diff options
| -rw-r--r-- | nagios/nsca.cfg | 203 | ||||
| -rw-r--r-- | nagios/send_nsca.cfg | 63 | ||||
| -rwxr-xr-x | scripts/backup.cron | 13 |
3 files changed, 276 insertions, 3 deletions
diff --git a/nagios/nsca.cfg b/nagios/nsca.cfg new file mode 100644 index 0000000..215c1af --- /dev/null +++ b/nagios/nsca.cfg @@ -0,0 +1,203 @@ +#################################################### +# Sample NSCA Daemon Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 11-23-2007 +#################################################### + + +# LOG FACILITY +# The syslog facility that should be used for logging purposes. + +log_facility=daemon + +# Check Result directory. If passed, skip command pipe and submit +# directly into the checkresult directory. Requires Nagios 3+ +# For best results, mount dir on ramdisk. + +#check_result_path=/usr/local/nagios/var/checkresults + + +# PID FILE +# The name of the file in which the NSCA daemon should write it's process ID +# number. The file is only written if the NSCA daemon is started by the root +# user as a single- or multi-process daemon. + +pid_file=/var/run/nsca.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# This must be a non-priveledged port (i.e. > 1024). + +server_port=5667 + + + +# SERVER ADDRESS +# Address that NSCA has to bind to in case there are +# more as one interface and we do not want NSCA to bind +# (thus listen) on all interfaces. + +#server_address=192.168.1.1 + + + +# NSCA USER +# This determines the effective user that the NSCA daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NSCA is running under either inetd or xinetd + +nsca_user=nagios + + + +# NSCA GROUP +# This determines the effective group that the NSCA daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NSCA is running under either inetd or xinetd + +nsca_group=nagios + + + +# NSCA CHROOT +# If specified, determines a directory into which the nsca daemon +# will perform a chroot(2) operation before dropping its privileges. +# for the security conscious this can add a layer of protection in +# the event that the nagios daemon is compromised. +# +# NOTE: if you specify this option, the command file will be opened +# relative to this directory. + +#nsca_chroot=/var/run/nagios/rw + + + +# DEBUGGING OPTION +# This option determines whether or not debugging +# messages are logged to the syslog facility. +# Values: 0 = debugging off, 1 = debugging on + +debug=0 + + + +# COMMAND FILE +# This is the location of the Nagios command file that the daemon +# should write all service check results that it receives. + +command_file=/var/nagios/rw/nagios.cmd + + +# ALTERNATE DUMP FILE +# This is used to specify an alternate file the daemon should +# write service check results to in the event the command file +# does not exist. It is important to note that the command file +# is implemented as a named pipe and only exists when Nagios is +# running. You may want to modify the startup script for Nagios +# to dump the contents of this file into the command file after +# it starts Nagios. Or you may simply choose to ignore any +# check results received while Nagios was not running... + +alternate_dump_file=/var/nagios/rw/nsca.dump + + + +# AGGREGATED WRITES OPTION +# This option determines whether or not the nsca daemon will +# aggregate writes to the external command file for client +# connections that contain multiple check results. If you +# are queueing service check results on remote hosts and +# sending them to the nsca daemon in bulk, you will probably +# want to enable bulk writes, as this will be a bit more +# efficient. +# Values: 0 = do not aggregate writes, 1 = aggregate writes + +aggregate_writes=0 + + + +# APPEND TO FILE OPTION +# This option determines whether or not the nsca daemon will +# will open the external command file for writing or appending. +# This option should almost *always* be set to 0! +# Values: 0 = open file for writing, 1 = open file for appending + +append_to_file=0 + + + +# MAX PACKET AGE OPTION +# This option is used by the nsca daemon to determine when client +# data is too old to be valid. Keeping this value as small as +# possible is recommended, as it helps prevent the possibility of +# "replay" attacks. This value needs to be at least as long as +# the time it takes your clients to send their data to the server. +# Values are in seconds. The max packet age cannot exceed 15 +# minutes (900 seconds). If this variable is set