5. Servidor nagios
Note
Servicio de monitorización
1dnf install nagios
2dnf install nagios-plugins-dns
3
4dnf install perl-Unicode-UTF8
5dnf install perl-utf8-all
6dnf install nagios-plugins-disk_smb
7
8pip3 install nagios-sql
9dnf install nagios-plugins-mysql
Directorio de trabajo /etc/nagios
Crea nuevos directorios para nuestros componentes
1mkdir commands 2mkdir hosts
Añadir los directorios a la configuración en el fichero nagios.conf
1cfg_dir=/etc/nagios/commands 2cfg_dir=/etc/nagios/hosts
Monitorización del servidor core en el fichero hosts/core.cfg
1define host { 2 use linux-server 3 host_name core 4 alias core 5 address core 6} 7define service { 8 use local-service 9 host_name core 10 service_description WIREGUARD 11 check_command check_core_wireguard 12} 13define service { 14 use local-service 15 host_name core 16 service_description NAGIOS 17 check_command check_core_nagios 18} 19define service { 20 use local-service 21 host_name core 22 service_description DOCUS 23 check_command check_core_docus 24}
Monitorización del servidor database en el fichero hosts/database.cfg
1define host { 2 use linux-server 3 host_name database 4 alias database 5 address database 6} 7define service { 8 use local-service 9 host_name database 10 service_description MYSQL 11 check_command check_mysql_custom 12} 13define service { 14 use local-service 15 host_name database 16 service_description SQLSERVER 17 check_command check_sqlserver_custom 18} 19define service { 20 use local-service 21 host_name database 22 service_description ORACLE 23 check_command check_oracle_custom 24}
Monitorización del servidor docker en el fichero hosts/docker.cfg
1define host { 2 use linux-server 3 host_name docker 4 alias docker 5 address docker 6} 7define service { 8 use local-service 9 host_name docker 10 service_description SSH 11 check_command check_ssh 12} 13define service { 14 use local-service 15 host_name docker 16 service_description PORTAINER 17 check_command check_port_docker_portainer 18} 19define service { 20 use local-service 21 host_name docker 22 service_description EMBY 23 check_command check_port_docker_emby 24} 25define service { 26 use local-service 27 host_name docker 28 service_description NEXTCLOUD 29 check_command check_port_docker_nextcloud 30}
Monitorización del servidor multiserv en el fichero hosts/multiserv.cfg
1define host { 2 use linux-server 3 host_name multiserv 4 alias multiserv 5 address samba 6} 7define service { 8 use local-service 9 host_name multiserv 10 service_description SAMBA 11 check_command check_samba_custom 12} 13define service { 14 use local-service 15 host_name multiserv 16 service_description DNS 17 check_command check_dns_custom 18} 19define service { 20 use local-service 21 host_name multiserv 22 service_description GIT 23 check_command check_git_custom 24}
Definición de los comandos para el servidor core en el fichero commands/core_commands.cfg
1define command { 2 command_name check_core_wireguard 3 command_line $USER1$/check_core_wireguard 4} 5define command { 6 command_name check_core_nagios 7 command_line $USER1$/check_core_nagios 8} 9define command { 10 command_name check_core_docus 11 command_line $USER1$/check_core_docus 12}
Definición de los comandos para el servidor database en el fichero commands/database_commands.cfg
1define command { 2 command_name check_mysql_custom 3 command_line $USER1$/check_mysql -H database -d nagios -u nagiosadmin -p nagiosadmin 4} 5define command { 6 command_name check_sqlserver_custom 7 command_line $USER1$/check_mssql -H database -t sql_ping -U nagiosAdmin -P nagi0sAdmin 8} 9define command { 10 command_name check_oracle_custom 11 command_line $USER1$/check_oracle 12}
Definición de los comandos para el servidor docker en el fichero commands/docker_commands.cfg
1define command { 2 command_name check_port_docker_emby 3 command_line $USER1$/check_port -h docker -p 8096 4} 5define command { 6 command_name check_port_docker_portainer 7 command_line $USER1$/check_port -h docker -p 9000 8} 9define command { 10 command_name check_port_docker_nextcloud 11 command_line $USER1$/check_port -h docker -p 9002 12}
