Merge commit 'f2df62c9d17d481a3d616a4f2de9496638fadc0a'

Conflicts: manifests/defaults/commands.pp
author: Micah Anderson <micah@riseup.net> 2011-04-11 12:30:51 -0400
committer: Micah Anderson <micah@riseup.net> 2011-04-11 12:30:51 -0400
commit: 7735baa65f0dc37f94d4854fd62c817de94d64f2 (patch)
tree: 1a4e7a70e27897e08e0e0bb754b4b4d1f2889967 /files
parent: 2f2eb1cb12a57d8a85801086b6fbfce19e9c7a1b (diff)
parent: f2df62c9d17d481a3d616a4f2de9496638fadc0a (diff)
7 files changed, 555 insertions, 2 deletions
diff --git a/files/configs/Debian/private/resource.cfg.amd64 b/files/configs/Debian/private/resource.cfg.amd64
index 4d5f0a3..3ed732b 120000..100644
--- a/files/configs/Debian/private/resource.cfg.amd64
+++ b/files/configs/Debian/private/resource.cfg.amd64
@@ -1 +1,31 @@
-resource.cfg.i386
-\ No newline at end of file
+###########################################################################
+#
+# RESOURCE.CFG - Resource File for Nagios 
+#
+# You can define $USERx$ macros in this file, which can in turn be used
+# in command definitions in your host config file(s).  $USERx$ macros are
+# useful for storing sensitive information such as usernames, passwords, 
+# etc.  They are also handy for specifying the path to plugins and 
+# event handlers - if you decide to move the plugins or event handlers to
+# a different directory in the future, you can just update one or two
+# $USERx$ macros, instead of modifying a lot of command definitions.
+#
+# The CGIs will not attempt to read the contents of resource files, so
+# you can set restrictive permissions (600 or 660) on them.
+#
+# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$)
+#
+# Resource files may also be used to store configuration directives for
+# external data sources like MySQL...
+#
+###########################################################################
+
+# Sets $USER1$ to be the path to the plugins
+$USER1$=/usr/lib/nagios/plugins
+
+# Sets $USER2$ to be the path to event handlers
+#$USER2$=/usr/lib/nagios/plugins/eventhandlers
+
+# Store some usernames and passwords (hidden from the CGIs)
+#$USER3$=someuser
+#$USER4$=somepassword
diff --git a/files/configs/Debian/private/resource.cfg.x86_64 b/files/configs/Debian/private/resource.cfg.x86_64
index 4d5f0a3..3ed732b 120000..100644
--- a/files/configs/Debian/private/resource.cfg.x86_64
+++ b/files/configs/Debian/private/resource.cfg.x86_64
@@ -1 +1,31 @@
-resource.cfg.i386
-\ No newline at end of file
+###########################################################################
+#
+# RESOURCE.CFG - Resource File for Nagios 
+#
+# You can define $USERx$ macros in this file, which can in turn be used
+# in command definitions in your host config file(s).  $USERx$ macros are
+# useful for storing sensitive information such as usernames, passwords, 
+# etc.  They are also handy for specifying the path to plugins and 
+# event handlers - if you decide to move the plugins or event handlers to
+# a different directory in the future, you can just update one or two
+# $USERx$ macros, instead of modifying a lot of command definitions.
+#
+# The CGIs will not attempt to read the contents of resource files, so
+# you can set restrictive permissions (600 or 660) on them.
+#
+# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$)
+#
+# Resource files may also be used to store configuration directives for
+# external data sources like MySQL...
+#
+###########################################################################
+
+# Sets $USER1$ to be the path to the plugins
+$USER1$=/usr/lib/nagios/plugins
+
+# Sets $USER2$ to be the path to event handlers
+#$USER2$=/usr/lib/nagios/plugins/eventhandlers
+
+# Store some usernames and passwords (hidden from the CGIs)
+#$USER3$=someuser
+#$USER4$=somepassword
diff --git a/files/configs/apache2.conf b/files/configs/apache2.conf
new file mode 100644
index 0000000..14bb38b
--- /dev/null
+++ b/files/configs/apache2.conf
@@ -0,0 +1,55 @@
+# apache configuration for nagios 3.x
+# note to users of nagios 1.x and 2.x:
+#   throughout this file are commented out sections which preserve
+#   backwards compatibility with bookmarks/config for older nagios versios.
