$name:0: error: open failed: $!\n";
- return;
- }
- my $tmp = new File::Temp;
- while (my $line = <$auth>) {
- chomp $line;
- my $lineno = $.;
- clear_tmp $tmp;
- next if $line =~ m/^$/; # ignore empty lines
- next if $line =~ m/^#/; # ignore comments
- if ($line =~ m/ssh-dss/) {
- $dsa_keys++;
- $text .= "$name:$lineno is a DSA key\n";
- }
- print $tmp "$line\n" or die "print: $!";
- $tmp->flush;
- my ($length, $hash) = ssh_fprint_file "$tmp";
- if ($length && $hash) {
- ssh_fprint_check "$name:$lineno", $length, $hash;
- } else {
- $text .= "$name:$lineno: warning: unparsable line\n";
- }
- }
-}
-
-sub from_ssh_host (@) {
- my @names = @_;
- my @lines;
- push @lines, safe_backtick qw|ssh-keyscan -t rsa|, @names;
- push @lines, safe_backtick qw|ssh-keyscan -t dsa|, @names;
-
- my $tmp = new File::Temp;
- for my $line (@lines) {
- next if $line =~ /^#/;
- next if $line =~ /^no hostkey alg/;
- my ($host, $data) = $line =~ /^(\S+) (.*)$/;
- clear_tmp $tmp;
- print $tmp "$data\n" or die "print: $!";
- $tmp->flush;
- my ($length, $hash) = ssh_fprint_file "$tmp";
- if ($length && $hash) {
- ssh_fprint_check "$host", $length, $hash;
- } else {
- $text .= "$host: warning: unparsable line\n";
- }
- }
-}
-
-sub from_user ($) {
- my $user = shift;
- my ($name,$passwd,$uid,$gid,
- $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($user);
- my $file = "$dir/.ssh/authorized_keys";
- from_ssh_auth_file $file if -r $file;
- $file = "$dir/.ssh/authorized_keys2";
- from_ssh_auth_file $file if -r $file;
- $file = "$dir/.ssh/id_rsa.pub";
- from_ssh_key_file $file if -r $file;
- $file = "$dir/.ssh/id_dsa.pub";
- from_ssh_key_file $file if -r $file;
-}
-
-sub from_user_all () {
- setpwent;
- while (my $name = getpwent) {
- from_user $name;
- }
- endpwent;
-}
-
-
-sub from_debianorg_places () {
- open(F, "/etc/ssh/sshd_config") or die ("Cannot open /etc/ssh/sshd_config: $!\n");
- my @lines = <F>;
- close(F);
-
- my @ak = grep { /^AuthorizedKeysFile\s/i } @lines;
- my @ak2 = grep { /^AuthorizedKeysFile2\s/i } @lines;
-
- if (scalar @ak != 1) {
- print $fh "UNKNOWN\n";
- print $fh "There is more than one AuthorizedKeysFile definition in sshd_config\n";
- exit
- }
- if (scalar @ak2 != 1) {
- print $fh "UNKNOWN\n";
- print $fh "There is more than one AuthorizedKeysFile2 definition in sshd_config\n";
- exit
- }
- unless ($ak[0] =~ m#^((?i)AuthorizedKeysFile)\s+/etc/ssh/userkeys/%u$# ) {
- print $fh "UNKNOWN\n";
- print $fh "The AuthorizedKeysFile definition has an unexpected value. Should be /etc/ssh/userkeys/%u\n";
- exit
- }
- unless ($ak2[0] =~ m#^((?i)AuthorizedKeysFile2)\s+/var/lib/misc/userkeys/%u$# ) {
- print $fh "UNKNOWN\n";
- print $fh "The AuthorizedKeysFile2 definition has an unexpected value. Should be /var/lib/misc/userkeys/%u\n";
- exit
- }
-
- for my $d (qw{/etc/ssh/userkeys /var/lib/misc/userkeys}) {
- next unless (-d $d);
- opendir(D, $d) or die "Cannot opendir $d: $!\n";
- for my $file (grep { ! -d $d.'/'.$_ } readdir(D)) {
- next if ($file eq 'README-DSA-BUILDD');
- my $f = $d.'/'.$file;
- from_ssh_key_file $f if -r $f;
- };
- };
-}
-
-
+++ /dev/null
-define contact{
- contact_name weasel
- alias Peter Palfrader
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email debian-nagios@palfrader.org
- }
-
-define contact{
- contact_name joerg
- alias Joerg Jaspert
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email debiannagios@ganneff.de
- }
-
-define contact{
- contact_name tjrc1
- alias Tim Cutts
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email tjrc@sanger.ac.uk
- }
-
-define contact{
- contact_name holger
- alias Holger Levsen
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email holger@layer-acht.org
- }
-
-define contact{
- contact_name dannf
- alias Dann Frazier
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email dannf@hp.com
- }
-
-define contact{
- contact_name bzed
- alias Bernd Zeimetz
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email bernd+debnagios@bzed.de
- }
-
-define contact{
- contact_name luk
- alias Luk Claes
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email luk.claes@ugent.be
- }
-
-define contact{
- contact_name sfrost
- alias Stephen Frost
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email sfrost@snowman.net
- }
-
-define contact{
- contact_name lfilipoz
- alias Luca Filipozzi
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email lucaf+dsa@ece.ubc.ca
- }
-
-define contact{
- contact_name zobel
- alias Martin Zobel-Helas
- service_notification_period 24x7
- host_notification_period 24x7
- service_notification_options w,u,c,r
- host_notification_options d,r
- service_notification_commands notify-service-by-email
- host_notification_commands notify-host-by-email
- email zobel+debian-nagios@ftbfs.de
- }
-
-###############################################################################
-###############################################################################
-#
-# CONTACT GROUPS
-#
-###############################################################################
-###############################################################################
-
-# We only have one contact in this simple configuration file, so there is
-# no need to create more than one contact group.
-
-define contactgroup{
- contactgroup_name dsa
- alias Debian System Administrators
- members weasel, zobel
- }
+++ /dev/null
-# Generic host definition template - This is NOT a real host, just a template!
-
-define host{
- name generic-host ; The name of this host template
- notifications_enabled 1 ; Host notifications are enabled
- event_handler_enabled 1 ; Host event handler is enabled
- flap_detection_enabled 1 ; Flap detection is enabled
- failure_prediction_enabled 1 ; Failure prediction is enabled
- process_perf_data 1 ; Process performance data
- retain_status_information 1 ; Retain status information across program restarts
- retain_nonstatus_information 1 ; Retain non-status information across program restarts
- check_command check-host-alive
- max_check_attempts 10
- notification_interval 1440
- notification_period 24x7
- notification_options d,u,r
- contact_groups dsa
- register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE!
- }
+++ /dev/null
-# generic service template definition
-define service{
- name generic-service ; The 'name' of this service template
- active_checks_enabled 1 ; Active service checks are enabled
- passive_checks_enabled 1 ; Passive service checks are enabled/accepted
- parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
- obsess_over_service 1 ; We should obsess over this service (if necessary)
- check_freshness 0 ; Default is to NOT check service 'freshness'
- notifications_enabled 1 ; Service notifications are enabled
- event_handler_enabled 1 ; Service event handler is enabled
- flap_detection_enabled 1 ; Flap detection is enabled
- failure_prediction_enabled 1 ; Failure prediction is enabled
- process_perf_data 1 ; Process performance data
- retain_status_information 1 ; Retain status information across program restarts
- retain_nonstatus_information 1 ; Retain non-status information across program restarts
- notification_interval 0 ; Only send notifications on status change by default.
