summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--files/nsca/nsca.cfg193
-rw-r--r--files/nsca/send_nsca.cfg65
-rw-r--r--manifests/nsca.pp3
-rw-r--r--manifests/nsca/client.pp14
-rw-r--r--manifests/nsca/server.pp20
5 files changed, 295 insertions, 0 deletions
diff --git a/files/nsca/nsca.cfg b/files/nsca/nsca.cfg
new file mode 100644
index 0000000..238869f
--- /dev/null
+++ b/files/nsca/nsca.cfg
@@ -0,0 +1,193 @@
+# This file is managed by Puppet.
+#
+####################################################
+# Sample NSCA Daemon Config File
+# Written by: Ethan Galstad (nagios@nagios.org)
+#
+# Last Modified: 04-03-2006
+####################################################
+
+
+# PID FILE
+# The name of the file in which the NSCA daemon should write it's process ID
+# number. The file is only written if the NSCA daemon is started by the root
+# user as a single- or multi-process daemon.
+
+pid_file=/var/run/nsca.pid
+
+
+
+# PORT NUMBER
+# Port number we should wait for connections on.
+# This must be a non-priveledged port (i.e. > 1024).
+
+server_port=5677
+
+
+
+# SERVER ADDRESS
+# Address that NSCA has to bind to in case there are
+# more as one interface and we do not want NSCA to bind
+# (thus listen) on all interfaces.
+
+#server_address=192.168.1.1
+
+
+
+# NSCA USER
+# This determines the effective user that the NSCA daemon should run as.
+# You can either supply a username or a UID.
+#
+# NOTE: This option is ignored if NSCA is running under either inetd or xinetd
+
+nsca_user=nagios
+
+
+
+# NSCA GROUP
+# This determines the effective group that the NSCA daemon should run as.
+# You can either supply a group name or a GID.
+#
+# NOTE: This option is ignored if NSCA is running under either inetd or xinetd
+
+nsca_group=nogroup
+
+
+
+# NSCA CHROOT
+# If specified, determines a directory into which the nsca daemon
+# will perform a chroot(2) operation before dropping its privileges.
+# for the security conscious this can add a layer of protection in
+# the event that the nagios daemon is compromised.
+#
+# NOTE: if you specify this option, the command file will be opened
+# relative to this directory.
+
+#nsca_chroot=/var/run/nagios/rw
+
+
+
+# DEBUGGING OPTION
+# This option determines whether or not debugging
+# messages are logged to the syslog facility.
+# Values: 0 = debugging off, 1 = debugging on
+
+debug=0
+
+
+
+# COMMAND FILE
+# This is the location of the Nagios command file that the daemon
+# should write all service check results that it receives.
+
+command_file=/var/lib/nagios3/rw/nagios.cmd
+
+
+# ALTERNATE DUMP FILE
+# This is used to specify an alternate file the daemon should
+# write service check results to in the event the command file
+# does not exist. It is important to note that the command file
+# is implemented as a named pipe and only exists when Nagios is
+# running. You may want to modify the startup script for Nagios
+# to dump the contents of this file into the command file after
+# it starts Nagios. Or you may simply choose to ignore any
+# check results received while Nagios was not running...
+
+alternate_dump_file=/var/run/nagios/nsca.dump
+
+
+
+# AGGREGATED WRITES OPTION
+# This option determines whether or not the nsca daemon will
+# aggregate writes to the external command file for client
+# connections that contain multiple check results. If you
+# are queueing service check results on remote hosts and
+# sending them to the nsca daemon in bulk, you will probably
+# want to enable bulk writes, as this will be a bit more
+# efficient.
+# Values: 0 = do not aggregate writes, 1 = aggregate writes
+
+aggregate_writes=0
+
+
+
+# APPEND TO FILE OPTION
+# This option determines whether or not the nsca daemon will
+# will open the external command file for writing or appending.
+# This option should almost *always* be set to 0!
+# Values: 0 = open file for writing, 1 = open file for appending
+
+append_to_file=0
+
+
+
+# MAX PACKET AGE OPTION
+# This option is used by the nsca daemon to determine when client
+# data is too old to be valid. Keeping this value as small as
+# possible is recommended, as it helps prevent the possibility of
+# "replay" attacks. This value needs to be at least as long as
+# the time it takes your clients to send their data to the server.
+# Values are in seconds. The max packet age cannot exceed 15
+# minutes (900 seconds). If this variable is set to zero (0), no
+# packets will be rejected based on their age.
+
+max_packet_age=30
+
+
+
+# DECRYPTION PASSWORD
+# This is the password/passphrase that should be used to descrypt the
+# incoming packets. Note that all clients must encrypt the packets
+# they send using the same password!
+# IMPORTANT: You don't want all the users on this system to be able
+# to read the password you specify here, so make sure to set
+# restrictive permissions on this config file!
+
+#password=
+
+
+
+# DECRYPTION METHOD
+# This option determines the method by which the nsca daemon will
+# decrypt the packets it receives from the clients. The decryption
+# method you choose will be a balance between security and performance,
+# as strong encryption methods consume more processor resources.
+# You should evaluate your security needs when choosing a decryption
+# method.
