I don't understand the check_by_ssh plugin

David Ford david at blue-labs.org
Fri Dec 5 20:22:08 CET 2008
Previous message: I don't understand the check_by_ssh plugin
Next message: I don't understand the check_by_ssh plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is branching off topic, but using ssh with keys is hardly a
security hole.  Please don't be throwing a bucket of red herrings into
the crowd.  You can configure sub processing for ssh in a similar
function.  AFAIK, the encryption and use of keys is far more hefty of a
standards bar than using snmp.

This use of snmp may be a handy alternative, but using SSH is not
inherently flawed.

-david

Gary Every wrote:
> I, for one, am against any use of check_by_ssh as it requires
> authorized keys, hence opening a security hole. All scripts can be
> executed thru snmp. Install it on your servers and use the exec
> directive to remotely execute the script. The output will return the
> last line and the exit code from the call, so the check_snmp plugin
> can work.
> NOTE: Unless snmp was already installed on your nagios server prior to
> installing nagios, you'll need to re-run the ./configure, make and
> make install commands for the plugins, so check_snmp will be compiled in.
>
> A simple line in your snmpd.conf file like the one below can be
> executed from the nagios server:
>
> <snip>
> exec checkrootpartition /usr/local/nagios/libexec/check_disk -w 1000
> -c 500 -p / -u MB
> </snip>
>
> Subsequent exec directives can be added as well.
>
> Of course, you'll need to copy the libexec directory over to the
> remote server (although it's not necessary, you can write your own
> scripts if you'd like)
>
> All parameters will need to be on the line in the snmpd.conf file.
> Then write a little script on the nagios server to check it. Here's
> the contents of that script. It DOES require the community name be the
> same on both servers. In snmpd.conf, edit this line:
>
> com2sec readonly  default         <community>
>
> and replace <community> with your made-up string
>
> <script snippet>
> #!/bin/bash
> usage() {
>  echo "USAGE:  test_snmp <server> <snmp #>"
>  exit
> }
> if [ "$1" == "" ]
>  then
>    usage
> fi
> if [ "$2" == "" ]
>  then
>    usage
> fi
>
> /usr/local/nagios/libexec/check_snmp -t 7 -H $1 -C <community-string>
> -o
> enterprises.ucdavis.extTable.extEntry.extResult.$2,enterprises.ucdavis.extTable.extEntry.extOutput.$2
> -w 0 -c 1
>
> </script snippet>
>
> Edit it so that it fits your environment, such as the path to
> check_snmp and the community string.
>
> Now, name it test_snmp and run the script:
> ./test_snmp <servername> 1
> where 1 is the ordinal "exec" directive. exec directives in snmpd.conf
> are numbered as they appear in the file, so the first exec directive
> is accessed as "1", the second as "2" etc.
>
>
>
> On Fri, Dec 5, 2008 at 10:55 AM, David Dyer-Bennet <dd-b at dd-b.net
> <mailto:dd-b at dd-b.net>> wrote:
>
>     I'm running Nagios 2.10 (the Centos 5.2 packaged version).
>
>     I want to do some small local checks on each of a bunch of real and
>     virtual servers, and I really don't want to have to set up Nagios
>     (even a
>     minimal install) on each of them just to check uptime, load
>     average, and
>     disk space.  (Mostly I'm testing externally visible services on them.)
>
>     The documentation on this plugin doesn't seem to tell me anything
>     about
>     what it does with the part of the command output it processes (I
>     see that
>     the -S and -E commands let me prune what command output it looks at).
>
>     When I run it from the command line simply, I just get the output
>     of the
>     remote command (as if the plugin was just passing it through).  I
>     see that
>     I could cause it to produce errors based on how long it takes, but
>     nothing
>     about how to actually use the output.
>
>     Then I see some tantalizing hints about "passive" mode, where it
>     writes a
>     file that seems to show it doing some parsing and making decisions
>     based
>     on the data (in the example).  But I can't get the example to
>     produce a
>     non-empty file from the command line.
>
>     So I'm pretty sure I'm missing something about how to use this
>     plugin in
>     the first place, or what it's supposed to let me do, or some such.
>
>     Or, if the answer to what I'm trying to do is some other approach
>     entirely, I'd settle for enlightenment about that!
>
>     Help?
>


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: I don't understand the check_by_ssh plugin
Next message: I don't understand the check_by_ssh plugin
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list