- is_volatile 0
- check_period 24x7
- normal_check_interval 15
- retry_check_interval 2
- max_check_attempts 6
- notification_period 24x7
- notification_options w,u,c,r
- contact_groups dsa
- register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
- }
+++ /dev/null
-###############################################################################
-# timeperiods.cfg
-###############################################################################
-
-# This defines a timeperiod where all times are valid for checks,
-# notifications, etc. The classic "24x7" support nightmare. :-)
-
-define timeperiod{
- timeperiod_name 24x7
- alias 24 Hours A Day, 7 Days A Week
- sunday 00:00-24:00
- monday 00:00-24:00
- tuesday 00:00-24:00
- wednesday 00:00-24:00
- thursday 00:00-24:00
- friday 00:00-24:00
- saturday 00:00-24:00
- }
-
-# This one is a favorite: never :)
-define timeperiod{
- timeperiod_name never
- alias Never
- }
+++ /dev/null
-# Non comment lines are YAML
-#
-# Strings ought to be in double quotes, but it works in most cases if they aren't :)
-#
-# vim:set syntax=yaml:
-
-# TODO
-# - spohr: hpasmd
-# - *: mailq
-# - *: check munin stats collection works
-# - *: check backups are successful
-# - *: unwanted: network: auth, discard, daytime, time (on some), cvs-pserver, rsync (on some), ftp (on some), http (on some)
-# - verdi: pg upgrade, openvpn
-# - mundy: salinfo_decode
-
-# down:
-# - sarti
-# - leisner
-
----
-#############################
-# hosts
-#############################
-servers:
- gw-man-da:
- address: 82.195.75.126
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- contacts: joerg, bzed
- gw-HP-ftc:
- address: 192.25.206.1
- parents: samosa
- hostgroups: routing-infrastructure
- gw-brainfood:
- address: 70.103.162.1
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-brown.edu:
- address: 128.148.34.1
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-osuosl:
- address: 140.211.166.1
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-scanplus-villa:
- address: 212.211.132.1
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-scanplus-lobos:
- address: 212.211.132.249
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-mit-csail:
- address: 128.30.0.254
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-xs4all:
- address: 194.109.137.217
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-umn.edu:
- address: 128.101.240.222
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-dg-i.net:
- address: 93.94.130.190
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- contacts: bzed
- gw-freenet:
- address: 62.104.23.249
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-topalis:
- address: 195.243.109.254
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-sanger:
- address: 193.62.202.18
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- contacts: tjrc1
- gw-lrz:
- address: 129.187.0.150
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-frost:
- address: 130.81.242.195
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-1und1:
- address: 195.20.247.54
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- contacts: joerg
- gw-1und1-karlsruhe:
- address: 212.227.120.29
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-blackcat:
- address: 193.201.200.129
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-xandros:
- address: 67.210.160.81
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-nmmn:
- address: 217.114.76.81
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-utwente:
- address: 130.89.149.1
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- #gw-ughent:
- # address: 157.193.39.254
- # parents: gw-HP-ftc
- # hostgroups: routing-infrastructure
- gw-agnesi:
- address: 65.173.90.18
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-ubc:
- address: 137.82.84.94
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- contacts: lfilipoz
- gw-carnet:
- address: 161.53.160.1
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-telegraaf:
- address: 82.94.249.153
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-helsinki:
- address: 128.214.173.25
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- contacts: holger
- gw-telefonica:
- address: 195.71.99.193
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-ball:
- address: 78.32.9.209
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-cst:
- address: 213.188.99.215
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-isc:
- address: 149.20.20.1
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
- gw-aca:
- address: 130.239.18.97
- parents: gw-HP-ftc
- hostgroups: routing-infrastructure
-
- global:
- hostgroups: notacomputer
- pingable: false
- check_command: dsa_check_always_ok
-
- samosa:
- address: 192.25.206.57
- hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, heavy-exim, lenny, puppet
- raff:
- address: 192.25.206.59
- parents: samosa
- hostgroups: computers, no-udev, service, dl380, apache2-hosts, bind9-hosts, rsyncd-hosts, heavy-exim, ulogd-hosts, nfs-client, lenny, puppet
- gluck:
- address: 192.25.206.10
- parents: samosa
- hostgroups: computers, no-udev, general, dl380, apache2-hosts, bind9-hosts, heavy-exim, highload, nfs-client, ulogd-hosts, lenny, puppet
- merkel:
- address: 192.25.206.16
- parents: samosa
- hostgroups: computers, general, apache1-hosts, apache2-hosts, rsyncd-hosts, sw-raid, postgres81-hosts, heavy-exim, nfs-client, ulogd-hosts, lenny, puppet
- spohr:
- address: 192.25.206.33
- parents: samosa
- hostgroups: computers, service, dl380, apache2-hosts, postgres83-hosts, ulogd-hosts, nfs-server, lenny, puppet
- peri:
- address: 192.25.206.15
- parents: samosa
- hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet
- contacts: dannf
- penalosa:
- address: 192.25.206.68
- parents: samosa
- hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet
- contacts: dannf
- mundy:
- address: 192.25.206.62
- parents: samosa
- hostgroups: computers, buildd, lenny, puppet
- paer:
- address: 192.25.206.11
- parents: samosa
- hostgroups: computers, porterbox, lenny, hasbootfs, puppet
- merulo:
- address: 192.25.206.58
- parents: samosa
- hostgroups: computers, porterbox, lenny, puppet
-
- bartok:
- address: 82.195.75.91
- parents: gw-man-da
- hostgroups: computers, service, dl385, bind9-hosts, lenny, puppet
- contacts: joerg, bzed
- morales:
- address: 82.195.75.97
- parents: gw-man-da
- hostgroups: computers, porterbox, single-cpu, no-samhain, hasbootfs
- contacts: bzed
- sperger:
- address: 82.195.75.98
- parents: gw-man-da
- hostgroups: computers, porterbox, sw-raid, hasbootfs, lenny, puppet
- contacts: bzed
- agricola:
- address: 82.195.75.86
- parents: gw-man-da
- hostgroups: computers, porterbox, sw-raid, single-cpu, lenny, puppet
- contacts: bzed
- arcadelt:
- address: 82.195.75.87
- parents: gw-man-da
- hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet
- contacts: bzed
- liszt:
- address: 82.195.75.100
- parents: gw-man-da
- hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts, dl385, acpid-hosts
- contacts: bzed
-# auber:
-# address: 82.195.75.101
-# parents: gw-man-da
-# hostgroups: computers, no-udev, buildd, sw-raid
