summaryrefslogtreecommitdiff
path: root/files
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2011-04-11 12:30:51 -0400
committerMicah Anderson <micah@riseup.net>2011-04-11 12:30:51 -0400
commit7735baa65f0dc37f94d4854fd62c817de94d64f2 (patch)
tree1a4e7a70e27897e08e0e0bb754b4b4d1f2889967 /files
parent2f2eb1cb12a57d8a85801086b6fbfce19e9c7a1b (diff)
parentf2df62c9d17d481a3d616a4f2de9496638fadc0a (diff)
Merge commit 'f2df62c9d17d481a3d616a4f2de9496638fadc0a'
Conflicts: manifests/defaults/commands.pp
Diffstat (limited to 'files')
-rw-r--r--[l---------]files/configs/Debian/private/resource.cfg.amd6432
-rw-r--r--[l---------]files/configs/Debian/private/resource.cfg.x86_6432
-rw-r--r--files/configs/apache2.conf55
-rw-r--r--files/irc_bot/riseup-nagios-client.pl72
-rw-r--r--files/irc_bot/riseup-nagios-server.pl157
-rw-r--r--files/plugins/check_dns2102
-rw-r--r--files/plugins/check_dnsbl107
7 files changed, 555 insertions, 2 deletions
diff --git a/files/configs/Debian/private/resource.cfg.amd64 b/files/configs/Debian/private/resource.cfg.amd64
index 4d5f0a3..3ed732b 120000..100644
--- a/files/configs/Debian/private/resource.cfg.amd64
+++ b/files/configs/Debian/private/resource.cfg.amd64
@@ -1 +1,31 @@
-resource.cfg.i386 \ No newline at end of file
+###########################################################################
+#
+# RESOURCE.CFG - Resource File for Nagios
+#
+# You can define $USERx$ macros in this file, which can in turn be used
+# in command definitions in your host config file(s). $USERx$ macros are
+# useful for storing sensitive information such as usernames, passwords,
+# etc. They are also handy for specifying the path to plugins and
+# event handlers - if you decide to move the plugins or event handlers to
+# a different directory in the future, you can just update one or two
+# $USERx$ macros, instead of modifying a lot of command definitions.
+#
+# The CGIs will not attempt to read the contents of resource files, so
+# you can set restrictive permissions (600 or 660) on them.
+#
+# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$)
+#
+# Resource files may also be used to store configuration directives for
+# external data sources like MySQL...
+#
+###########################################################################
+
+# Sets $USER1$ to be the path to the plugins
+$USER1$=/usr/lib/nagios/plugins
+
+# Sets $USER2$ to be the path to event handlers
+#$USER2$=/usr/lib/nagios/plugins/eventhandlers
+
+# Store some usernames and passwords (hidden from the CGIs)
+#$USER3$=someuser
+#$USER4$=somepassword
diff --git a/files/configs/Debian/private/resource.cfg.x86_64 b/files/configs/Debian/private/resource.cfg.x86_64
index 4d5f0a3..3ed732b 120000..100644
--- a/files/configs/Debian/private/resource.cfg.x86_64
+++ b/files/configs/Debian/private/resource.cfg.x86_64
@@ -1 +1,31 @@
-resource.cfg.i386 \ No newline at end of file
+###########################################################################
+#
+# RESOURCE.CFG - Resource File for Nagios
+#
+# You can define $USERx$ macros in this file, which can in turn be used
+# in command definitions in your host config file(s). $USERx$ macros are
+# useful for storing sensitive information such as usernames, passwords,
+# etc. They are also handy for specifying the path to plugins and
+# event handlers - if you decide to move the plugins or event handlers to
+# a different directory in the future, you can just update one or two
+# $USERx$ macros, instead of modifying a lot of command definitions.
+#
+# The CGIs will not attempt to read the contents of resource files, so
+# you can set restrictive permissions (600 or 660) on them.
