nagios-plugins
This repository contains my small collection of modified and custom written nagios check plugins and scripts for Nagios.
Most of these are very custom solutions or modified versions of standard plugins so distributing them through NagiosExchange is not really appropriate. I am publishing them separately so that others may benefit from these as well. Use them freely and please let me know is you encounter any issues or require changes.
The latest versions, documentation and bugtracker available on my GitLab instance
Copyright (c) 2015 - 2016 Frederik Lindenaar. free for distribution under the GNU General Public License, see below
contents
This repository contains the following scripts:
- check_memory patched version of nagios-plugins check_memory script for Linux procps v3.3+
- check_multiple_host_addresses monitor multi-home and dual-stack (i.e. ipv4 and ipv6) servers.
- check_otp plugin to monitor PrivacyIDEA (and LinOTP) OTP validation
- check_temperature plugin to monitor the temperature of a 1-wire sensor on a RaspberryPi
- nagiosstatus CGI-BIN script to report the status of nagios (to monitor nagios itself)
plugins/check_memory
Nagios check script to monitor the memory on Linux systems. Due to changes in the output of procps v3.3 (the changelog refers to it as modernizing it), it's output changed and breaks the the check_memory script as shipped with many linux distributions. This version supports both the old and the new format so that is indifferent of which version of procps (to date) is used. No other changes were made to the script.
plugins/check_multiple_host_addresses
This script is a first attempt to monitor multi-home and dual-stack (i.e. ipv4 and ipv6) servers. In my setup a server should only considered availble if it is available on all of its primary addresses (i.e. both ipv4 and ipv6). It uses the excellent check_multi script to perform multiple a ping check to see if a host is available and reports the consolidated status. Using check_multi has the advantage that pnp4nagios and other scripting graphing solutions will support this solution as well.
Installation is straightforward, after installing the script on your server, add
the following to your commands.cmd configuration file to make it available:
# 'check-host-alive' command definition for multi-homed/dual-stack servers
define command{
command_name check-addresses-alive
command_line [install_path]/plugins/check_multiplehost_addresses '$HOSTADDRESS$' '$_HOSTADDRESS6$'
}The example above assumes that the IPv6 address of the host is provided as part of the host configuration, i.e.:
define host {
...
address 192.168.0.1
_address6 fdf8:f340:ab9d:c213::1
...
}To use the script either add check_command check-addresses-alive
to the specific hosts that should use the check or to the generic host used as
template.
plugins/check_otp
Plugin (check) to monitor OTP validation, currently implemented for PrivacyIDEA (and LinOTP). The check can validate a provided password/secret or calculate an HOTP or TOTP value and use that to validate (with or without a password). Other methods and interfaces can be plugged in easily (please raise a request or provide a patch).
Please run check_otp -h for an actual overview of the available options. The
script currently supports 3 modes of operation:
- password - simply authenticate with the provided secret (no calculations)
- totp - calculate the TOTP code using a key and current time
- hotp - calculate the HOTP code using a key and a count (automatically increments the count in case a count file is used)
Generic parameters (connection parameters, critical/warning thresholds, etc.) should be provided before the mode of operation is specified, mode-specific parameters should follow the mode selected. Keys, passwords and HOTP counts can be read from a file as well. Checks can be performed based on token serial or a login and a password (only mandatory for password authentication).
HOTP/TOTP modes require a Base16/32/64 encoded key provided on the command-line
or in a file. The generated HOTP/TOTP value is appended to the password/secret
(if provided), the order can be changed with the -m command line parameter.