+#   simply look for lines following "nagios 1.x:" and "nagios 2.x" comments.
+
+ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
+ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3
+# nagios 1.x:
+#ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios3
+#ScriptAlias /nagios/cgi-bin /usr/lib/cgi-bin/nagios3
+# nagios 2.x: 
+#ScriptAlias /cgi-bin/nagios2 /usr/lib/cgi-bin/nagios3
+#ScriptAlias /nagios2/cgi-bin /usr/lib/cgi-bin/nagios3
+
+# Where the stylesheets (config files) reside
+Alias /nagios3/stylesheets /etc/nagios3/stylesheets
+# nagios 1.x:
+#Alias /nagios/stylesheets /etc/nagios3/stylesheets
+# nagios 2.x:
+#Alias /nagios2/stylesheets /etc/nagios3/stylesheets
+
+# Where the HTML pages live
+Alias /nagios3 /usr/share/nagios3/htdocs
+# nagios 2.x: 
+#Alias /nagios2 /usr/share/nagios3/htdocs
+# nagios 1.x:
+#Alias /nagios /usr/share/nagios3/htdocs
+
+<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
+    Options FollowSymLinks
+
+    DirectoryIndex index.php index.html
+
+    AllowOverride AuthConfig
+    Order Allow,Deny
+    Allow From All
+
+    AuthName "Nagios Access"
+    AuthType Basic
+    AuthUserFile /etc/nagios3/htpasswd.users
+    # nagios 1.x:
+    #AuthUserFile /etc/nagios/htpasswd.users
+    require valid-user
+</DirectoryMatch>
+
+# Enable this ScriptAlias if you want to enable the grouplist patch.
+# See http://apan.sourceforge.net/download.html for more info
+# It allows you to see a clickable list of all hostgroups in the
+# left pane of the Nagios web interface
+# XXX This is not tested for nagios 2.x use at your own peril
+#ScriptAlias /nagios3/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
+# nagios 1.x:
+#ScriptAlias /nagios/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
+
diff --git a/files/irc_bot/riseup-nagios-client.pl b/files/irc_bot/riseup-nagios-client.pl
new file mode 100644
index 0000000..2467058
--- /dev/null
+++ b/files/irc_bot/riseup-nagios-client.pl
@@ -0,0 +1,72 @@
+#!/usr/bin/perl -w
+
+# ##############################################################################
+# Infrabot-Client - a simple Infrabot client which sends it's whole command
+# line arguments to a local UNIX domain socket.
+# ##############################################################################
+
+use strict;
+use IO::Socket;
+
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# >> CONFIGURATION >>
+
+# Read a configuration file
+#   The arg can be a relative or full path, or
+#   it can be a file located somewhere in @INC.