-# contacts: bzed
- unger:
- address: 82.195.75.102
- parents: gw-man-da
- hostgroups: computers, service, dl360, rsyslog-hosts, acpid-hosts, lenny, puppet
- handel:
- address: 82.195.75.104
- parents: unger
- hostgroups: computers, service, rsyslog-hosts, acpid-hosts, lenny, hasbootfs, puppet
-
- geo1:
- address: 82.195.75.105
- parents: unger
- hostgroups: computers, service, acpid-hosts, lenny, hasbootfs, puppet
-
- master:
- address: 70.103.162.29
- parents: gw-brainfood
- hostgroups: computers, general, apache2-hosts, bind9-hosts, heavy-exim, highload, lenny, puppet
- murphy:
- address: 70.103.162.31
- parents: gw-brainfood
- hostgroups: computers, general, postfix-hosts, dl380, acpid-hosts, lenny, puppet
-
- ries:
- address: 128.148.34.103
- parents: gw-brown.edu
- hostgroups: computers, service, apache2-hosts, bind9-hosts, ftpd-hosts, dl385, rsyncd-hosts, postgres83-hosts, heavy-exim, acpid-hosts, lenny, puppet
-
- mayer:
- address: 140.211.166.78
- parents: gw-osuosl
- hostgroups: computers, buildd, hasbootfs, lenny, puppet
- mayr:
- address: 140.211.166.58
- parents: gw-osuosl
- hostgroups: computers, buildd, hasbootfs, lenny, puppet
- malo:
- address: 140.211.166.27
- parents: gw-osuosl
- hostgroups: computers, buildd, lenny, puppet, smart
- rietz:
- address: 140.211.166.43
- parents: gw-osuosl
- hostgroups: computers, no-udev, service, apache2-hosts, bind9-hosts, rsyncd-hosts, dl385, heavy-exim, highload, hasbootfs
- rietz2:
- address: 140.211.166.44
- parents: rietz
- hostgroups: secondary-IPs
-
- villa:
- address: 212.211.132.32
- parents: gw-scanplus-villa
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet
- lobos:
- address: 212.211.132.250
- parents: gw-scanplus-lobos
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet
-
- steffani:
- address: 128.31.0.36
- parents: gw-mit-csail
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, sw-raid, bind9-hosts, acpid-hosts, hasbootfs, lenny, puppet
- mahler:
- address: 128.31.0.46
- parents: gw-mit-csail
- hostgroups: computers, single-cpu, lenny, porterbox, rsyslog-hosts, puppet
-
- klecker:
- address: 194.109.137.218
- parents: gw-xs4all
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, bind9-hosts, dl385, postgres83-hosts, heavy-exim, lenny, puppet
-
- saens:
- address: 128.101.240.212
- parents: gw-umn.edu
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl380, lenny, puppet
-
- argento:
- address: 93.94.130.160
- parents: gw-dg-i.net
- hostgroups: computers, buildd, sw-raid, single-cpu, lenny, puppet
- contacts: bzed
-
- widor:
- address: 93.94.130.161
- parents: gw-dg-i.net
- hostgroups: computers, apache2-hosts, sw-raid, single-cpu, lenny, puppet, rsyslog-hosts, acpid-hosts
- contacts: bzed
-
- pergolesi:
- address: 62.104.23.252
- parents: gw-freenet
- hostgroups: computers, porterbox, sw-raid, lenny, puppet
-
- raptor:
- address: 195.243.109.162
- parents: gw-topalis
- hostgroups: computers, porterbox, postfix-hosts, lenny
-
- albeniz:
- address: 193.62.202.27
- parents: gw-sanger
- # SMP kernel doesn't run stable
- hostgroups: computers, porterbox, sw-raid, single-cpu, hasbootfs, lenny, puppet
- contacts: tjrc1
- goetz:
- address: 193.62.202.26
- parents: gw-sanger
- # SMP kernel doesn't run stable
- hostgroups: computers, buildd, sw-raid, single-cpu, hasbootfs, lenny, puppet
- contacts: tjrc1
- smetana:
- address: 193.62.202.29
- parents: gw-sanger
- hostgroups: computers, porterbox, sw-raid, lenny, puppet
- contacts: tjrc1
-
- verdi:
- address: 192.54.42.193
- parents: gw-lrz
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, postgres81-hosts, postfix-hosts
-
- voltaire:
- address: 72.66.115.54
- parents: gw-frost
- hostgroups: computers, buildd, puppet, lenny
- contacts: sfrost
-
- puccini:
- address: 87.106.4.56
- parents: gw-1und1
- hostgroups: computers, buildd, lenny, rsyslog-hosts, ulogd-hosts, puppet
- contacts: joerg
- powell:
- address: 87.106.64.223
- parents: gw-1und1
- hostgroups: computers, service, heavy-exim, rsyncd-hosts, ulogd-hosts, acpid-hosts, lenny, puppet
- contacts: joerg
-
- schumann:
- address: 212.227.126.54
- parents: gw-1und1-karlsruhe
- hostgroups: computers, acpid-hosts, ulogd-hosts, lenny, puppet
- wieck:
- address: 195.20.242.89
- parents: gw-1und1-karlsruhe
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, ulogd-hosts, lenny, puppet
- chopin:
- address: 195.20.242.124
- parents: schumann
- hostgroups: computers, ulogd-hosts, lenny, puppet, rsyslog-hosts
-
- caballero:
- address: 193.201.200.200
- parents: gw-blackcat
- hostgroups: computers, no-udev, buildd, sw-raid, lenny, puppet
-
- elara:
- address: 67.210.160.90
- parents: gw-xandros
- hostgroups: deadslow
- europa:
- address: 67.210.160.89
- parents: gw-xandros
- hostgroups: deadslow
-
- kullervo:
- address: 217.114.76.82
- parents: gw-nmmn
- hostgroups: deadslow
- contacts: luk
- crest:
- address: 217.114.76.83
- parents: gw-nmmn
- hostgroups: deadslow
- contacts: luk
- pescetti:
- address: 217.114.76.85
- parents: gw-nmmn
- hostgroups: computers, porterbox, single-cpu, smart, lenny, puppet
-
- kassia:
- address: 130.89.149.224
- parents: gw-utwente
- hostgroups: computers, service, postfix-hosts, apache2-hosts, ftpd-hosts, rsyncd-hosts, dl360, acpid-hosts, ulogd-hosts, lenny, puppet
- kassia-sec:
- address: 130.89.149.225
- parents: kassia
- hostgroups: secondary-IPs
- kassia-ftp:
- address: 130.89.149.226
- parents: kassia
- hostgroups: secondary-IPs
- kassia4:
- address: 130.89.149.227
- parents: kassia
- hostgroups: secondary-IPs
-
- allegri:
- address: 157.193.39.233
- parents: gw-HP-ftc
- hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu, lenny, puppet
- contacts: luk
-
- agnesi:
- address: 65.173.90.83
- parents: gw-agnesi
- hostgroups: deadslow, lenny
-
- spontini:
- address: 137.82.84.65
- parents: gw-ubc
- hostgroups: computers, buildd, hasbootfs, lenny, puppet
- contacts: lfilipoz
- ravel:
- address: 137.82.84.66
- parents: gw-ubc
- hostgroups: computers, general, dl385, apache2-hosts, acpid-hosts, ftpd-hosts, hasbootfs, lenny, puppet
- dijkstra:
- address: 137.82.84.70
- parents: gw-ubc
- hostgroups: computers, bl460, rsyslog-hosts, acpid-hosts, lenny, puppet
-
- lebrun:
- address: 193.198.184.10
- parents: gw-carnet
- hostgroups: computers, buildd, sw-raid, lenny, rsyslog-hosts, puppet
- schroeder:
- address: 193.198.184.11
- parents: gw-carnet
- hostgroups: computers, buildd, sw-raid, hasbootfs, lenny, puppet
-
- tartini:
- address: 82.94.249.158
- parents: gw-telegraaf
- hostgroups: computers, sw-raid, apache2-hosts, mysql-hosts, hasbootfs
-
- piatti:
- address: 193.167.161.225
- parents: gw-helsinki
- hostgroups: computers, postfix-hosts, dl385, ulogd-hosts, acpid-hosts, apache2-hosts, postgres83-hosts, lenny, hasbootfs, puppet
- contacts: holger
-
- rem:
- address: 195.71.99.217
- parents: gw-telefonica
- hostgroups: computers, buildd, hasbootfs, lenny, puppet
-
- ball:
- address: 78.32.9.213
- parents: gw-ball
- hostgroups: computers, buildd, no-udev, dialup, hasbootfs, lenny, puppet
-
- zelenka:
- address: 80.245.147.40
- parents: gw-HP-ftc
- hostgroups: computers, porterbox, lenny, puppet