+#
+# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$)
+#
+# Resource files may also be used to store configuration directives for
+# external data sources like MySQL...
+#
+###########################################################################
+
+# Sets $USER1$ to be the path to the plugins
+$USER1$=/usr/lib/nagios/plugins
+
+# Sets $USER2$ to be the path to event handlers
+#$USER2$=/usr/lib/nagios/plugins/eventhandlers
+
+# Store some usernames and passwords (hidden from the CGIs)
+#$USER3$=someuser
+#$USER4$=somepassword
diff --git a/files/configs/apache2.conf b/files/configs/apache2.conf
new file mode 100644
index 0000000..14bb38b
--- /dev/null
+++ b/files/configs/apache2.conf
@@ -0,0 +1,55 @@
+# apache configuration for nagios 3.x
+# note to users of nagios 1.x and 2.x:
+# throughout this file are commented out sections which preserve
+# backwards compatibility with bookmarks/config for older nagios versios.
+# simply look for lines following "nagios 1.x:" and "nagios 2.x" comments.
+
+ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
+ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3
+# nagios 1.x:
+#ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios3
+#ScriptAlias /nagios/cgi-bin /usr/lib/cgi-bin/nagios3
+# nagios 2.x:
+#ScriptAlias /cgi-bin/nagios2 /usr/lib/cgi-bin/nagios3
+#ScriptAlias /nagios2/cgi-bin /usr/lib/cgi-bin/nagios3
+
+# Where the stylesheets (config files) reside
+Alias /nagios3/stylesheets /etc/nagios3/stylesheets
+# nagios 1.x:
+#Alias /nagios/stylesheets /etc/nagios3/stylesheets
+# nagios 2.x:
+#Alias /nagios2/stylesheets /etc/nagios3/stylesheets
+
+# Where the HTML pages live
+Alias /nagios3 /usr/share/nagios3/htdocs
+# nagios 2.x:
+#Alias /nagios2 /usr/share/nagios3/htdocs
+# nagios 1.x:
+#Alias /nagios /usr/share/nagios3/htdocs
+
+<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
+ Options FollowSymLinks
+
+ DirectoryIndex index.php index.html
+
+ AllowOverride AuthConfig
+ Order Allow,Deny
+ Allow From All
+
+ AuthName "Nagios Access"
+ AuthType Basic
+ AuthUserFile /etc/nagios3/htpasswd.users
+ # nagios 1.x:
+ #AuthUserFile /etc/nagios/htpasswd.users
+ require valid-user
+</DirectoryMatch>
+
+# Enable this ScriptAlias if you want to enable the grouplist patch.
+# See http://apan.sourceforge.net/download.html for more info
+# It allows you to see a clickable list of all hostgroups in the
+# left pane of the Nagios web interface
+# XXX This is not tested for nagios 2.x use at your own peril
+#ScriptAlias /nagios3/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
+# nagios 1.x:
+#ScriptAlias /nagios/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
+
diff --git a/files/irc_bot/riseup-nagios-client.pl b/files/irc_bot/riseup-nagios-client.pl
new file mode 100644
index 0000000..2467058
--- /dev/null
+++ b/files/irc_bot/riseup-nagios-client.pl
@@ -0,0 +1,72 @@
+#!/usr/bin/perl -w
+
+# ##############################################################################
+# Infrabot-Client - a simple Infrabot client which sends it's whole command
+# line arguments to a local UNIX domain socket.
+# ##############################################################################
+
+use strict;
+use IO::Socket;
+
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# >> CONFIGURATION >>
+
+# Read a configuration file
+# The arg can be a relative or full path, or
+# it can be a file located somewhere in @INC.