+sub ReadCfg
+{
+    my $file = $_[0];
+
+    our $err;
+
+    {   # Put config data into a separate namespace
+        package CFG;
+
+        # Process the contents of the config file
+        my $rc = do($file);
+
+        # Check for errors
+        if ($@) {
+            $::err = "ERROR: Failure compiling '$file' - $@";
+        } elsif (! defined($rc)) {
+            $::err = "ERROR: Failure reading '$file' - $!";
+        } elsif (! $rc) {
+            $::err = "ERROR: Failure processing '$file'";
+        }
+    }
+
+    return ($err);
+}
+
+# Get our configuration information
+if (my $err = ReadCfg('/etc/nagios_nsa.cfg')) {
+    print(STDERR $err, "\n");
+    exit(1);
+}
+
+# << CONFIGURATION <<
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+if (@ARGV == 0) {
+	print "Hey - specify a message, sucker!\n";
+	exit(1);
+}
+
+unless (-S $CFG::Nsa{'socket'}) {
+	die "Socket '$CFG::Nsa{'socket'}' doesn't exist or isn't a socket!\n";
+}
+
+unless (-r $CFG::Nsa{'socket'}) {
+	die "Socket '$CFG::Nsa{'socket'}' can't be read!\n";
+}
+
+my $sock = IO::Socket::UNIX->new (
+	Peer    => $CFG::Nsa{'socket'},
+	Type    => SOCK_DGRAM,
+	Timeout => 10
+) || die "Can't open socket '$CFG::Nsa{'socket'}'!\n";
+
+print $sock "@ARGV";
+close($sock);
diff --git a/files/irc_bot/riseup-nagios-server.pl b/files/irc_bot/riseup-nagios-server.pl
new file mode 100644
index 0000000..7880dde
--- /dev/null
+++ b/files/irc_bot/riseup-nagios-server.pl
@@ -0,0 +1,157 @@
+#!/usr/bin/perl -w
+
+# ##############################################################################
+# a simple IRC bot which dispatches messages received via local domain sockets
+# ##############################################################################
+
+use strict;
+use File::Basename;
+
+BEGIN {
+	unshift @INC, dirname($0);
+}
+
+my $VERSION = '0.2';
+my $running = 1;
+
+# Read a configuration file
+#   The arg can be a relative or full path, or
+#   it can be a file located somewhere in @INC.
+sub ReadCfg
+{
+    my $file = $_[0];
+
+    our $err;
+
+    {   # Put config data into a separate namespace
+        package CFG;
+
+        # Process the contents of the config file
+        my $rc = do($file);
+
+        # Check for errors
+        if ($@) {
+            $::err = "ERROR: Failure compiling '$file' - $@";
+        } elsif (! defined($rc)) {
+            $::err = "ERROR: Failure reading '$file' - $!";
+        } elsif (! $rc) {
+            $::err = "ERROR: Failure processing '$file'";
+        }
+    }
+
+    return ($err);
+}
+
+# Get our configuration information
+if (my $err = ReadCfg('/etc/nagios_nsa.cfg')) {
+    print(STDERR $err, "\n");
+    exit(1);
+}
+
+use POSIX qw(setsid);
+use IO::Socket;
+use Net::IRC;
+
+sub new {
+	my $self = {
+		socket => undef,
+		irc => undef,
+		conn => undef
+	};
+
+	return bless($self, __PACKAGE__);
+}
+
+sub daemonize {
+	my $self = shift;
+	my $pid;
+
+	chdir '/' or die "Can't chdir to /: $!";
+
+	open STDIN, '/dev/null' or die "Can't read /dev/null: $!";
+	open STDOUT, '>/dev/null' or die "Can't write to /dev/null: $!";
+
+	defined ($pid = fork) or die "Can't fork: $!";
+
+	if ($pid && $CFG::Nsa{'pidfile'}) { # write pid of child
+		open PID, ">$CFG::Nsa{'pidfile'}" or die "Can't open pid file: $!";
+		print PID $pid;
+		close PID;
+	}
+	exit if $pid;
+	setsid or die "Can't start a new session: $!";
+
+	#open STDERR, '>&STDOUT' or die "Can't dup stdout: $!";
+}
+
+sub run {
+	my $self = shift;
+
+	$self->{irc}->do_one_loop();
+}
+
+sub shutdown {
+	my $sig = shift;
+
+	print STDERR "Received SIG$sig, shutting down...\n";
+	$running = 0;
+}
+
+sub socket_has_data {
+    my $self = shift;
+    
+    $self->{socket}->recv(my $data, 1024);
+    $self->{conn}->privmsg($CFG::Nsa{'channel'}, $data);
+}
+
+sub irc_on_connect {