to zero (0), no +# packets will be rejected based on their age. + +max_packet_age=30 + + + +# DECRYPTION PASSWORD +# This is the password/passphrase that should be used to descrypt the +# incoming packets. Note that all clients must encrypt the packets +# they send using the same password! +# IMPORTANT: You don't want all the users on this system to be able +# to read the password you specify here, so make sure to set +# restrictive permissions on this config file! + +#password= + + + +# DECRYPTION METHOD +# This option determines the method by which the nsca daemon will +# decrypt the packets it receives from the clients. The decryption +# method you choose will be a balance between security and performance, +# as strong encryption methods consume more processor resources. +# You should evaluate your security needs when choosing a decryption +# method. +# +# Note: The decryption method you specify here must match the +# encryption method the nsca clients use (as specified in +# the send_nsca.cfg file)!! +# Values: +# +# 0 = None (Do NOT use this option) +# 1 = Simple XOR (No security, just obfuscation, but very fast) +# +# 2 = DES +# 3 = 3DES (Triple DES) +# 4 = CAST-128 +# 5 = CAST-256 +# 6 = xTEA +# 7 = 3WAY +# 8 = BLOWFISH +# 9 = TWOFISH +# 10 = LOKI97 +# 11 = RC2 +# 12 = ARCFOUR +# +# 14 = RIJNDAEL-128 +# 15 = RIJNDAEL-192 +# 16 = RIJNDAEL-256 +# +# 19 = WAKE +# 20 = SERPENT +# +# 22 = ENIGMA (Unix crypt) +# 23 = GOST +# 24 = SAFER64 +# 25 = SAFER128 +# 26 = SAFER+ +# + +decryption_method=1 + diff --git a/nagios/send_nsca.cfg b/nagios/send_nsca.cfg new file mode 100644 index 0000000..60196c0 --- /dev/null +++ b/nagios/send_nsca.cfg @@ -0,0 +1,63 @@ +#################################################### +# Sample NSCA Client Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 02-21-2002 +#################################################### + + +# ENCRYPTION PASSWORD +# This is the password/passphrase that should be used to encrypt the +# outgoing packets. Note that the nsca daemon must use the same +# password when decrypting the packet! +# IMPORTANT: You don't want all the users on this system to be able +# to read the password you specify here, so make sure to set +# restrictive permissions on this config file! + +#password= + + + +# ENCRYPTION METHOD +# This option determines the method by which the send_nsca client will +# encrypt the packets it sends to the nsca daemon. The encryption +# method you choose will be a balance between security and performance, +# as strong encryption methods consume more processor resources. +# You should evaluate your security needs when choosing an encryption +# method. +# +# Note: The encryption method you specify here must match the +# decryption method the nsca daemon uses (as specified in +# the nsca.cfg file)!! +# Values: +# 0 = None (Do NOT use this option) +# 1 = Simple XOR (No security, just obfuscation, but very fast) +# +# 2 = DES +# 3 = 3DES (Triple DES) +# 4 = CAST-128 +# 5 = CAST-256 +# 6 = xTEA +# 7 = 3WAY +# 8 = BLOWFISH +# 9 = TWOFISH +# 10 = LOKI97 +# 11 = RC2 +# 12 = ARCFOUR +# +# 14 = RIJNDAEL-128 +# 15 = RIJNDAEL-192 +# 16 = RIJNDAEL-256 +# +# 19 = WAKE +# 20 = SERPENT +# +# 22 = ENIGMA (Unix crypt) +# 23 = GOST +# 24 = SAFER64 +# 25 = SAFER128 +# 26 = SAFER+ +# + +encryption_method=1 + diff --git a/scripts/backup.cron b/scripts/backup.cron index 6555fb5..1dcf2bb 100755 --- a/scripts/backup.cron +++ b/scripts/backup.cron @@ -4,7 +4,14 @@ basedir="/var/backup" prefix="daily" count="25" list="dirs.list" -nagioscmd="/var/www/shared/nagios/rw/nagios.cmd" + +do_nsca() { + local DESC=$1 + shift + local out=$($@) + local ret=$? + echo "virtualip $DESC $ret $out" | send_nsca -H nagios.random.lan -c /etc/nagios/send_nsca.cfg +} ( mountpoint -q $basedir && umount $basedir @@ -65,9 +72,9 @@ rm -f ${basedir}/${prefix}.0/postgresql-bugzilla.sql.xz pg_dump -Upostgres bugzilla | xz > ${basedir}/${prefix}.0/postgresql-bugzilla.sql.xz echo "Begin hardlink @ `date`" >> ${basedir}/time -npsw virtualip "Backup Volume" /usr/lib64/nagios/plugins/check_disk -w 5% -c 2% $basedir > $nagioscmd +do_nsca "Backup Volume" /usr/lib64/nagios/plugins/check_disk -w 5% -c 2% $basedir hardlink -mt ${basedir} -npsw virtualip "Backup Volume" /usr/lib64/nagios/plugins/check_disk -w 5% -c 2% $basedir > $nagioscmd +do_nsca "Backup Volume" /usr/lib64/nagios/plugins/check_disk -w 5% -c 2% $basedir echo "End @ `date`" >> ${basedir}/time umount ${basedir} |