-
- escher:
- address: 213.188.99.215
- parents: gw-cst
- hostgroups: computers, single-cpu, hasbootfs
- goedel:
- address: 213.188.99.214
- parents: gw-cst
- hostgroups: computers, single-cpu, hasbootfs, lenny, puppet
-
- schein:
- address: 149.20.20.6
- parents: gw-isc
- hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, acpid-hosts, lenny, rsyslog-hosts, puppet, dl360
-
- praetorius:
- address: 130.239.18.121
- parents: gw-aca
- hostgroups: computers, buildd, rsyslog-hosts, lenny, puppet
-
-#############################
-# host groups
-#
-# hostgroups ircd and all are automatically defined
-#
-#############################
-hostgroups:
- computers:
- alias: computers
- private: 1
- routing-infrastructure:
- alias: Internet routers and friends
- extinfo-icon_image: base/switch40.png
- extinfo-icon_image_alt: router
- notacomputer:
- alias: Systems that are not really systems. Yeah :)
- private: 1
- deadslow:
- alias: Systems too slow to run any real checks
- dialup:
- alias: Systems with slow network
-
- porterbox:
- alias: developer accessible porter machines
- extinfo-icon_image: base/debian.png
- extinfo-icon_image_alt: Debian GNU/Linux
- extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
- service:
- alias: machines running services
- extinfo-icon_image: base/debian.png
- extinfo-icon_image_alt: Debian GNU/Linux
- extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
- buildd:
- alias: buildd systems
- extinfo-icon_image: base/debian.png
- extinfo-icon_image_alt: Debian GNU/Linux
- extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
- general:
- alias: general purpose developer accessible machines
- extinfo-icon_image: base/debian.png
- extinfo-icon_image_alt: Debian GNU/Linux
- extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
- puppet:
- alias: Hosts running puppet
- extinfo-icon_image: base/debian.png
- extinfo-icon_image_alt: Debian GNU/Linux
- extinfo-notes_url: http://db.debian.org/machines.cgi?host=%s
-
- dl380:
- alias: HP DL380 hosts
- private: 1
- dl385:
- alias: HP DL385 hosts
- private: 1
- dl360:
- alias: HP DL360 hosts
- private: 1
- bl460:
- alias: HP BL460 blades
- private: 1
- sw-raid:
- alias: Hosts with Linux software raid
- private: 1
- single-cpu:
- alias: Hosts with only one CPU
- private: 1
-
- lenny:
- alias: Hosts running lenny, not etch
- private: 1
-
- no-samhain:
- alias: hosts not running samhain properly
- private: 1
-
- #syslog-ng-hosts:
- # alias: hosts running syslog-ng instead of sysklogd
- # private: 1
- rsyslog-hosts:
- alias: hosts running rsyslogd instead of sysklogd
- private: 1
- postfix-hosts:
- alias: hosts running postfix instead of exim
- private: 1
- heavy-exim:
- alias: "hosts running the full mail stuff, including clamav, SA, and postgrey"
- private: 1
- heavy-postfix:
- alias: "postfix hosts running the full mail stuff, including clamav, SA, postgrey, policyd-weight"
- private: 1
- apache2-hosts:
- alias: hosts running apache2
- private: 1
- apache1-hosts:
- alias: hosts running apache1
- private: 1
- bind9-hosts:
- alias: hosts running bind9
- private: 1
- amavis-hosts:
- alias: hosts running amavis
- private: 1
- ftpd-hosts:
- alias: hosts running vsftpd
- private: 1
- #tftpd-hosts:
- # alias: hosts running a tftpd (tftpd-hpa as a daemon)
- # private: 1
- rsyncd-hosts:
- alias: hosts providing rsync services via xinetd
- private: 1
- postgres81-hosts:
- alias: hosts running postgres81
- private: 1
- postgres83-hosts:
- alias: hosts running postgres83
- private: 1
- mysql-hosts:
- alias: hosts running mysql
- private: 1
- no-udev:
- alias: hosts not using udev
- private: 1
- ulogd-hosts:
- alias: hosts running ulogd
- private: 1
- acpid-hosts:
- alias: hosts running acpid
- private: 1
-
- nfs-client:
- alias: hosts mounting filesystems using NFS
- private: 1
- nfs-server:
- alias: hosts serving filesystems using NFS
- private: 1
-
- highload:
- alias: "hosts on which high load is normal"
- private: 1
-
- secondary-IPs:
- alias: secondary IP addresses
- private: 1
-
- smart:
- alias: hosts with smartd
- private: 1
- hasbootfs:
- alias: hosts with a /boot
- private: 1
-
-
-#############################
-# servicegroups
-#############################
-servicegroups:
- diskspace:
- alias: diskusage checks
- buildd:
- alias: buildd checks
- raid:
- alias: raid checks
- kernel:
- alias: kernel checks
- weaksshkeys:
- alias: weak ssh keys
- apt:
- alias: apt upgrade status
- samhain:
- alias: samhain integrity status
- security:
- alias: security
- servicegroup_members: apt, weaksshkeys, kernel, samhain
-
-#############################
-# services
-#############################
-services:
- -
- name: PING
- check: "check_ping!300.0,20%!600.0,40%"
- hostgroups: pingable
- excludehostgroups: routing-infrastructure, dialup
- normal_check_interval: 5
- max_check_attempts: 4
- retry_check_interval: 1
- -
- name: PING
- check: "check_ping!2000.0,60%!3000.0,80%"
- hostgroups: routing-infrastructure, dialup
- normal_check_interval: 5
- max_check_attempts: 4
- retry_check_interval: 1
-
- ############ Services ############
- ###
-
- ############ Disk Usage ############
- ####
- -
- name: disk usage - all
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk -X devpts -X proc 90 95"
- hostgroups: computers
- -
- name: disk usage on /
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /"
- hostgroups: computers
- excludehosts: ries, klecker
- -
- name: disk usage on /
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /"
- hosts: ries, klecker
- -
- name: disk usage on /boot
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /boot"
- hostgroups: hasbootfs
- -
- name: disk usage on /var
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var"
- hosts: bartok, samosa, raff, lobos, villa, gluck, saens, voltaire, tartini, morales, powell, escher
- -
- name: disk usage on /org
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org"
- hosts: sperger, samosa, raff, lobos, villa, steffani, saens, pergolesi, verdi, spontini, ravel, mahler, schroeder, piatti, pescetti, widor, schein, lebrun
- -
- name: disk usage on /org
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /org"
- hosts: merkel, bartok
- -
- name: disk usage on /srv
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /srv"
- hosts: agricola, arcadelt, argento, allegri, tartini, morales, powell, puccini, zelenka, chopin
- -
- name: disk usage on /org/scratch
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org/scratch"
- hosts: merkel
- -
- name: disk usage on /tmp
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 60 80 /tmp"
- hosts: samosa, raff, gluck, saens, puccini, merkel, tartini, powell, piatti, escher
- -
- name: disk usage on /usr
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /usr"
- hosts: samosa, raff, lobos, villa, gluck, saens, pergolesi, merulo, tartini, morales, powell
- -
- name: disk usage on /home
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home"
- hosts: raptor, voltaire, rem, ball, paer, escher
- -
- name: disk usage on /home
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /home"
- hosts: gluck
- -
