If your not familiar with Prowl, then check it out. It allows your growl notifications to be sent to your iPhone via push. I use this in several different ways on my home computer to notifications when I’m out at about. You can also access the prowl service directly with its API, so no need to even have it go to growl first. I like using Prowl (in addition to Growl) with nagios. This allows me to get my notifications anywhere as long as I have my iphone. Just like with the growl notifications, the prowl notifications are just as easy to setup. It is very well documented here at the Reluctant Hacker.
-
I posted to 10500bc.org
Nagios – Notify via Prowl
http://www.10500bc.org/archive/2010/01/07/nagios-notify-via-prowl/
- Tags:
- software
January 7 2010, 9:58pm | Comments »
-
I posted to 10500bc.org
Nagios – Notify via Growl
http://www.10500bc.org/archive/2010/01/06/nagios-notify-via-growl/
There are several different ways to get notified by nagios when there is a problem. The most common way is via email. This is usally just fine, except when the service that goes down is the mailserver. There are ways to mitigate this of course. One simple was is to get your notifications via growl. I really like this, it lets me know almost instantly when some is going on and I don’t have to worry about keeping my eyes on my email program while I’m busy on something else. The way I implemented it was from a great script and good write up on the Nagios-users mailing list, you can see it all right here: Notify via Growl
- Tags:
- software
January 6 2010, 9:50pm | Comments »
-
I posted to 10500bc.org
Checking the snort process from nagios
http://www.10500bc.org/archive/2010/01/05/checking-the-snort-process-from-nagios/
I’m checking the snort basically like i’m checking most processes, if you’ve been following allong then you’ll already have a check_procs setup. So I simply edit my localhost.cfg and add: define service{ use generic-service host_name localhost service_description Snort check_command check_snort_procs!1:1!snort } Edit the commands.cfg and add: define command{ command_name check_snort_procs command_line $USER1$/check_procs -c $ARG1$ -C $ARG2$ } reload nagios and thats it.
January 5 2010, 1:40am | Comments »
-
I posted to 10500bc.org
My BASE (for Snort) Install Notes for OSX
http://www.10500bc.org/archive/2010/01/04/my-base-for-snort-install-notes-for-osx/
To get base up and going with snort already installed I did the following. 1. Downlaod ADOdb (database abstraction library for PHP) : http://sourceforge.net/projects/adodb/files/ The version I got was adodb510.tgz 2. Unzip and untar the file tar -xvzf adodb510.tgz 3. Move the folder I did: cp -R adodb5/ /Library/WebServer/Documents/adodb5/ 4. Download base: http://sourceforge.net/projects/secureideas/ The version I got was: base-1.4.4.tar.gz 5. Unzip and tar the file tar -xvzf base-1.4.4.tar.gz 6. You should now have a folder: base-1.4.4/ cd base-1.4.4/ 7. Copy the base folder to your webserver folder cp base-1.4.4/ /Library/WebServer/Documents/base/ change the owner on the folder sudo chown -R _www:_www /Library/WebServer/Documents/base/ *NOTE* With this version there was a known problem with the file: base_state_citems.inc.php on some setups, mine included. So I had to download the fixed version from CVS You can also download it from the website, follow the link from here: http://secureideas.cvs.sourceforge.net/viewvc/secureideas/base-php4/includes/base_state_citems.inc.php?view=log it goes in your /base/templates/ 8. Now install the needed pear extensions for graphs to work in base On my system it was as follows: First I had to update pear to the rest of the packages would work: sudo /usr/local/php5/bin/pear install PEAR-1.9.0 Then the following packages: sudo /usr/local/php5/bin/pear install Image_Color sudo /usr/local/php5/bin/pear install Image_Canvas-0.3.2 sudo /usr/local/php5/bin/pear install Image_Graph-0.7.2 9. Open up base in your browser: http://localhost/base/setup/index.php You should get the page up with the settings, if you have any errors you need to fix them first with their suggestions. Once you answer all the setup questions you should have a working base install.