+sub ReadCfg
+{
+ my $file = $_[0];
+
+ our $err;
+
+ { # Put config data into a separate namespace
+ package CFG;
+
+ # Process the contents of the config file
+ my $rc = do($file);
+
+ # Check for errors
+ if ($@) {
+ $::err = "ERROR: Failure compiling '$file' - $@";
+ } elsif (! defined($rc)) {
+ $::err = "ERROR: Failure reading '$file' - $!";
+ } elsif (! $rc) {
+ $::err = "ERROR: Failure processing '$file'";
+ }
+ }
+
+ return ($err);
+}
+
+# Get our configuration information
+if (my $err = ReadCfg('/etc/nagios_nsa.cfg')) {
+ print(STDERR $err, "\n");
+ exit(1);
+}
+
+# << CONFIGURATION <<
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+if (@ARGV == 0) {
+ print "Hey - specify a message, sucker!\n";
+ exit(1);
+}
+
+unless (-S $CFG::Nsa{'socket'}) {
+ die "Socket '$CFG::Nsa{'socket'}' doesn't exist or isn't a socket!\n";
+}
+
+unless (-r $CFG::Nsa{'socket'}) {
+ die "Socket '$CFG::Nsa{'socket'}' can't be read!\n";
+}
+
+my $sock = IO::Socket::UNIX->new (
+ Peer => $CFG::Nsa{'socket'},
+ Type => SOCK_DGRAM,
+ Timeout => 10
+) || die "Can't open socket '$CFG::Nsa{'socket'}'!\n";
+
+print $sock "@ARGV";
+close($sock);
diff --git a/files/irc_bot/riseup-nagios-server.pl b/files/irc_bot/riseup-nagios-server.pl
new file mode 100644
index 0000000..7880dde
--- /dev/null
+++ b/files/irc_bot/riseup-nagios-server.pl
@@ -0,0 +1,157 @@
+#!/usr/bin/perl -w
+
+# ##############################################################################
+# a simple IRC bot which dispatches messages received via local domain sockets
+# ##############################################################################
+
+use strict;
+use File::Basename;
+
+BEGIN {
+ unshift @INC, dirname($0);
+}
+
+my $VERSION = '0.2';
+my $running = 1;
+
+# Read a configuration file
+# The arg can be a relative or full path, or
+# it can be a file located somewhere in @INC.
+sub ReadCfg
+{
+ my $file = $_[0];
+
+ our $err;
+
+ { # Put config data into a separate namespace
+ package CFG;
+
+ # Process the contents of the config file
+ my $rc = do($file);
+
+ # Check for errors
+ if ($@) {
+ $::err = "ERROR: Failure compiling '$file' - $@";
+ } elsif (! defined($rc)) {
+ $::err = "ERROR: Failure reading '$file' - $!";
+ } elsif (! $rc) {
+ $::err = "ERROR: Failure processing '$file'";
+ }
+ }
+
+ return ($err);
+}
+
+# Get our configuration information
+if (my $err = ReadCfg('/etc/nagios_nsa.cfg')) {
+ print(STDERR $err, "\n");
+ exit(1);
+}
+
+use POSIX qw(setsid);
+use IO::Socket;
+use Net::IRC;
+
+sub new {
+ my $self = {
+ socket => undef,
+ irc => undef,
+ conn => undef
+ };
+
+ return bless($self, __PACKAGE__);
+}
+
+sub daemonize {
+ my $self = shift;
+ my $pid;
+
+ chdir '/' or die "Can't chdir to /: $!";
+