- name: disk usage on /chroot
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /chroot"
- hosts: raptor
- -
- name: disk usage on /mnt/hdc
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/hdc"
- hosts: voltaire
- -
- name: disk usage on /mnt/sdb1
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /mnt/sdb1"
- hosts: spontini
- -
- name: disk usage on /x
- servicegroups: diskspace
- nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /x"
- hosts: caballero
-
- ############ All Computers ############
- ####
- -
- name: apt - security updates
- servicegroups: apt
- nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/apt"
- hostgroups: computers
- normal_check_interval: 60
- retry_check_interval: 15
- ####
- -
- name: backup
- nrpe: "sudo /usr/lib/nagios/plugins/dsa-check-dabackup"
- hostgroups: computers
- normal_check_interval: 180
- max_check_attempts: 2
- retry_check_interval: 5
- -
- name: backup server config
- nrpe: "/usr/lib/nagios/plugins/dsa-check-dabackup-server"
- hosts: bartok
- normal_check_interval: 180
- max_check_attempts: 2
- retry_check_interval: 5
-
- ####
- -
- name: running kernel
- servicegroups: kernel
- nrpe: "/usr/lib/nagios/plugins/dsa-check-running-kernel"
- hostgroups: computers
- normal_check_interval: 180
- retry_check_interval: 5
-
- ####
- -
- name: process - puppet
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C ruby -a 'ruby /usr/sbin/puppetd -w 5 --factsync'"
- hostgroups: puppet
-
- -
- name: puppet
- nrpe: "/usr/lib/nagios/plugins/dsa-check-puppet"
- hostgroups: puppet
-
- ####
- -
- name: process - samhain
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C samhain -a '/usr/sbin/samhain'"
- hostgroups: computers
- excludehostgroups: no-samhain
- -
- name: samhain
- servicegroups: samhain
- nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/samhain"
- hostgroups: computers
- excludehostgroups: no-samhain
- depends: process - samhain
- normal_check_interval: 60
- retry_check_interval: 5
-
- ####
- -
- name: users
- nrpe: "/usr/lib/nagios/plugins/check_users 30 35"
- hostgroups: computers
- ####
- -
- name: load
- nrpe: "/usr/lib/nagios/plugins/check_load -w 30,28,26 -c 50,45,50"
- hostgroups: computers
- excludehostgroups: highload
- -
- name: load
- nrpe: "/usr/lib/nagios/plugins/check_load -w 140,120,100 -c 240,220,200"
- hostgroups: highload
- excludehosts: rietz
- -
- name: load
- nrpe: "/usr/lib/nagios/plugins/check_load -w 200,200,200 -c 350,350,350"
- hosts: rietz
- ####
- -
- name: processes - zombies
- nrpe: "/usr/lib/nagios/plugins/check_procs 5 10 -s Z"
- hostgroups: computers
- ####
- -
- name: processes - total
- nrpe: "/usr/lib/nagios/plugins/check_procs 620 700"
- hostgroups: computers
- ####
- -
- name: swap usage - percent
- nrpe: "/usr/lib/nagios/plugins/check_swap -w 20% -c 10%"
- hostgroups: computers
- ####
- -
- name: swap usage - mb
- nrpe: "/usr/lib/nagios/plugins/check_swap -w 20000 -c 5000"
- hostgroups: computers
- ####
- -
- name: process - getty
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C getty -a /sbin/getty"
- hostgroups: computers
- excludehosts: zelenka
- ####
- -
- name: process - sshd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1: -u root -C sshd -a '/usr/sbin/sshd'"
- hostgroups: computers
- -
- name: "network service - sshd"
- check: dsa_check_ssh
- hostgroups: computers
- depends: process - sshd
- normal_check_interval: 60
- notification_interval: 1440
-
- -
- name: "network service - sshd"
- check: dsa_check_ssh
- hostgroups: deadslow
- excludehosts: agnesi
- normal_check_interval: 180
- -
- name: "network service - sshd - 2260"
- check: dsa_check_ssh_port!2260
- hosts: agnesi
- normal_check_interval: 180
- -
- name: "network service - sshd - 443"
- check: dsa_check_ssh_port!443
- hosts: gluck
- normal_check_interval: 180
-
- -
- name: "network service - sshd - version"
- check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch3"
- depends: network service - sshd
- hostgroups: computers, deadslow
- excludehosts: crest, kullervo
- excludehostgroups: lenny
- normal_check_interval: 60
- -
- name: "network service - sshd - version"
- check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch2+m68k1"
- depends: network service - sshd
- hosts: crest, kullervo
- normal_check_interval: 60
- -
- name: "network service - sshd - version"
- check: "dsa_check_ssh_port_version!22!OpenSSH_5.1p1 Debian-5"
- depends: network service - sshd
- hostgroups: lenny
- excludehosts: agnesi
- normal_check_interval: 60
- -
- name: "network service - sshd - version - 2260"
- check: "dsa_check_ssh_port_version!2260!OpenSSH_5.1p1 Debian-5"
- depends: network service - sshd - 2260
- hosts: agnesi
- normal_check_interval: 60
- #
- -
- name: ssh - weak keys
- servicegroups: weaksshkeys
- nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/weak-ssh-keys"
- hostgroups: computers
- normal_check_interval: 60
- ####
- -
- name: network service - nrpe
- check: check_tcp!5666
- hostgroups: computers
- max_check_attempts: -2
- notification_interval: 1440
- -
- name: process - nrpe
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u nagios -C nrpe -a '/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d'"
- hostgroups: computers
- max_check_attempts: -1
- depends: network service - nrpe
- ###
- -
- name: process - munin-node
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C munin-node -a '/usr/sbin/munin-node'"
- hostgroups: computers
- -
- name: network service - munin-node
- check: check_tcp!4949
- hostgroups: computers
- depends: process - munin-node
- ###
- -
- name: process - ntpd
- # sarge: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
- # etch: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u ntp -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -C ntpd -a '/usr/sbin/ntpd -p /var/run/ntpd.pid'"
- hostgroups: computers
- excludehosts: raptor, zelenka
- -
- name: network service - ntp
- check: check_ntp
- hostgroups: computers
- depends: process - ntpd
- excludehosts: raptor, allegri, zelenka
- #
- -
- name: network service - time
- check: dsa_check_time
- hosts: raptor, allegri, zelenka
- depends: process - xinetd
-
- ###
- -
- name: process - atd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C atd -a /usr/sbin/atd"
- hostgroups: computers
- ###
- -
- name: process - cron
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C cron -a /usr/sbin/cron"
- hostgroups: computers
-
- ###
- # -
- # name: process - syslog-ng
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslog-ng -a '/sbin/syslog-ng -p /var/run/syslog-ng.pid'"
- # hostgroups: syslog-ng-hosts
- ###
- -
- name: process - rsyslogd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rsyslogd -a '/usr/sbin/rsyslogd -c3'"
- hostgroups: rsyslog-hosts
- ###
- -
- name: process - syslogd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslogd -a '/sbin/syslogd'"
- hostgroups: computers
- excludehostgroups: rsyslog-hosts
- -
- name: process - klogd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C klogd -a '/sbin/klogd -x'"
- hostgroups: computers
- excludehostgroups: rsyslog-hosts
-
- ### MAIL STUFF
- ###
- -