+	my $self = shift;
+
+	print STDERR "Joining channel '$CFG::Nsa{'channel'}'...\n";
+	$self->join($CFG::Nsa{'channel'});
+}
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+my $bot = &new;
+
+if (-e $CFG::Nsa{'socket'}) {
+	die "Socket '$CFG::Nsa{'socket'}' exists!\n";
+}
+
+$bot->{socket} = IO::Socket::UNIX->new (
+	Local  => $CFG::Nsa{'socket'},
+	Type   => SOCK_DGRAM,
+	Listen => 5
+) || die "Can't create socket '$CFG::Nsa{'socket'}'!\n";
+
+$SIG{INT} = $SIG{TERM} = \&shutdown;
+
+$bot->daemonize();
+$bot->{irc} = new Net::IRC;
+
+$bot->{conn} = $bot->{irc}->newconn (
+	Server   => $CFG::Nsa{'server'},
+	Port     => $CFG::Nsa{'port'},
+	Nick     => $CFG::Nsa{'nickname'},
+	Username => $CFG::Nsa{'nickname'},
+	Password => $CFG::Nsa{'password'},
+	Ircname  => $CFG::Nsa{'realname'} . " (NSA $VERSION)",
+) || die "Can't connect to server '$CFG::Nsa{'server'}'!\n";
+
+$bot->{conn}->add_global_handler(376, \&irc_on_connect);
+$bot->{conn}->add_global_handler('nomotd', \&irc_on_connect);
+$bot->{irc}->addfh($bot->{socket}, \&socket_has_data, 'r', $bot);
+
+while ($running) {
+	$bot->run();
+}
+
+close($bot->{socket});
+unlink($CFG::Nsa{'socket'});
+
+exit(0);
+
+1;
+
+__END__
diff --git a/files/plugins/check_dns2 b/files/plugins/check_dns2
new file mode 100644
index 0000000..2195631
--- /dev/null
+++ b/files/plugins/check_dns2
@@ -0,0 +1,102 @@
+#!/bin/bash
+# Written by Damien Gy
+# damien.gy+nagiosexchange(AT)gmail.com
+# 2007-09-28
+
+PROGNAME=`basename $0`
+REVISION=1.00
+TMP=/tmp/tmpdig
+DIG=/usr/bin/dig
+
+print_revision() {
+	echo $PROGNAME $REVISION
+}
+
+print_usage() {
+	echo "Usage:"
+	echo "	$PROGNAME -c|--check <host> <type> <server>"
+	echo "	$PROGNAME -h|--help"
+	echo "	$PROGNAME -v|--version"
+}
+
+print_help() {
+	print_revision
+	echo ""
+	print_usage
+	echo "Where:"
+	echo "	host	the name of the resource record to be looked up"
+	echo "	type	indicates the query required (any, a, mx, etc.)"
+	echo "	server	the name or IP address of the name server to query"
+	echo ""
+	echo "	-h|--help	prints this help screen"
+	echo ""
+	echo "	-v|--version	prints version and license information"
+	echo ""
+	echo " Created by Damien Gy, questions or problems e-mail damien.gy+nagiosexchange(AT)gmail.com"
+	echo ""
+}
+
+check_dns() {
+
+	if [ $# -ne 3 ]
+	then
+	        echo "Number of arguments incorrect"
+	        exit 3
+	fi
+	if [ ! -e $DIG ]
+	then
+		echo "$DIG not found"
+		exit 3
+	fi
+	$DIG $1 $2 @$3 > $TMP
+
+	if ( grep "status" $TMP > /dev/null )
+	then
+	        # DNS server answered
+	        if ( grep "NOERROR" $TMP > /dev/null )
+	        then
+	                echo "DNS OK "`grep "time:" $TMP`
+	                rm -f $TMP
+	                exit 0
+	        else
+	                echo "WARNING "`grep "time:" $TMP`
+	                rm -f $TMP
+	                exit 1
+	        fi
+
+	else
+	        # no answer
+	        echo "CRITICAL - Connection timed out"
+	        rm -f $TMP
+	        exit 2
+	fi
+}
+
+case "$1" in
+--help)
+                print_help
+        exit 0
+        ;;
+-h)
+                print_help
+        exit 0
+        ;;
+--version)
+                print_revision
+        exit 0
+        ;;
+-v)
+                print_revision
+        exit 0
+        ;;
+--check)
+                check_dns $2 $3 $4
+        ;;
+-c)
+                check_dns $2 $3 $4
+        ;;
+*)
+                print_usage
+        exit 3
+
+esac
diff --git a/files/plugins/check_dnsbl b/files/plugins/check_dnsbl
new file mode 100644
index 0000000..93cea37
--- /dev/null
+++ b/files/plugins/check_dnsbl
@@ -0,0 +1,107 @@
+#!/bin/sh
+#
+# dnsbl-check-nagios.sh
+#
+# (c) 2009 Damon Tajeddini & heise Netze
+#
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+STATE_DEPENDENT=4
+
+FOUND_ADRESS=0
+
+DNSBLlist=`grep -v ^# <<!