+ open STDIN, '/dev/null' or die "Can't read /dev/null: $!";
+ open STDOUT, '>/dev/null' or die "Can't write to /dev/null: $!";
+
+ defined ($pid = fork) or die "Can't fork: $!";
+
+ if ($pid && $CFG::Nsa{'pidfile'}) { # write pid of child
+ open PID, ">$CFG::Nsa{'pidfile'}" or die "Can't open pid file: $!";
+ print PID $pid;
+ close PID;
+ }
+ exit if $pid;
+ setsid or die "Can't start a new session: $!";
+
+ #open STDERR, '>&STDOUT' or die "Can't dup stdout: $!";
+}
+
+sub run {
+ my $self = shift;
+
+ $self->{irc}->do_one_loop();
+}
+
+sub shutdown {
+ my $sig = shift;
+
+ print STDERR "Received SIG$sig, shutting down...\n";
+ $running = 0;
+}
+
+sub socket_has_data {
+ my $self = shift;
+
+ $self->{socket}->recv(my $data, 1024);
+ $self->{conn}->privmsg($CFG::Nsa{'channel'}, $data);
+}
+
+sub irc_on_connect {
+ my $self = shift;
+
+ print STDERR "Joining channel '$CFG::Nsa{'channel'}'...\n";
+ $self->join($CFG::Nsa{'channel'});
+}
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+my $bot = &new;
+
+if (-e $CFG::Nsa{'socket'}) {
+ die "Socket '$CFG::Nsa{'socket'}' exists!\n";
+}
+
+$bot->{socket} = IO::Socket::UNIX->new (
+ Local => $CFG::Nsa{'socket'},
+ Type => SOCK_DGRAM,
+ Listen => 5
+) || die "Can't create socket '$CFG::Nsa{'socket'}'!\n";
+
+$SIG{INT} = $SIG{TERM} = \&shutdown;
+
+$bot->daemonize();
+$bot->{irc} = new Net::IRC;
+
+$bot->{conn} = $bot->{irc}->newconn (
+ Server => $CFG::Nsa{'server'},
+ Port => $CFG::Nsa{'port'},
+ Nick => $CFG::Nsa{'nickname'},
+ Username => $CFG::Nsa{'nickname'},
+ Password => $CFG::Nsa{'password'},
+ Ircname => $CFG::Nsa{'realname'} . " (NSA $VERSION)",
+) || die "Can't connect to server '$CFG::Nsa{'server'}'!\n";
+
+$bot->{conn}->add_global_handler(376, \&irc_on_connect);
+$bot->{conn}->add_global_handler('nomotd', \&irc_on_connect);
+$bot->{irc}->addfh($bot->{socket}, \&socket_has_data, 'r', $bot);
+
+while ($running) {
+ $bot->run();
+}
+
+close($bot->{socket});
+unlink($CFG::Nsa{'socket'});
+
+exit(0);
+
+1;
+
+__END__
diff --git a/files/plugins/check_dns2 b/files/plugins/check_dns2
new file mode 100644
index 0000000..2195631
--- /dev/null
+++ b/files/plugins/check_dns2
@@ -0,0 +1,102 @@
+#!/bin/bash
+# Written by Damien Gy
+# damien.gy+nagiosexchange(AT)gmail.com
+# 2007-09-28
+
+PROGNAME=`basename $0`
+REVISION=1.00
+TMP=/tmp/tmpdig
+DIG=/usr/bin/dig
+
+print_revision() {
+ echo $PROGNAME $REVISION
+}
+
+print_usage() {
+ echo "Usage:"
+ echo " $PROGNAME -c|--check <host> <type> <server>"
+ echo " $PROGNAME -h|--help"
+ echo " $PROGNAME -v|--version"
+}
+
+print_help() {
+ print_revision
+ echo ""
+ print_usage
+ echo "Where:"
+ echo " host the name of the resource record to be looked up"
+ echo " type indicates the query required (any, a, mx, etc.)"
