diff options
-rw-r--r-- | files/nsca/nsca.cfg | 193 | ||||
-rw-r--r-- | files/nsca/send_nsca.cfg | 65 | ||||
-rw-r--r-- | manifests/nsca.pp | 3 | ||||
-rw-r--r-- | manifests/nsca/client.pp | 14 | ||||
-rw-r--r-- | manifests/nsca/server.pp | 20 |
5 files changed, 295 insertions, 0 deletions
diff --git a/files/nsca/nsca.cfg b/files/nsca/nsca.cfg new file mode 100644 index 0000000..238869f --- /dev/null +++ b/files/nsca/nsca.cfg @@ -0,0 +1,193 @@ +# This file is managed by Puppet. +# +#################################################### +# Sample NSCA Daemon Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 04-03-2006 +#################################################### + + +# PID FILE +# The name of the file in which the NSCA daemon should write it's process ID +# number. The file is only written if the NSCA daemon is started by the root +# user as a single- or multi-process daemon. + +pid_file=/var/run/nsca.pid + + + +# PORT NUMBER +# Port number we should wait for connections on. +# This must be a non-priveledged port (i.e. > 1024). + +server_port=5677 + + + +# SERVER ADDRESS +# Address that NSCA has to bind to in case there are +# more as one interface and we do not want NSCA to bind +# (thus listen) on all interfaces. + +#server_address=192.168.1.1 + + + +# NSCA USER +# This determines the effective user that the NSCA daemon should run as. +# You can either supply a username or a UID. +# +# NOTE: This option is ignored if NSCA is running under either inetd or xinetd + +nsca_user=nagios + + + +# NSCA GROUP +# This determines the effective group that the NSCA daemon should run as. +# You can either supply a group name or a GID. +# +# NOTE: This option is ignored if NSCA is running under either inetd or xinetd + +nsca_group=nogroup + + + +# NSCA CHROOT +# If specified, determines a directory into which the nsca daemon +# will perform a chroot(2) operation before dropping its privileges. +# for the security conscious this can add a layer of protection in +# the event that the nagios daemon is compromised. +# +# NOTE: if you specify this option, the command file will be opened +# relative to this directory. + +#nsca_chroot=/var/run/nagios/rw + + + +# DEBUGGING OPTION +# This option determines whether or not debugging +# messages are logged to the syslog facility. +# Values: 0 = debugging off, 1 = debugging on + +debug=0 + + + +# COMMAND FILE +# This is the location of the Nagios command file that the daemon +# should write all service check results that it receives. + +command_file=/var/lib/nagios3/rw/nagios.cmd + + +# ALTERNATE DUMP FILE +# This is used to specify an alternate file the daemon should +# write service check results to in the event the command file +# does not exist. It is important to note that the command file +# is implemented as a named pipe and only exists when Nagios is +# running. You may want to modify the startup script for Nagios +# to dump the contents of this file into the command file after +# it starts Nagios. Or you may simply choose to ignore any +# check results received while Nagios was not running... + +alternate_dump_file=/var/run/nagios/nsca.dump + + + +# AGGREGATED WRITES OPTION +# This option determines whether or not the nsca daemon will +# aggregate writes to the external command file for client +# connections that contain multiple check results. If you +# are queueing service check results on remote hosts and +# sending them to the nsca daemon in bulk, you will probably +# want to enable bulk writes, as this will be a bit more +# efficient. +# Values: 0 = do not aggregate writes, 1 = aggregate writes + +aggregate_writes=0 + + + +# APPEND TO FILE OPTION +# This option determines whether or not the nsca daemon will +# will open the external command file for writing or appending. +# This option should almost *always* be set to 0! +# Values: 0 = open file for writing, 1 = open file for appending + +append_to_file=0 + + + +# MAX PACKET AGE OPTION +# This option is used by the nsca daemon to determine when client +# data is too old to be valid. Keeping this value as small as +# possible is recommended, as it helps prevent the possibility of +# "replay" attacks. This value needs to be at least as long as +# the time it takes your clients to send their data to the server. +# Values are in seconds. The max packet age cannot exceed 15 +# minutes (900 seconds). If this variable is set to zero (0), no +# packets will be rejected based on their age. + +max_packet_age=30 + + + +# DECRYPTION PASSWORD +# This is the password/passphrase that should