- name: process - exim
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u Debian-exim -C exim4 -a '/usr/sbin/exim4 -bd -q'"
- hostgroups: computers
- excludehostgroups: postfix-hosts
- excludehosts: master, rietz, merkel, gluck
- -
- name: process - exim - total
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1: -C exim4"
- hostgroups: computers
- excludehostgroups: postfix-hosts
- excludehosts: master, rietz, merkel, gluck
- -
- name: process - exim
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:300 -c 1:500 -C exim4 -a '/usr/sbin/exim4'"
- hosts: master, rietz, merkel, gluck
- ###
- -
- name: process - clamav - clamd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u clamav -C clamd -a '/usr/sbin/clamd'"
- hostgroups: heavy-exim, heavy-postfix
- -
- name: service - clamav
- nrpe: "/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl"
- hostgroups: heavy-exim, heavy-postfix
- depends: process - clamav - clamd
- -
- name: process - clamav - freshclam
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --quiet'"
- hostgroups: heavy-exim, heavy-postfix
- -
- name: process - clamav - getsigs
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C getclamsigs -a 'getclamsigs'"
- hostgroups: heavy-exim, heavy-postfix
- #
- -
- name: unwanted process - clamav
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C clamd"
- hostgroups: computers
- excludehostgroups: heavy-exim, heavy-postfix
- -
- name: unwanted process - freshclam
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C freshclam"
- hostgroups: computers
- excludehostgroups: heavy-exim, heavy-postfix
- -
- name: unwanted process - clamav - getsigs
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C getclamsigs"
- hostgroups: computers
- excludehostgroups: heavy-exim, heavy-postfix
- ###
- -
- name: process - spamd - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid'"
- hostgroups: heavy-exim
- excludehosts: rietz, merkel, raff
- -
- name: process - spamd - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C spamd -a '/usr/sbin/spamd --create-prefs --max-children 10 --helper-home-dir -d --pidfile=/var/run/spamd.pid'"
- hosts: liszt
- -
- name: process - spamd - child
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:11 -c 1: -C spamd -a 'spamd child'"
- hosts: liszt
- hostgroups: heavy-exim
- depends: process - spamd - master
- excludehosts: rietz, merkel, raff
- #
- -
- name: process - spamd - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u debbugs -C spamd -a '/usr/sbin/spamd -d '"
- hosts: rietz
- -
- name: process - spamd - child
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:6 -c 1: -u debbugs -C spamd -a 'spamd child'"
- hosts: rietz
- #
- -
- name: unwanted process - spamd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd"
- hostgroups: computers
- excludehostgroups: heavy-exim
- excludehosts: liszt
- -
- name: unwanted process - spamd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C spamd"
- hosts: merkel, raff
-
- ###
- #-
- # name: process - greylistd
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u greylist -C greylistd -a '/usr/bin/python /usr/sbin/greylistd'"
- # hostgroups: heavy-exim
- #
- -
- name: unwanted process - greylistd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C greylistd"
- hostgroups: computers
-
- ###
- -
- name: process - postgrey
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --unix=/var/run/postgrey/socket --retry-window=4 --auto-whitelist-clients=10 --exim'"
- hostgroups: heavy-exim
- -
- name: process - postgrey
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgrey -C postgrey -a '/usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000'"
- hostgroups: heavy-postfix
- #
- -
- name: unwanted process - postgrey
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C postgrey"
- hostgroups: computers
- excludehostgroups: heavy-postfix, heavy-exim
- ###
- -
- name: process - amavis - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u amavis -C amavisd-new -a 'amavisd (master)'"
- hostgroups: amavis-hosts
- -
- name: process - amavis - all
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1:10 -u amavis -C amavisd-new -a 'amavisd '"
- hostgroups: amavis-hosts
- depends: process - amavis - master
- #
- -
- name: unwanted process - amavis
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C amavisd-new"
- hostgroups: computers
- excludehostgroups: amavis-hosts
- ###
- -
- name: process - weightd - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (master)'"
- hostgroups: heavy-postfix
- -
- name: process - weightd - cache
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u polw -C policyd-weight -a 'policyd-weight (cache)'"
- hostgroups: heavy-postfix
- depends: process - weightd - master
- -
- name: process - weightd - child
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:50 -c 1: -u polw -C policyd-weight -a 'policyd-weight (child)'"
- hostgroups: heavy-postfix
- depends: process - weightd - master
- #
- -
- name: unwanted process - policyd-weight
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C policyd-weight"
- hostgroups: computers
- excludehostgroups: heavy-postfix
-
-
-
- ###
- -
- name: process - postfix - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C master -a '/usr/lib/postfix/master'"
- hostgroups: postfix-hosts
- -
- name: process - postfix - qmgr
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C qmgr -a 'qmgr -l -t fifo -u'"
- hostgroups: postfix-hosts
- depends: process - postfix - master
- #-
- # name: process - postfix - tlsmgr
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C tlsmgr -a 'tlsmgr -l -t fifo -u'"
- # hostgroups: postfix-hosts
- # depends: process - postfix - master
- -
- name: process - postfix - pickup
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postfix -C pickup -a 'pickup -l -t fifo -u -c'"
- hostgroups: postfix-hosts
- depends: process - postfix - master
- -
- name: process - postfix - anvil
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:1 -c 0: -u postfix -C anvil -a 'anvil -l -t unix -u'"
- hostgroups: postfix-hosts
- depends: process - postfix - master
-
- -
- name: process - postfix - trivial-rewrite
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C trivial-rewrite -a 'trivial-rewrite -n rewrite -t unix -u -c'"
- hostgroups: postfix-hosts
- depends: process - postfix - master
- -
- name: process - postfix - proxymap
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C proxymap -a 'proxymap -t unix -u'"
- hostgroups: postfix-hosts
- depends: process - postfix - master
- -
- name: process - postfix - cleanup
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C cleanup -a 'cleanup -z -t unix -u -c'"
- hostgroups: postfix-hosts
- depends: process - postfix - master
- -
- name: process - postfix - local
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:30 -c 0:50 -u postfix -C local -a 'local -t unix'"
- hostgroups: postfix-hosts
- depends: process - postfix - master
-
- -
- name: process - postfix - smtpd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:40 -c 0:90 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'"
