Nagios is a great way to monitor your computers. It is easy to install from source and has great documentation.
NRPE is a secure, efficient plugin that will allow you to monitor things on remote computers. It is secure because you limit who NRPE listens to in the xinetd config file and via hosts.allow (tcp-wrappers) and the firewall.
The Nagios server issues a command to nrpe on the remote machine, that command is looked up in the nrpe.cfg file and then and only then will it run the command with specific hardcoded parameters for the remote machine. For example:
The Nagios server says to little.pc.edu "check_home"
In nrpe.cfg on little.pc.edu, there is a line:
command[check_home]=/usr/local/nagios/libexec/check_disk -w 10% -c 5% -p /home0This means that a specific program check_disk will be run with specific parameters to check the /home partition. You get a WARNING email when /home gets to 10% free space and a CRITICAL email when it gets to 5%.
It is also easy to make your own homemade plugins. You can collect any information from your Linux PC and store it in /var/log and then write a program (C, Perl, Python, etc) to parse this log file and execute one print statement which is sent back to the Nagios server.
I was particularly interested in reporting excessive Samba login failures. In smb.conf, set debug level to 2:
debuglevel = 2
log file = /var/log/samba/user.log
# log size in KB
max log size = 19999
The cron job is:
#!/bin/bash # # look for large number of failed username attempts # # grep FAILED /var/log/samba/user.log | \ grep _STATUS_WRONG_PASSWORD > /var/log/samba/failed.tmp # # eof Then use a simple C program to report back to the server: #include <stdio.h> #include < string.h> #include <stdlib.h> #include <ctype.h> #define MAXLINELEN (int)400 int main( int argc, char *argv[]) { char instr[MAXLINELEN], *pos1, *pos2, outstr[2000]; int i = 0, retcode=0, warnLevel, critLevel; FILE *fp; if (argc < 3) { puts("usage: check_samba_log filename warnLevel CritLevel"); exit( 3); } warnLevel=atoi( argv[2]); critLevel=atoi( argv[3]); fp = fopen( argv[1],"r"); if (fp == NULL) { printf( "%s %s\n", argv[1], "file not found"); exit( 1); } fgets( instr, 400, fp); do { if( strlen( instr) & gt; 0) { pos1 = strstr( instr, "["); pos2 = strstr( instr, "]"); } if( pos1 == NULL || pos2 == NULL) { i = i - 1; } else { *pos2 = '\0'; strcat( outstr, " "); strcat( outstr, pos1+1); fgets( instr, 400, fp); } i++; } while (feof(fp)== 0); printf( "OK %s %d\n", outstr, i); fclose( fp); if ( i > warnLevel) { retcode=1; } if ( i > critLevel) { retcode=2; } exit( retcode); } // main // eof
Sleep well at night knowing that no one will be making a brute force attack on your Samba server without you knowing it.
This tip comes from Rich in Virginia, USA
Instant fame is easy at Linux Journal. Just send us your useful Tech Tips to share with the Linux Community, and we'll send you a cool t-shirt for your efforts! Send it to: jgray@linuxjournal.com.