Unix Linux Administration II

Unix Linux Administration II Class 10: Introduction to Nagios. Scripting notes.

Agenda • discuss Homework. • MX record setup • Postfix install • SPAM configs • Review last class • Unit 1: Introduction to Nagios • Unit 2: Scripting notes.

Homework review • Adding your MX Resource Record (RR). • Postfix configuration • Open port 25 • Create cert • Configure TLS • Services set to autostart

Review: switch between postfix and sendmail using /usr/sbin/alternatives --config mta Config files under /etc/postfix • primary config file main.cf postfix leverages the same alisese file as sendmail /etc/aliases smarthost, central host for managing mail delivery. postfix like sendmail only listens on the loopback address by default. postfix like sendmail supports TLS for encrypting mail transport.

Review: class restrictions ube, unsolicited bulk email uce, unsolicited commercial email or SPAM smtpd helo restrictions: force connections to identify themselves. smtpd sender restrictions, reject mail from non-FQDN hosts, reject mail without an A or MX record, reject non standard mail smtpd recipient restrictions, disable bulk deliveries, reject mail without a fqdn for recipient,

Review: black/white/grey listing White list: user allowed Black list: account rejected Real time blacklist or DNS black lists • bl.spamcop.net Grey listing: delay mail. • Postgrey: a policy server used to greylist for the MTA. Postgrey reviews the request and temporarily rejects mail not seen before.

Class 10, Unit 1 What we are going to cover: • Nagios What you should leave this session with: • Basic install. • How to add resources to monitor.

Nagios history Born from Netstaint Nagios is a open source network monitoring solution. Published by FSF under the GNU General Public License. Currently maintained by Ethan Galstad, Nagios is an acronym for “Nagios Ain’t Gonna Insist On Sainthood.

Nagios monitoring There are two types of monitoring • System monitoring: checking for local stats such as cpu, memory, disk space etc. • Network monitoring: using a central machine to check the status of remote services like web servers, mail servers, applications etc.

Nagios components Nagios daemon - responsible for managing the web interface and running the various checks. Nagios plug-ins - collection of scripts for checking various services. So to run Nagios you just need the daemon running and a Nagios plugin defined.

Primary config <nagroot>/etc/nagios.cfg This file is read by nagios every time it is started up. Lots of options defined within this file including resources (variables), configuration locations, object definitions, etc. Verify the nagios configuration using: <nagroot>/bin/nagios –v <nagroot>/etc/nagios.cfg

Nagios cgi.cfg The web interface for Nagios is based on CGI scripts. The configuration file for these can be found under <nagroot>/etc/nagios/cgi.cfg

Objects Objects define what Nagios will check. Objects are defined for hosts, services, contacts, etc. A host object provides a mapping between a IP address and a name. A service defines a given process on a host that Nagios will monitor. Object files are stored under <nagroot>/etc/nagios/objects localhost.cfg is a good example to review when defining new objects.

Templates All templates are defined in the templates.cfg file. There are templates definitions for contact, host, and service objects. Templates and objects look very similar. The primary difference is that templates have a register value of 0, meaning this can only be used as a Template and not an active object. Templates can be chained together based on inheritance.

Contacts and notifications When things change on your network that Nagios monitors you will be informed based on the notifications defined for that object. Check the contact.cfg for contact groups Contact options include email, SMS messages, pagers and anything else you care to configure Timeperiods.cfg defines just what you might expect.

Advanced Nagios features There are local services that can be installed to monitor host system more closely Nagios can accept updates from external sources such as SNMP traps. Nagios can be configured to understand relationships between hosts and services. Nagios can be integrated with Splunk. Commercial support is available for Nagios.

Installing Nagios You can install Nagios using Yum if you enable 3rd party repositories But to allow for more control over the builds we will compile Nagios locally from source. That said using 3rd party repositories pre-packaged build for Nagios can be a reasonable option in many cases.