- hostgroups: postfix-hosts
- excludehosts: liszt
- depends: process - postfix - master
- -
- name: process - postfix - smtp
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:10 -c 0:15 -u postfix -C smtp -a 'smtp -t unix -u -c'"
- hostgroups: postfix-hosts
- excludehosts: liszt
- depends: process - postfix - master
-
- -
- name: process - postfix - smtpd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:150 -c 0:200 -u postfix -C smtpd -a 'smtpd -n smtp -t inet -u -c'"
- hosts: liszt
- depends: process - postfix - master
- -
- name: process - postfix - smtp
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:350 -c 0:500 -u postfix -C smtp -a 'smtp -t unix -u -c'"
- hosts: liszt
- depends: process - postfix - master
-
- ###
- -
- name: network service - smtp
- check: dsa_check_smtp
- hostgroups: computers
- excludehostgroups: postfix-hosts
- depends: process - exim
-
- -
- name: network service - smtp
- check: dsa_check_smtp
- hostgroups: postfix-hosts
- excludehosts: verdi, kassia, allegri, raptor, piatti
- depends: process - postfix - master
- -
- name: network service - smtp - port 2025
- check: dsa_check_smtp_port!2025
- hosts: verdi, kassia, murphy, allegri, piatti
- depends: process - postfix - master
- -
- name: network service - smtp - port 8080
- check: dsa_check_smtp_port!8080
- hosts: murphy
- depends: process - postfix - master
- -
- name: network service - smtp - port 2025
- remotecheck: /usr/lib/nagios/plugins/check_smtp -t 40 -H $HOSTADDRESS$ -p 2025
- runfrom: murphy
- hosts: raptor
- depends: process - postfix - master
-
- -
- name: network service local - smtps cert
- nrpe: "/usr/lib/nagios/plugins/check_http -H localhost -p 465 -S -C 14 -t 45"
- hostgroups: postfix-hosts
- depends: process - postfix - master
- normal_check_interval: 120
-
-
- -
- name: setup - dsa config
- nrpe: "/usr/lib/nagios/plugins/dsa-check-config"
- hostgroups: computers
- normal_check_interval: 120
- -
- name: setup - ud-ldap freshness
- nrpe: "/usr/lib/nagios/plugins/dsa-check-udldap-freshness"
- hostgroups: computers
- ###
- -
- name: process - uptimed
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C uptimed -a '/usr/sbin/uptimed'"
- hostgroups: computers
- ###
- -
- name: process - irqbalance
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C irqbalance -a '/usr/sbin/irqbalance'"
- hostgroups: computers
- excludehostgroups: single-cpu
- -
- name: unwanted process - irqbalance
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C irqbalance"
- hostgroups: single-cpu
-
- ####
- ###
- #-
- # name: unwanted process - system-tools-backends
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C system-tools-ba"
- # hostgroups: computers
- #-
- # name: unwanted process - dbus-daemon
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C dbus-daemon"
- # hostgroups: computers
- -
- name: unwanted process - gkrellmd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C gkrellmd"
- hostgroups: computers
- -
- name: unwanted process - portmap
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C portmap"
- hostgroups: computers
- excludehostgroups: nfs-client, nfs-server
- -
- name: unwanted process - rpc.statd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C rpc.statd"
- hostgroups: computers
- excludehostgroups: nfs-client, nfs-server
- -
- name: unwanted process - inetd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C inetd"
- hostgroups: computers
- -
- name: unwanted process - snmpd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C snmpd"
- hostgroups: computers
-
-
- ############ Processes/Services that only run on some computers ############
- ####
- ###
- -
- name: process - rngd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rngd -a '/usr/sbin/rngd -r /dev/hwrng'"
- hostgroups: dl385
- ###
- -
- name: process - mdadm monitor
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C mdadm -a '/sbin/mdadm --monitor --pid-file /var/run/mdadm/monitor.pid --daemonise --scan'"
- hostgroups: sw-raid
- -
- name: RAID - sw raid
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-sw"
- hostgroups: sw-raid
-
- ###
- -
- name: process - cpqarrayd
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C cpqarrayd -a '/usr/sbin/cpqarrayd'"
- hostgroups: dl385, dl380, dl360, bl460
- -
- name: RAID - arrayprobe
- servicegroups: raid
- nrpe: "sudo /usr/bin/arrayprobe"
- hostgroups: dl385, dl380, dl360, bl460
- -
- name: HW - hpacucli status
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/dsa-check-hpacucli"
- normal_check_interval: 120
- hostgroups: dl385, dl380, dl360, bl460
- ###
- -
- name: RAID - areca
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-areca"
- hosts: powell
- ###
- -
- name: RAID - DAC960
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-dac960"
- hosts: verdi
- ###
- -
- name: RAID - 3ware
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-3ware"
- hosts: puccini
- ###
- -
- name: RAID - MPT
- servicegroups: raid
- nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-mpt"
- hosts: master
-
- ###
- -
- name: process - slapd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1:50 -u openldap -C slapd -a '/usr/sbin/slapd -h ldap:/// ldaps:/// -g openldap -u openldap'"
- hosts: samosa
- ###
- -
- name: process - ulogd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C ulogd -a '/usr/sbin/ulogd -d'"
- hostgroups: ulogd-hosts
- -
- name: unexpected process - ulogd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C ulogd"
- hostgroups: computers
- excludehostgroups: ulogd-hosts
- ###
- -
- name: process - udevd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C udevd -a 'udevd'"
- hostgroups: computers
- excludehostgroups: no-udev
- -
- name: unexpected process - udev
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C udevd"
- hostgroups: no-udev
- ###
- -
- name: process - acpid
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C acpid -a '/usr/sbin/acpid'"
- hostgroups: acpid-hosts
- -
- name: unexpected process - acpid
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C acpid"
- hostgroups: computers
- excludehostgroups: acpid-hosts
-
- ###
- -
- name: process - xinetd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xinetd -a '/usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive'"
- hosts: samosa, raptor, allegri, gluck, zelenka
- hostgroups: rsyncd-hosts
- -
- name: unwanted process - xinetd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C xinetd"
- hostgroups: computers
- excludehosts: samosa, raptor, allegri, gluck, zelenka
- excludehostgroups: rsyncd-hosts
- ###
- -
- name: network service - finger
- check: check_tcp!79
- hosts: samosa
- depends: process - xinetd
- ###
- -
- name: network service - rsync
- check: check_tcp!873
- hostgroups: rsyncd-hosts
- depends: process - xinetd
-
- -
- name: network service - rsync
- check: check_tcp!873
- hosts: rietz2
- depends: rietz:process - xinetd
-
- -
- name: network service - rsync
- check: check_tcp!873
- hosts: kassia-sec
- depends: kassia:process - xinetd
-
- ###
- -
- name: process - nagios3
- # there is always one extra process per check currently running..