Definición de los comandos para el servidor multiserv en el fichero commands/multiserv_commands.cfg
1define command { 2 command_name check_dns_custom 3 command_line $USER1$/check_dns -H www.google.es -s dns 4} 5define command { 6 command_name check_samba_custom 7 command_line $USER1$/check_disk_smb -H samba -s exs01 -u diego -p blanca#11 8} 9define command { 10 command_name check_git_custom 11 command_line $USER1$/check_ssh -H git -p 22 12}
Configuración de los comandos customizados
Directorio de trabajo /usr/lib64/nagios/plugins
En centos se puede convertir un fichero de shell script en un fichero ejecutable con la utilidad shc [shell compile]
- Para checkear el estado de wireguard
shc -f check_core_wireguard.sh -o check_core_wireguard1#!/bin/bash 2python3 /usr/lib64/nagios/plugins/Crear el fichero check_core_wireguard.py1#!/usr/bin/python3 2import os,sys 3 4num = os.popen('ip a | grep -E -c wg0:').read() 5 6if int(num) == 1: 7 print('Interfaz de red activa') 8 sys.exit(0) 9else: 10 print('Interfaz de red NO ESTA activa') 11 sys.exit(2)
- Para checkear el estado de la aplicación de nagios
shc -f check_core_nagios.sh -o check_core_nagios1#!/bin/bash 2python3 /usr/lib64/nagios/plugins/check_core_nagios.py1#!/usr/bin/python3 2import requests, sys 3def execute(): 4 try: 5 response = requests.get('http://core/nagios/') 6 print(response) 7 code = response.status_code 8 if code == 200: 9 sys.exit(0) 10 elif code == 401: 11 sys.exit(0) 12 sys.exit(1) 13 except Exception as ex: 14 sys.exit(1) 15execute()
- Para checkear el estado de la sección de documentación
shc -f check_core_docus.sh -o check_core_docus1#!/bin/bash 2python3 /usr/lib64/nagios/plugins/check_core_nagios.py1#!/usr/bin/python3 2import requests, sys 3def execute(): 4 try: 5 response = requests.get('http://core/docus/') 6 code = response.status_code 7 print(response) 8 if code == 200: 9 sys.exit(0) 10 elif code == 401: 11 sys.exit(0) 12 sys.exit(1) 13 except Exception as ex: 14 sys.exit(1) 15execute()
- Para checkear el estado de oracle
shc -f check_oracle.sh -o check_oracle1#!/bin/bash 2java -jar /usr/lib64/nagios/plugins/check_oracle.jar database 1521 FREE C##nagiosadmin nagiosadminCrear un proyecto de maven para el fichero Main.java y compilarlo con Java 20 para crear el fichero check_oracle.jar
1import java.sql.*; 2import java.io.*; 3import java.util.*; 4 5class Main { 6 static int debug = 0; // 'normal'=>0,'verbose'=>1 when -d parameter is given 7 static String db_name = ""; // varchar(128) 8 static String release = ""; // varchar(128) 9 static String s_level = ""; // varchar(128) 10 static String b_level = ""; // varchar(128) 11 static String prdname = ""; // varchar(128) 12 static String version = ""; 13 static String cfgfile = ""; // the returned tablespace value of space used in percent 14 static String[] cfgdata = new String[1000]; 15 static String output = ""; // the plugin output string 16 static String perfdata = ""; // the plugin perfdata output, returning the KB values 17 static String dbUrl = ""; // the access URL for the database to query 18 static String query = ""; // the SQL query to execute 19 20 public static void main(String args[]) { 21 if (args.length < 5) { 22 System.err.println("Error: Missing Arguments."); 23 System.err.println("Usage: java check_dbversion_oracle <db-ip> <db-port> <db-instance> <db-user> <db-pwd> [-d]"); 24 System.err.println("Usage: java check_dbversion_oracle <db-ip> <db-port> <db-instance> <db-user> <db-pwd> -f configfile"); 25 System.exit(-1); 26 } 27 // Check if we got -d for debug 28 if (args.length == 6 && args[5].equals("-d")) { 29 debug = 1; 30 } 31 32 // Check if we got a config file to compare against 33 if (args.length == 7 && args[5].equals("-f")) { 34 cfgfile = args[6]; 35 try { 36 // Open the configuration file 37 FileInputStream fstream = new FileInputStream(cfgfile); 38 // Convert our input stream to a DataInputStream 39 BufferedReader in = new BufferedReader(new InputStreamReader(fstream)); 40 41 // Continue to read lines while there are still some left to read 42 int counter = 0; 43 while (in.ready()) { 44 String line = in.readLine(); 45 line = line.trim(); 46 // load config data while ignoring comment lines starting with # 47 