be used to descrypt the +# incoming packets. Note that all clients must encrypt the packets +# they send using the same password! +# IMPORTANT: You don't want all the users on this system to be able +# to read the password you specify here, so make sure to set +# restrictive permissions on this config file! + +#password= + + + +# DECRYPTION METHOD +# This option determines the method by which the nsca daemon will +# decrypt the packets it receives from the clients. The decryption +# method you choose will be a balance between security and performance, +# as strong encryption methods consume more processor resources. +# You should evaluate your security needs when choosing a decryption +# method. +# +# Note: The decryption method you specify here must match the +# encryption method the nsca clients use (as specified in +# the send_nsca.cfg file)!! +# Values: +# +# 0 = None (Do NOT use this option) +# 1 = Simple XOR (No security, just obfuscation, but very fast) +# +# 2 = DES +# 3 = 3DES (Triple DES) +# 4 = CAST-128 +# 5 = CAST-256 +# 6 = xTEA +# 7 = 3WAY +# 8 = BLOWFISH +# 9 = TWOFISH +# 10 = LOKI97 +# 11 = RC2 +# 12 = ARCFOUR +# +# 14 = RIJNDAEL-128 +# 15 = RIJNDAEL-192 +# 16 = RIJNDAEL-256 +# +# 19 = WAKE +# 20 = SERPENT +# +# 22 = ENIGMA (Unix crypt) +# 23 = GOST +# 24 = SAFER64 +# 25 = SAFER128 +# 26 = SAFER+ +# + +decryption_method=1 + diff --git a/files/nsca/send_nsca.cfg b/files/nsca/send_nsca.cfg new file mode 100644 index 0000000..8127226 --- /dev/null +++ b/files/nsca/send_nsca.cfg @@ -0,0 +1,65 @@ +# This file is managed by Puppet. +# +#################################################### +# Sample NSCA Client Config File +# Written by: Ethan Galstad (nagios@nagios.org) +# +# Last Modified: 02-21-2002 +#################################################### + + +# ENCRYPTION PASSWORD +# This is the password/passphrase that should be used to encrypt the +# outgoing packets. Note that the nsca daemon must use the same +# password when decrypting the packet! +# IMPORTANT: You don't want all the users on this system to be able +# to read the password you specify here, so make sure to set +# restrictive permissions on this config file! + +#password= + + + +# ENCRYPTION METHOD +# This option determines the method by which the send_nsca client will +# encrypt the packets it sends to the nsca daemon. The encryption +# method you choose will be a balance between security and performance, +# as strong encryption methods consume more processor resources. +# You should evaluate your security needs when choosing an encryption +# method. +# +# Note: The encryption method you specify here must match the +# decryption method the nsca daemon uses (as specified in +# the nsca.cfg file)!! +# Values: +# 0 = None (Do NOT use this option) +# 1 = Simple XOR (No security, just obfuscation, but very fast) +# +# 2 = DES +# 3 = 3DES (Triple DES) +# 4 = CAST-128 +# 5 = CAST-256 +# 6 = xTEA +# 7 = 3WAY +# 8 = BLOWFISH +# 9 = TWOFISH +# 10 = LOKI97 +# 11 = RC2 +# 12 = ARCFOUR +# +# 14 = RIJNDAEL-128 +# 15 = RIJNDAEL-192 +# 16 = RIJNDAEL-256 +# +# 19 = WAKE +# 20 = SERPENT +# +# 22 = ENIGMA (Unix crypt) +# 23 = GOST +# 24 = SAFER64 +# 25 = SAFER128 +# 26 = SAFER+ +# + +encryption_method=1 + diff --git a/manifests/nsca.pp b/manifests/nsca.pp new file mode 100644 index 0000000..d5be298 --- /dev/null +++ b/manifests/nsca.pp @@ -0,0 +1,3 @@ +class nagios::nsca { + include nagios::nsca::server +} diff --git a/manifests/nsca/client.pp b/manifests/nsca/client.pp new file mode 100644 index 0000000..b4ca878 --- /dev/null +++ b/manifests/nsca/client.pp @@ -0,0 +1,14 @@ +class nagios::nsca::client { + + package { 'nsca': ensure => installed } + + file { '/etc/send_nsca.cfg': + source => [ "puppet://${server}/site-nagios/nsca/{$fqdn}/send_nsca.cfg", + "puppet://${server}/site-nagios/nsca/send_nsca.cfg", + "puppet://${server}/nagios/nsca/send_nsca.cfg" ], + owner => 'nagios', + group => 'nogroup', + mode => '400', + } + +} diff --git a/manifests/nsca/server.pp b/manifests/nsca/server.pp new file mode 100644 index 0000000..e69c5b3 --- /dev/null +++ b/manifests/nsca/server.pp @@ -0,0 +1,20 @@ +class nagios::nsca::server { + + package { 'nsca': ensure => installed } + + service { 'nsca': + ensure => running, + hasstatus => false, + hasrestart => true, + } + + file { '/etc/nsca.cfg': + source => [ "puppet://${server}/site-nagios/nsca/{$fqdn}/nsca.cfg", + "puppet://${server}/site-nagios/nsca/nsca.cfg", + "puppet://${server}/nagios/nsca/nsca.cfg" ], + owner => 'nagios', + group => 'nogroup', + mode => '400', + } + +} |