+cbl.abuseat.org
+dnsbl.ahbl.org
+ircbl.ahbl.org
+virbl.dnsbl.bit.nl
+blackholes.five-ten-sg.com
+dnsbl.inps.de
+ix.dnsbl.manitu.net
+no-more-funn.moensted.dk
+combined.njabl.org
+dnsbl.njabl.org
+dnsbl.sorbs.net
+bl.spamcannibal.org
+bl.spamcop.net
+sbl.spamhaus.org
+xbl.spamhaus.org
+pbl.spamhaus.org
+dnsbl-1.uceprotect.net
+# dnsbl-2.uceprotect.net
+# dnsbl-3.uceprotect.net
+psbl.surriel.com
+l2.apews.org
+dnsrbl.swinog.ch
+db.wpbl.info
+!`
+
+# reverse IP address
+convertIP()
+{
+ set `IFS=".";echo $1`
+ echo $4.$3.$2.$1
+}
+
+usage()
+{
+ echo "Usage: $0 [-H] <host>] [-p]"
+ echo "    -H  check Host "
+ echo "    -p  print list of DNSBLs"
+ exit 3
+}
+
+# Checks the IP with list of DNSBL servers
+check()
+{
+  count=0;
+  for i in $DNSBLlist
+  do
+    count=$(($count + 1))
+    if nslookup $ip_arpa.$i | grep -q "127.0.0." ;
+    then
+      FOUND_ADRESS=$(($FOUND_ADRESS + 1))
+      echo "DNSBL-Alarm: $ip is listed on $i"
+    fi
+  done
+  if [ $FOUND_ADRESS -ge 1 ]
+  then
+    exit 1
+  fi
+  echo "OK - $ip not on $count DNSBLs"
+  exit 0
+}
+
+case $1 in
+  -H)
+    if [ -z "$2" ]
+    then
+      echo "ip address missing"
+      exit
+    fi
+    ip=$2
+    ip_arpa=`convertIP $ip`
+    check;;
+
+  -p)
+    for i in $DNSBLlist
+    do
+      echo $i
+    done
+    exit $STATE_WARNING
+    exit;;
+
+  --help)
+    usage
+    exit;;
+
+  *)
+    if [ -z "$1" ]
+    then
+      usage
+    fi
+    echo "unknown command: $1"
+    exit;;
+esac
author	Micah Anderson <micah@riseup.net>	2011-04-11 12:30:51 -0400
committer	Micah Anderson <micah@riseup.net>	2011-04-11 12:30:51 -0400
commit	7735baa65f0dc37f94d4854fd62c817de94d64f2 (patch)
tree	1a4e7a70e27897e08e0e0bb754b4b4d1f2889967 /files
parent	2f2eb1cb12a57d8a85801086b6fbfce19e9c7a1b (diff)
parent	f2df62c9d17d481a3d616a4f2de9496638fadc0a (diff)