if (!line.startsWith("#")) { 48 cfgdata[counter] = line; 49 counter++; 50 } 51 } 52 in.close(); 53 fstream.close(); 54 } catch (Exception e) { 55 System.err.println("File input error"); 56 } 57 } 58 59 dbUrl = "jdbc:oracle:thin:" + args[3] + "/" + args[4] + "@" + args[0] + ":" + args[1] + ":" + args[2]; 60 61 62 if (debug == 1) { 63 System.out.println("DB connect: " + dbUrl); 64 } 65 66 try { 67 // use the JDBC driver 68 Class.forName("oracle.jdbc.driver.OracleDriver"); 69 } catch (ClassNotFoundException e) { 70 System.err.println("Error: JDBC Driver Problem."); 71 System.err.println(e); 72 System.exit(3); 73 } 74 try { 75 // open connection to database "jdbc:oracle:thin:@destinationhost:port:dbname", "dbuser", "dbpassword" 76 Connection connection = DriverManager.getConnection(dbUrl); 77 78 // build query 79 query = "SELECT PRODUCT, VERSION FROM PRODUCT_COMPONENT_VERSION WHERE PRODUCT like '%Database%'"; 80 if (debug == 1) { 81 System.out.println("DB query: " + query); 82 } 83 84 // execute query 85 Statement statement = connection.createStatement(); 86 ResultSet rs = statement.executeQuery(query); 87 88 // get database information into performance data field 89 DatabaseMetaData dbmd = connection.getMetaData(); 90 prdname = dbmd.getDatabaseProductName(); 91 92 while (rs.next()) { 93 // get values from column "2" 94 { 95 db_name = rs.getString(1); 96 } 97 { 98 release = rs.getString(2); 99 } 100 } 101 if (debug == 1) { 102 System.out.format("Server Name: %20s|Product: %10s|Version: %10s\n", 103 db_name, release); 104 } 105 106 rs.close(); 107 statement.close(); 108 connection.close(); 109 110 } catch (java.sql.SQLException e) { 111 System.err.println(e); 112 System.exit(3); // return UNKNOWN 113 } 114 115 version = prdname + " v" + release; 116 perfdata = db_name + " v" + release; 117 118 // If we have no config file, we are in reporting mode 119 if (cfgfile.equals("")) { 120 System.out.println("Version OK: " + version + "|" + perfdata); 121 System.exit(0); // return OK 122 } else { 123 // ------------------------------------------------------------------------------- 124 // We are in 'compliance' mode, we check the DB Version against the config file 125 // ------------------------------------------------------------------------------- 126 int counter = 0; 127 String required = ""; 128 String dbgroup = ""; 129 String dbversion = ""; 130 String remarks = ""; 131 while (cfgdata[counter] != null) { 132 StringTokenizer st = new StringTokenizer(cfgdata[counter], "|"); 133 if (st.hasMoreTokens()) { 134 required = st.nextToken(); 135 } 136 if (st.hasMoreTokens()) { 137 dbgroup = st.nextToken(); 138 } 139 if (st.hasMoreTokens()) { 140 dbversion = st.nextToken(); 141 } 142 if (st.hasMoreTokens()) { 143 remarks = st.nextToken(); 144 } 145 146 if (dbgroup.equals("oracle") && dbversion.equals(version) && required.equals("approved")) { 147 if (!remarks.equals("")) { 148 perfdata = remarks; 149 } 150 System.out.println("Version OK: " + version + "|" + perfdata); 151 System.exit(0); // return OK 152 } 153 154 if (dbgroup.equals("oracle") && dbversion.equals(version) && required.equals("obsolete")) { 155 if (!remarks.equals("")) { 156 perfdata = remarks; 157 } 158 System.out.println("Version WARN: " + version + " obsolete" + "|" + perfdata); 159 System.exit(1); // return WARN 160 } 161 162 if (dbgroup.equals("oracle") && dbversion.equals(version) && required.equals("med-vuln")) { 163 if (!remarks.equals("")) { 164 perfdata = remarks; 165 } 166 System.out.println("Version WARN: " + version + " vulnerable (low-medium)" + "|" + perfdata); 167 System.exit(1); // return WARN 168 } 169 170 if (dbgroup.equals("oracle") && dbversion.equals(version) && required.equals("crit-vuln")) { 171 if (!remarks.equals("")) { 172 perfdata = remarks; 173 } 174 System.out.println("Version CRITICAL: " + version + " vulnerable (high risk)" + "|" + perfdata); 175 System.exit(2); // return CRITICAL 176 } 177 counter++; 178 } 179 // the OS version is not listed, we don't know exactly if its good or bad. 180 System.out.println("Version UNKNOWN: " + version + " unverified" + "|" + perfdata); 181 System.exit(3); // return UNKNOWN; 182 } 183 } 184}