January 4 2010, 1:22am | Comments »
-
I posted to 10500bc.org
My Snort on OSX Install Notes
http://www.10500bc.org/archive/2010/01/03/my-snort-on-osx-install-notes/
1 Download Snort2 Download pcre 3 Untar pcre 4 Cd to pcre 5 ./configure make make install (NOTE: Install prefix ……………… : /usr/local) 6 Untar Snort 7 CD to snort 8 ./configure -enable-dynamicplugin –with-mysql –with-mysql-includes=/opt/local/include/mysql5/ –with-mysql-libraries=/opt/local/lib/mysql5/mysql/ 9 make 10 sudo make install /usr/bin/install -c -m 644 ‘./snort.8′ ‘/usr/local/man/man8/snort.8′ test -z “/usr/local/lib/pkgconfig” || /bin/sh ./mkinstalldirs “/usr/local/lib/pkgconfig” /usr/bin/install -c -m 644 ’snort.pc’ ‘/usr/local/lib/pkgconfig/snort.pc’ 11. Get the rules from the snort site and untar them I used snorttemp as the folder 12. Make a folder for the rules mkdir /opt/local/etc/snort/ mkdir /opt/local/etc/snort/rules/ 13. Copy the rules over cd ~/snorttemp/rules/ cp * /opt/local/etc/snort/rules/ I also copied over the etc folder cd ~/snorttemp/etc/ cp * /opt/local/etc/snort/ 14. Edit the Snort configuration vi /opt/local/etc/snort/snort.cfg change “var HOME_NET any” to “var HOME_NET 192.168.0.0/24″ or whatever your home network is change “var EXTERNAL_NET any” to “var EXTERNAL_NET !$HOME_NET” This is everything except your home network change “var RULE_PATH ../rules” to “var RULE_PATH /opt/local/etc/snort/rules” goto the line that starts with “# output database: log, mysql, user=” and remove the # from the begining of the line enter your user password and db name 15. mysql setup log in to mysql as root mysql -u root -p create a snort database mysql> create database snort; create a user and password to match your mysql setup in the snort config: mysql> CREATE USER ’snort’@'localhost’ IDENTIFIED BY ’somepassword’; give that user access to the database mysql> GRANT ALL PRIVILEGES ON snort.* TO ’snort’@'localhost’; mysql> exit Import the snort schema into the database. mysql -D snort -u root -p < /schemas/create_mysql 16. Start it up snort -c /opt/local/etc/snort/snort.conf If it works it should look something like: –== Initialization Complete ==– ,,_ -> Snort! <- o” )~ Version 2.8.5.1 (Build 114) ”” By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team You can use ctrl+c to stop it.
January 3 2010, 7:32pm | Comments »
-
I posted to 10500bc.org
Debian Boot Thumb drive from OSX
http://www.10500bc.org/archive/2009/12/30/debian-boot-thumb-drive-from-osx/
Last week I had a need to create a debian boot disk. The computer I needed to use it on doesn’t have a CD and I didn’t feel like purchasing a USB CD reader just for the purpose of loading debian, and I didn’t feel like waiting until I could go to down or have it shipped. So I had to make a boot disk. I’ve done it in Linux several times before but never from OSX. So the commands aren’t exactly the same, here are my notes taken from a couple places on the web, which should serve as a reminder for the next time I have do to it. First I downloaded the debian image I wanted to use from there site. Next I stuck the thumb drive in the box. from the termial (I use iTerm)
diskutil list
mine was listed as /dev/disk1
diskutil unmountDisk /dev/disk1
bzcat debian.img | dd of=/dev/disk1
diskutil eject /dev/disk1
It was a simple as that. To test i stuck it in my handy netbook and reboot and I was at the lovely command prompt. Then of course other things happened that required my attention so I haven’t gotten back to that project of getting the box installed yet.
December 30 2009, 10:23pm | Comments »
-
I posted to 10500bc.org
Checking the Splunk Process from Nagios
http://www.10500bc.org/archive/2009/12/27/checking-the-splunk-process-from-nagios/
Now its time to have Nagios check to make sure that splunk is running. For version 3 of Splunk there was a app / plugin you could get for Splunk that would work with Nagios. It appears to be gone. But I did find a snippet that some one posted here. Several things have changed so that script doesn’t work 100% out by cut and paste, but it was an excellent jumping off point and it took very few modifications to get going. Due to the fact that there is a copy right on this script, then I can’t put it here with out permission. But I will note that you can do the same thing almost by using the default nagios check_procs command. So copy that script as check_splunk and stick it in your libexec folder. If your playing along with my setup thats: /opt/local/libexec/nagios Once you have it downloaded you can ./check_splunk ports or procs I didn’t worry about checking or trying to edit the search portion as for what I’m doing I don’t really need it right now, but I will revisit it if the need arises. Now you have the script, its time todo the normal nagios setup stuff. 1. Add it to your commands vi /opt/local/etc/nagios/objects/commands.cfg define command { command_name check_splunk command_line $USER1$/check_splunk $ARG1$ } 2. Add it to your localhost vi /opt/local/etc/nagios/objects/localhost.cfg define service{ use generic-service host_name localhost service_description Splunk Port check_command check_splunk!ports } define service{ use generic-service host_name localhost service_description Splunk Procs check_command check_splunk!procs } Now restart nagios and you should be good to go
December 27 2009, 11:01pm | Comments »
-
I posted to 10500bc.org
Adding Cacti Logs to Splunk
http://www.10500bc.org/archive/2009/12/23/adding-cacti-logs-to-splunk/
This basically the same process as adding the nagios logs, but I’ll put it up anyway. 1. Click Manager in the upper right-hand corner of Splunk Web. 2. Under System configurations, click Data Inputs. 3. Click Files and directories. 4. Click New to add an input I choose Monitor a file or directory 6. Specify the path to the file: With my setup it is: /Library/WebServer/Documents/cacti/log/cacti.log 7. Under Host Heading I choose constant value 8. Under Source Type I choose Automatic 9. Click Save Thats it now your cacti logs show up in splunk.