+ echo " server the name or IP address of the name server to query"
+ echo ""
+ echo " -h|--help prints this help screen"
+ echo ""
+ echo " -v|--version prints version and license information"
+ echo ""
+ echo " Created by Damien Gy, questions or problems e-mail damien.gy+nagiosexchange(AT)gmail.com"
+ echo ""
+}
+
+check_dns() {
+
+ if [ $# -ne 3 ]
+ then
+ echo "Number of arguments incorrect"
+ exit 3
+ fi
+ if [ ! -e $DIG ]
+ then
+ echo "$DIG not found"
+ exit 3
+ fi
+ $DIG $1 $2 @$3 > $TMP
+
+ if ( grep "status" $TMP > /dev/null )
+ then
+ # DNS server answered
+ if ( grep "NOERROR" $TMP > /dev/null )
+ then
+ echo "DNS OK "`grep "time:" $TMP`
+ rm -f $TMP
+ exit 0
+ else
+ echo "WARNING "`grep "time:" $TMP`
+ rm -f $TMP
+ exit 1
+ fi
+
+ else
+ # no answer
+ echo "CRITICAL - Connection timed out"
+ rm -f $TMP
+ exit 2
+ fi
+}
+
+case "$1" in
+--help)
+ print_help
+ exit 0
+ ;;
+-h)
+ print_help
+ exit 0
+ ;;
+--version)
+ print_revision
+ exit 0
+ ;;
+-v)
+ print_revision
+ exit 0
+ ;;
+--check)
+ check_dns $2 $3 $4
+ ;;
+-c)
+ check_dns $2 $3 $4
+ ;;
+*)
+ print_usage
+ exit 3
+
+esac
diff --git a/files/plugins/check_dnsbl b/files/plugins/check_dnsbl
new file mode 100644
index 0000000..93cea37
--- /dev/null
+++ b/files/plugins/check_dnsbl
@@ -0,0 +1,107 @@
+#!/bin/sh
+#
+# dnsbl-check-nagios.sh
+#
+# (c) 2009 Damon Tajeddini & heise Netze
+#
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+STATE_DEPENDENT=4
+
+FOUND_ADRESS=0
+
+DNSBLlist=`grep -v ^# <<!
+cbl.abuseat.org
+dnsbl.ahbl.org
+ircbl.ahbl.org
+virbl.dnsbl.bit.nl
+blackholes.five-ten-sg.com
+dnsbl.inps.de
+ix.dnsbl.manitu.net
+no-more-funn.moensted.dk
+combined.njabl.org
+dnsbl.njabl.org
+dnsbl.sorbs.net
+bl.spamcannibal.org
+bl.spamcop.net
+sbl.spamhaus.org
+xbl.spamhaus.org
+pbl.spamhaus.org
+dnsbl-1.uceprotect.net
+# dnsbl-2.uceprotect.net
+# dnsbl-3.uceprotect.net
+psbl.surriel.com
+l2.apews.org
+dnsrbl.swinog.ch
+db.wpbl.info
+!`
+
+# reverse IP address
+convertIP()
+{
+ set `IFS=".";echo $1`
+ echo $4.$3.$2.$1
+}
+
+usage()
+{
+ echo "Usage: $0 [-H] <host>] [-p]"
+ echo " -H check Host "
+ echo " -p print list of DNSBLs"
+ exit 3
+}
+
+# Checks the IP with list of DNSBL servers
+check()
+{
+ count=0;
+ for i in $DNSBLlist
+ do
+ count=$(($count + 1))
+ if nslookup $ip_arpa.$i | grep -q "127.0.0." ;
+ then
+ FOUND_ADRESS=$(($FOUND_ADRESS + 1))
+ echo "DNSBL-Alarm: $ip is listed on $i"
+ fi
+ done
+ if [ $FOUND_ADRESS -ge 1 ]
+ then
+ exit 1
+ fi
+ echo "OK - $ip not on $count DNSBLs"
+ exit 0
+}
+
+case $1 in
+ -H)
+ if [ -z "$2" ]
+ then
+ echo "ip address missing"
+ exit
+ fi
+ ip=$2
+ ip_arpa=`convertIP $ip`
+ check;;
+
+ -p)
+ for i in $DNSBLlist
+ do
+ echo $i
+ done
+ exit $STATE_WARNING
+ exit;;
+
+ --help)
+ usage
+ exit;;
+
+ *)
+ if [ -z "$1" ]
+ then
+ usage
+ fi
+ echo "unknown command: $1"
+ exit;;
+esac