Installation for is straightforward, after installing the script on the server
add the following to your Nagios commands.cmd configuration file:
# 'check_totp_serial' command definition to test TOTP based on token serial (no password)
# parameters: token serial (ARG1), key (ARG2), additional parameters in ARG3
define command {
command_name check_totp_serial
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token totp -s $ARG1$ -k $ARG2$ $ARG3$
}
# 'check_totp_serial' command definition to test TOTP based on token serial and password
# parameters: token serial (ARG1), key (ARG2), password (ARG3), additional parameters in ARG4
define command {
command_name check_totp_serial_pwd
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token totp -s $ARG1$ -k $ARG2$ -p $ARG3$ $ARG4$
}
# 'check_totp_login' command definition to test TOTP based on login and password
# parameters: login (ARG1), key (ARG2), password (ARG3), additional parameters in ARG4
define command {
command_name check_totp_login
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token totp -l $ARG1$ -k $ARG2$ -p $ARG3$ $ARG4$
}
# 'check_totp_serial_dir' command definition to test TOTP based on token serial
# parameters: directory (ARG1), token serial (ARG2) additional parameters in ARG3
define command {
command_name check_totp_serial_dir
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token totp -s $ARG2$ -K $ARG1$/$ARG2$.key $ARG3$
}
# 'check_totp_serial_dir_pwd' command definition to test TOTP based on token serial and password
# parameters: directory (ARG1), token serial (ARG2), additional parameters in ARG3
define command {
command_name check_totp_serial_dir_pwd
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token totp -s $ARG2$ -K $ARG1$/$ARG2$.key -P $ARG1$/$ARG2$.pwd $ARG3$
}
# 'check_totp_login_dir' command definition to test TOTP based on login
# parameters: directory (ARG1), login (ARG2), additional parameters in ARG3
define command {
command_name check_totp_login_dir
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token totp -l $ARG2$ -K $ARG1$/$ARG2$.key $ARG3$
}
# 'check_totp_login_dir_pwd' command definition to test TOTP based on login and password
# parameters: directory (ARG1), login (ARG2) additional parameters in ARG3
define command {
command_name check_totp_login_dir_pwd
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token totp -l $ARG2$ -K $ARG1$/$ARG2$.key -P $ARG1$/$ARG2$.pwd $ARG3$
}
# 'check_hotp_serial_dir' command definition to test HOTP based on token serial
# parameters: directory (ARG1), token serial (ARG2), additional parameters in ARG3
define command {
command_name check_hotp_serial_dir
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token hotp -s $ARG2$ -K $ARG1$/$ARG2$.key -C $ARG1$/$ARG2$.count $ARG3$
}
# 'check_hotp_serial_dir_pwd' command definition to test HOTP based on token serial and password
# parameters: directory (ARG1), token serial (ARG2), additional parameters in ARG3
define command {
command_name check_hotp_serial_dir_pwd
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token hotp -s $ARG2$ -K $ARG1$/$ARG2$.key -C $ARG1$/$ARG2$.count -P $ARG1$/$ARG2$.pwd $ARG3$
}
# 'check_hotp_login_dir' command definition to test HOTP based on login
# parameters: directory (ARG1), login (ARG2), additional parameters in ARG3
define command {
command_name check_hotp_login_dir
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token hotp -l $ARG2$ -K $ARG1$/$ARG2$.key -C $ARG1$/$ARG2$.count $ARG3$
}
# 'check_hotp_login_dir_pwd' command definition to test HOTP based on login and password
# parameters: directory (ARG1), login (ARG2), additional parameters in ARG3
define command {
command_name check_hotp_login_dir_pwd
command_line [install_path]/plugins/check_otp -H $HOSTNAME$ -w 3 -c 8 -P /token hotp -l $ARG2$ -K $ARG1$/$ARG2$.key -C $ARG1$/$ARG2$.count -P $ARG1$/$ARG2$.pwd $ARG3$
}
Please check / adjust the following:
- replace
[install_path]/pluginswith the location of the script - assumption is that the
$HOSTNAME$can be used for an SSL connection (and that the certificate is valid for this host, use the -u parameter and an URL if this is not the case) - path on the server is assumed to be /token (API endpoints will be added)
- check the thresholds for Warning (3s) and Critical (8s), adjust if needed
The dir and dir_pwd commands allow to store all sensitive data for tokens in
a folder and hence only require a folder name and token serial or login. This
expects the folder specified to contain the following files:
- [serial/login].key - HOTP/TOTP key in Base16/32/64 format on first line
- [serial/login].pwd - password (only first line is used)
- [serial/login].count - numeric HOTP count on first line, autoincremented
Please note that required files must exist or the check will fail with an error.