Sample host definition. # Define a host for the local machine define host{ use linux-server ; Name of host template to use ; This host definition will inherit all variables that are defined ; in (or inherited by) the linux-server host template definition. host_name localhost alias localhost address 127.0.0.1 }

Sample host check Review the localhost.cfg for sample configs This is a sample ping test define service{ use local-service ; Name of service template host_name localhost service_description PING check_command check_ping! 100.0,20%!500.0,60% }

Update, test config and reload Once you have a new config in place update your nagios.cfg file to reflect the new object if necessary. New files under cfg_dir=/usr/local/nagios/etc/conf.d do not need an explict defintion. Test your new configuration /usr/local/nagios/bin/nagios –v nagios.cfg Restart nagios /sbin/service nagios restart Check the web admin for the new object.

Review: Started out as Netsaint Provides system and network monitoring Components include Nagios daemon and plug-ins Primary configuration <nagroot>/etc/nagios.cfg <nagroot>/bin/nagios –v <nagroot>/etc/nagios.cfg Web configuration located <nagroot>/etc/nagios/cgi.cfg Objects define what Nagios will check. Templates similar to objects but not used for active checks. Local Nagios agents can provide more detailed monitoring Nagios be configured to understand system relationships. Commercial support is available for Nagios.

In class lab 10a • Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->

Class 10, Unit 2 What we are going to cover: • Scripting notes. What you should leave this session with: • A few additional scripting functions and features.

Command prompt PS1 How your prompt is displayed is defined by the environment variable PS1. you can see the current setting using echo: echo $PS1 [\u@\h \W]\$ You can of course change this environment variable temporarily using export $PS1="[\u@\h \@ ]" This will add time to your prompt. if you want to keep this add it to your .profile or .bashrc

Parameter substitution Remember that we can rename files using ${var}.old for example. But we can also use failsafe options such as if a variable is not already defined, define it. ${parameter:-value} In this example if the value of "parameter" is null then it will be replaced with the value provided. This may be found in your apachectl scripts as: httpd=${HTTPD:-/usr/sbin/httpd}

Pattern matching Constructs The POSIX shell provides four parameter substitution constructs that perform pattern matching. The construct takes two arguments, a variable name and a pattern. If the pattern is a match then the shell substitutes the value of the variable on the command line.

Pattern :${variable%pattern} ${variable%pattern} - looks to find a match at the end of the variable, if found the contents of the variable are substituted on the command line for the shortest matching pattern. var=testcase echo $var testcase echo ${var%e} testcas

Pattern :${variable%%pattern} ${variable%%pattern} - just like before but it will match the LONGEST pattern assuming the * is used in the pattern otherwise it is just like the single percent version. var=testcase echo $var testcase echo ${var%s*e} testca

Pattern :${variable#pattern} ${variable#pattern} - substitute the value of the variable on the command line with the pattern removed from the left. var=testcase echo $var testcase echo ${var#?e} stcase

Pattern :${variable##pattern} ${variable##pattern} - just like the single hash version but it substitutes the LONGEST pattern on the left. var=testcase echo $var testcase echo ${var##*s} e

IFS Internal Field Separator IFS - The shell uses this value when parsing input from the read command, output from command substitution and when performing variable substation. This is the list of characters that act as word separators typically set to space, tab and newline.

Functions. functions - standard format is name () { command; } We have seen examples in some scripts this quarter for our "usage" statements. Anytime you find yourself writing the same logic twice you should probably consider using a function.

Functions cont. once a function is defined you can execute it just like any other command. functions only exist in the shell they were defined within, they cannot be exported to sub-shells. However, you could put common functions into your .profile if desired. you can remove a function from a shell using unset -f {function name}

Review Your shell prompt is controlled by PS1, you can use many shortcuts to customize this value. \u \W \h \@ and more. Parameter substitution allows you to temporarily change a value. Or set a default value as we saw with: httpd=${HTTPD:-/usr/sbin/httpd} IFS defines the internal field separators which are usually tab, whitespace and newline.

Review Functions allow you to write code once and reuse it multiple times. The standard format is: name () { command; } We have seen usage statement examples quarter.

Homework No homework or final. We have a short break due to the late start this year. You are encouraged to review your servers during the break, check your logs etc. We will be working with Perl, Linux and Solaris next quarter. Text book details will be sent out later this week.

Unix Linux Administration II