+#
+# Note: The decryption method you specify here must match the
+# encryption method the nsca clients use (as specified in
+# the send_nsca.cfg file)!!
+# Values:
+#
+# 0 = None (Do NOT use this option)
+# 1 = Simple XOR (No security, just obfuscation, but very fast)
+#
+# 2 = DES
+# 3 = 3DES (Triple DES)
+# 4 = CAST-128
+# 5 = CAST-256
+# 6 = xTEA
+# 7 = 3WAY
+# 8 = BLOWFISH
+# 9 = TWOFISH
+# 10 = LOKI97
+# 11 = RC2
+# 12 = ARCFOUR
+#
+# 14 = RIJNDAEL-128
+# 15 = RIJNDAEL-192
+# 16 = RIJNDAEL-256
+#
+# 19 = WAKE
+# 20 = SERPENT
+#
+# 22 = ENIGMA (Unix crypt)
+# 23 = GOST
+# 24 = SAFER64
+# 25 = SAFER128
+# 26 = SAFER+
+#
+
+decryption_method=1
+
diff --git a/files/nsca/send_nsca.cfg b/files/nsca/send_nsca.cfg
new file mode 100644
index 0000000..8127226
--- /dev/null
+++ b/files/nsca/send_nsca.cfg
@@ -0,0 +1,65 @@
+# This file is managed by Puppet.
+#
+####################################################
+# Sample NSCA Client Config File
+# Written by: Ethan Galstad (nagios@nagios.org)
+#
+# Last Modified: 02-21-2002
+####################################################
+
+
+# ENCRYPTION PASSWORD
+# This is the password/passphrase that should be used to encrypt the
+# outgoing packets. Note that the nsca daemon must use the same
+# password when decrypting the packet!
+# IMPORTANT: You don't want all the users on this system to be able
+# to read the password you specify here, so make sure to set
+# restrictive permissions on this config file!
+
+#password=
+
+
+
+# ENCRYPTION METHOD
+# This option determines the method by which the send_nsca client will
+# encrypt the packets it sends to the nsca daemon. The encryption
+# method you choose will be a balance between security and performance,
+# as strong encryption methods consume more processor resources.
+# You should evaluate your security needs when choosing an encryption
+# method.
+#
+# Note: The encryption method you specify here must match the
+# decryption method the nsca daemon uses (as specified in
+# the nsca.cfg file)!!
+# Values:
+# 0 = None (Do NOT use this option)
+# 1 = Simple XOR (No security, just obfuscation, but very fast)
+#
+# 2 = DES
+# 3 = 3DES (Triple DES)
+# 4 = CAST-128
+# 5 = CAST-256
+# 6 = xTEA
+# 7 = 3WAY
+# 8 = BLOWFISH
+# 9 = TWOFISH
+# 10 = LOKI97
+# 11 = RC2
+# 12 = ARCFOUR
+#
+# 14 = RIJNDAEL-128
+# 15 = RIJNDAEL-192
+# 16 = RIJNDAEL-256
+#
+# 19 = WAKE
+# 20 = SERPENT
+#
+# 22 = ENIGMA (Unix crypt)
+# 23 = GOST
+# 24 = SAFER64
+# 25 = SAFER128
+# 26 = SAFER+
+#
+
+encryption_method=1
+
diff --git a/manifests/nsca.pp b/manifests/nsca.pp
new file mode 100644
index 0000000..d5be298
--- /dev/null
+++ b/manifests/nsca.pp
@@ -0,0 +1,3 @@
+class nagios::nsca {
+ include nagios::nsca::server
+}
diff --git a/manifests/nsca/client.pp b/manifests/nsca/client.pp
new file mode 100644
index 0000000..b4ca878
--- /dev/null
+++ b/manifests/nsca/client.pp
@@ -0,0 +1,14 @@
+class nagios::nsca::client {
+
+ package { 'nsca': ensure => installed }
+
+ file { '/etc/send_nsca.cfg':
+ source => [ "puppet://${server}/site-nagios/nsca/{$fqdn}/send_nsca.cfg",
+ "puppet://${server}/site-nagios/nsca/send_nsca.cfg",
+ "puppet://${server}/nagios/nsca/send_nsca.cfg" ],
+ owner => 'nagios',
+ group => 'nogroup',
+ mode => '400',
+ }
+
+}
diff --git a/manifests/nsca/server.pp b/manifests/nsca/server.pp
new file mode 100644
index 0000000..e69c5b3
--- /dev/null
+++ b/manifests/nsca/server.pp
@@ -0,0 +1,20 @@
+class nagios::nsca::server {
+
+ package { 'nsca': ensure => installed }
+
+ service { 'nsca':
+ ensure => running,
+ hasstatus => false,
+ hasrestart => true,
+ }
+
+ file { '/etc/nsca.cfg':
+ source => [ "puppet://${server}/site-nagios/nsca/{$fqdn}/nsca.cfg",
+ "puppet://${server}/site-nagios/nsca/nsca.cfg",
+ "puppet://${server}/nagios/nsca/nsca.cfg" ],
+ owner => 'nagios',
+ group => 'nogroup',
+ mode => '400',
+ }
+
+}