To use the it define a service check like below:
# check that TOTP authentication is working for token serial and provided key
define service {
host hostname.mydomain.tld
service_description Check TOTP Authentication
check_command check_totp_serial!TOTP0001234X!82f37371367b7e8aafb320b2d9b2721f66bbf161
use generic-service
}
# check that TOTP authentication is working for token serial and info from folder
define service {
host hostname.mydomain.tld
service_description Check TOTP Authentication
check_command check_totp_serial_dir!/etc/nagios3/tokeninfo!TOTP0001234X
use generic-service
}
# check that HOTP authentication is working for token serial and info from folder
define service {
host hostname.mydomain.tld
service_description Check TOTP Authentication
check_command check_hotp_serial_dir!/etc/nagios3/tokeninfo!HOTP0004321Y
use generic-service
}plugins/check_temperature
Plugin (check) to monitor monitor the temperature using a sensor connected to a RaspberryPi. This implementation is specifically for the DS18B20 1-wire temperature sensor. Other methods and interfaces can be plugged in easily (just raise a request or provide a patch). For information on how to connect sensor to the RaspberryPi and to get it working please see this Adafruit tutorial.
To enable the 1-wire interface support on the RaspberryPi one can use the command:
sudo raspi-config nonint do_onewire 0or use raspi-config in interactive mode (9. Advanced Options --> A9. 1-Wire).
Please note that changing this requires a reboot.
Installation for is straightforward, after installing the script on the server
add the following to your Nagios commands.cmd configuration file:
# 'check_temperature' command definition to monitor a single temperature in C
# parameters: warning (ARG1) and critical (ARG2) temperature in Celcius
define command {
command_name check_temperature
command_line [install_path]/plugins/check_temperature -w $ARG1$ -c $ARG2$
}
# 'check_ftemperature' command definition to monitor a single temperature in F
# parameters: warning (ARG1) and critical (ARG2) temperature in Farenheit
define command {
command_name check_ftemperature
command_line [install_path]/plugins/check_temperature -F -w $ARG1$ -c $ARG2$
}
# 'check_temperature_sensor' command definition to monitor a single temperature in C
# parameters: sensor serial (ARG1), warning (ARG2) and critical (ARG3) temperature in Celcius
define command {
command_name check_temperature_sensor
command_line [install_path]/plugins/check_temperature -s $ARG1$ -w $ARG2$ -c $ARG3$
}
# 'check_ftemperature_sensor' command definition to monitor a single temperature in F
# parameters: sensor serial (ARG1), warning (ARG2) and critical (ARG3) temperature in Farenheit
define command {
command_name check_ftemperature_sensor
command_line [install_path]/plugins/check_temperature -F -s $ARG1$ -w $ARG2$ -c $ARG3$
}
Make sure to replace [install_path]/plugins with the location of the script.
To use the it define a service check like below:
# check temperature in Celcius using a DS18B20 sensor connected to a RaspberryPi
define service {
host hostname.mydomain.tld
service_description Check Temperature
check_command check_temperature!30!35
use generic-service
}
# check temperature with DS18B20 sensor 0000a31ea3de connected to a RaspberryPi
define service {
host hostname.mydomain.tld
service_description Check Temperature
check_command check_temperature_sensor!0000a31ea3de!30!35
use generic-service
}Please run check_temperature -h after installation for an overview of the
available command line options (e.g. to enable logging to a file).
cgi-bin/nagiosstatus.sh
Very simplistic CGI-BIN script that checkes whether nagios is still running and still updating its status. It wil always return an HTTP Status 200 (OK) and a simple text page with one of the following texts:
-
STOPPED- in case the nagios process is not running -
STALLED- in case the nagios status file has not been updated for 5 minutes -
OK- when Nagios is running and updated its status file < 5 minutes ago
I wrote this script to be used with an external monitoring system, I use it with the free subscription from Pingdom to get alerts when my Nagios monitoring system is no longer reachable.
License
These scripts, documentation & configration examples are free software: you can redistribute and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This script, documenatation and configuration examples are distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, download it from http://www.gnu.org/licenses/.