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:30 -c 1: -u nagios -C nagios3 -a '/usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg'"
- hosts: samosa
-
- ###
- -
- name: process - apache2 - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache2 -a /usr/sbin/apache2"
- hostgroups: apache2-hosts
- -
- name: process - apache2 - worker
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:50 -c 1:100 -u www-data -C apache2 -a /usr/sbin/apache2"
- hostgroups: apache2-hosts
- depends: process - apache2 - master
- -
- name: network service - http
- check: check_http
- hostgroups: apache2-hosts
- excludehosts: kassia
- depends: process - apache2 - master
- -
- name: network service - http
- check: check_http
- depends: kassia:process - apache2 - master
- hosts: kassia-sec, kassia-ftp
-
-
- -
- name: process - apache - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C apache -a /usr/sbin/apache"
- hostgroups: apache1-hosts
- -
- name: process - apache - worker
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:75 -c 1:150 -u www-data -C apache -a /usr/sbin/apache"
- hostgroups: apache1-hosts
- depends: process - apache - master
- -
- name: network service - http
- check: check_http
- hostgroups: apache1-hosts
- depends: process - apache - master
-
- -
- name: network service - http keyserver
- check: dsa_check_http_port!11371
- hosts: raff
- depends: process - apache2 - master
-
- -
- name: network service - https
- check: check_https
- hosts: samosa, ries, klecker
- depends: "process - apache2 - master"
- normal_check_interval: 120
- -
- name: network service - https cert
- check: dsa_check_cert!443
- hosts: samosa, ries, klecker
- depends: network service - https
- normal_check_interval: 60
- ####
- -
- name: process - named
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:15 -c 1: -u bind -C named -a '/usr/sbin/named -u bind'"
- hostgroups: bind9-hosts
- -
- name: network service - dns
- check: check_dns
- hostgroups: bind9-hosts
- depends: process - named
- -
- name: unwanted process - named
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C named"
- hostgroups: computers
- excludehostgroups: bind9-hosts
-
- ####
- -
- name: process - vsftp - listener
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C vsftpd -a 'vsftpd: LISTENER'"
- hostgroups: ftpd-hosts
- excludehosts: kassia
- -
- name: process - vsftp - instance
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:80 -c 0:100 -u ftp -C vsftpd -a 'vsftpd: '"
- hostgroups: ftpd-hosts
- excludehosts: kassia
- -
- name: network service - ftp
- check: check_ftp
- hostgroups: ftpd-hosts
- excludehosts: kassia
- depends: process - vsftp - listener
- -
- name: network service - ftp
- check: check_ftp
- hosts: kassia-sec, kassia-ftp
- depends: kassia:process - xinetd
-
- ####
- -
- name: process - debianqueued
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u dak -C debianqueued"
- hosts: ries, ravel, klecker
-
- ###
- -
- name: process - postresql81 - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a '/usr/lib/postgresql/8.1/bin/postmaster -D /var/lib/postgresql/8.1/main -c config_file=/etc/postgresql/8.1/main/postgresql.conf'"
- hostgroups: postgres81-hosts
- -
- name: process - postresql81 - writer
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: writer process'"
- hostgroups: postgres81-hosts
- depends: process - postresql81 - master
- -
- name: process - postresql81 - buffer
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats buffer process'"
- hostgroups: postgres81-hosts
- depends: process - postresql81 - master
- -
- name: process - postresql81 - collector
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats collector process'"
- hostgroups: postgres81-hosts
- depends: process - postresql81 - master
- ####
- -
- name: process - postresql83 - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf'"
- hostgroups: postgres83-hosts
- excludehosts: piatti, klecker
- -
- name: process - postresql83 - master udd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/udd -c config_file=/etc/postgresql/8.3/udd/postgresql.conf'"
- hosts: piatti
- -
- name: process - postresql83 - dak master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak -c config_file=/etc/postgresql/8.3/dak/postgresql.conf'"
- hosts: ries, klecker
- -
- name: process - postresql83 - dak-dev master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postgres -a '/usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/dak-dev -c config_file=/etc/postgresql/8.3/dak-dev/postgresql.conf'"
- hosts: ries
- ####
- -
- name: process - mysql - master
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C mysqld_safe -a '/bin/sh /usr/bin/mysqld_safe'"
- hostgroups: mysql-hosts
- -
- name: process - mysql - workers
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u mysql -C mysqld -a /usr/sbin/mysqld"
- hostgroups: mysql-hosts
- depends: process - mysql - master
-
- ####
- -
- name: process - stunnel4 - postgres-udd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd-server.conf'"
- hosts: piatti
- -
- name: process - stunnel4 - postgres-udd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u stunnel4 -C stunnel4 -a '/usr/bin/stunnel4 /etc/stunnel/postgres-udd.conf'"
- hosts: merkel, master
-
- ####
- #-
- # name: process - xenconsoled
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenconsoled -a 'xenconsoled'"
- # hosts: piatti
- #-
- # name: process - xenstored
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenstored -a '/usr/lib/xen-3.0.3-1/bin/xenstored --pid-file /var/run/xenstore.pid'"
- # hosts: piatti
- #-
- # name: process - xend
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 2: -u root -C python -a 'python /usr/lib/xen-3.0.3-1/bin/xend start'"
- # hosts: piatti
-#
- ####
- -
- name: process - libvirtd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u root -C libvirtd -a '/usr/sbin/libvirtd -d'"
- hosts: unger
-
- ###
- -
- name: process - buildd
- servicegroups: buildd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u buildd -C buildd '/usr/bin/perl /usr/bin/buildd'"
- hostgroups: buildd
- contacts: luk
-
- ###
- -
- name: process - iscsid
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 1: -u root -C iscsid '/usr/sbin/iscsid'"
- hosts: raptor
-
- ###
- #-
- # name: process - tftpd
- # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C in.tftpd -a '/usr/sbin/in.tftpd -l -B 1450 -s /var/lib/tftpboot'"
- # hostgroups: tftpd-hosts
- ###
-# -
-# name: process - dhcpd
-# nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C dhcpd3 -a '/usr/sbin/dhcpd3 -q eth0'"
-# hosts: paer
- ###
- -
- name: process - smartd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C smartd -a '/usr/sbin/smartd --pidfile /var/run/smartd.pid --interval=1800'"
- hostgroups: smart
-
- ############ NFS Stuff ############
- ####
- -
- name: process - portmap
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u daemon -C portmap -a '/sbin/portmap'"
- hostgroups: nfs-client, nfs-server
- -
- name: process - statd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u statd -C rpc.statd -a '/sbin/rpc.statd'"
- hostgroups: nfs-client, nfs-server
- -
- name: process - nfsd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:10 -c 1: -u root -C nfsd -a '[nfsd]'"
- hostgroups: nfs-server
- -
- name: process - lockd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C lockd -a '[lockd]'"
- hostgroups: nfs-server
- -
- name: process - mountd
- nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rpc.mountd -a '/sbin/rpc.mountd'"
- hostgroups: nfs-server
- # see if the nfs stuff works and doesn't hang.
- # the df check all script will also hang, but we don't appear to pay attention to that
- -
- name: nfs mount ftp archive
- nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /home/org/ftp.root/debian"
- hosts: gluck
- -
- name: nfs mount ftp archive
- nrpe: "/usr/lib/nagios/plugins/check_disk 100 100 /org/mirrors/ftp.debian.org/ftp"
- hosts: merkel, raff
-
- ############ MISC OTHER Stuff ############
- #####
- -
- name: mirror sync - security
- check: "dsa_check_mirrorsync!security.debian.org!project/trace/security-master.debian.org"
- hosts: global
- -
- name: mirror sync - security.eu
- check: "dsa_check_mirrorsync!security.eu.debian.org!project/trace/security-master.debian.org"
- hosts: global
- -
- name: mirror sync - security.us
- check: "dsa_check_mirrorsync!security.us.debian.org!project/trace/security-master.debian.org"
- hosts: global
- -
- name: DNS SOA sync - debian.org
- check: "dsa_check_soas_add!samosa.debian.org!debian.org"
- hosts: global
- -
- name: DNS SOA sync - debian.net
- check: "dsa_check_soas_add!samosa.debian.org!debian.net"
- hosts: global
- -
- name: DNS SOA sync - debian.com
- check: "dsa_check_soas_add!samosa.debian.org!debian.com"
- hosts: global
- -
- name: DNS SOA sync - mirror.debian.net
- check: "dsa_check_soas_add!samosa.debian.org!mirror.debian.net"
- hosts: global
- -
- name: DNS SOA sync - 144-28.118.59.86.in-addr.arpa
- check: "dsa_check_soas_add!samosa.debian.org!144-28.118.59.86.in-addr.arpa"
- hosts: global
- -
- name: DNS SOA sync - alioth.debian.org
- check: "dsa_check_soas_add!alioth.debian.org!alioth.debian.org"
- hosts: global
projects / mirror / dsa-nagios.git / commitdiff