December 23 2009, 9:09pm | Comments »
-
I posted to 10500bc.org
Checking the OSSEC Processes from Nagios
http://www.10500bc.org/archive/2009/12/22/checking-the-ossec-processes-from-nagios/
There are several OSSEC processes that are running at once. So I’ll add some simple process checking to nagios to make sure I know they are running. One note is that if you haven’t enabled the ossec-csyslogd to run (I did that to talk to splunk) then you won’t need that one. So here we go, its easy. 1. Add it to your commands (Note I’m adding a new command for this instead of using the command already there so I can pass some different information, plus I like to keep all my modifications separate to make things easier to reproduce on other boxes) vi /opt/local/etc/nagios/objects/commands.cfg
‘check_ossec_procs’ command definition
define command{ command_name check_ossec_procs command_line $USER1$/check_procs -c $ARG1$ -C ARG2$ } 2. Add it to your localhost vi /opt/local/etc/nagios/objects/localhost.cfg define service{ use generic-service host_name localhost service_description OSSEC csyslogd check_command check_ossec_procs!1:1!ossec-csyslogd } define service{ use generic-service host_name localhost service_description OSSEC maild check_command check_ossec_procs!1:1!ossec-maild } define service{ use generic-service host_name localhost service_description OSSEC execd check_command check_ossec_procs!1:1!ossec-execd } define service{ use generic-service host_name localhost service_description OSSEC analysisd check_command check_ossec_procs!1:1!ossec-analysisd } define service{ use generic-service host_name localhost service_description OSSEC logcollector check_command check_ossec_procs!1:1!ossec-logcollector } define service{ use generic-service host_name localhost service_description OSSEC monitord check_command check_ossec_procs!1:1!ossec-monitord } Now just reload nagios and you should be able to tell if you ossec process is there or not.
December 22 2009, 11:45pm | Comments »
-
I posted to 10500bc.org
Adding OSSEC Alerts to Splunk
http://www.10500bc.org/archive/2009/12/21/adding-ossec-alerts-to-splunk/
Next up I want to add my OSSEC Alerts to Splunk. This is slightly more complicated then adding the nagios logs, but well document. The main part of this comes from the OSSEC Wiki Here. And the rest from the forums. But I’ll put it all here for my reference. 1. Edit your ossec.conf (If you’ve installed it like I have its located at: /var/ossec/etc/ossec.conf) add the following block: <syslog_output> <server>172.10.2.3</server> <port>10002</port> </syslog_output> 2. Enable syslog_output module and restart OSSEC:
/var/ossec/bin/ossec-control enable client-syslog
/var/ossec/bin/ossec-control restart
On restart you’ll see ossec-csyslogd starting up. On the Splunk Side 1. Goto Manager 2. Goto Data Inputs 3. On UDP click Add New 4. On my setup the UPD Port is 10002 5. Set sourcetype is Manual 6. Source type is ossec 7. Save Now since things have changed in Splunk 4 the rest of the wiki entry doesn’t help. But there is more information on this Forum Thread. So download that file and extract it to your splunk directory as stated. Restart splunk and bingo your OSSEC alerts plus lots of nice menu options to access that data.
December 21 2009, 10:15pm | Comments »
-
I posted to 10500bc.org
Adding Nagios Logs to Splunk
http://www.10500bc.org/archive/2009/12/20/adding-nagios-logs-to-splunk/
Now that we have all these systems working correctly under OSX its time to start making them work together a little. First up I want to add the nagios logs to splunk. This is very easy, you can get this off the splunk site here. But I’ll recap exactly what I did for my setup here. 1. Click Manager in the upper right-hand corner of Splunk Web. 2. Under System configurations, click Data Inputs. 3. Click Files and directories. 4. Click New to add an input I choose Monitor a file or directory 6. Specify the path to the file: With my setup it is: /opt/local/var/nagios/nagios.log 7. Under Host Heading I choose constant value 8. Under Source Type I choose Automatic 9. Click Submit Thats it now your nagios logs show up in splunk. Pretty easy stuff.
December 20 2009, 8:50pm | Comments »
-
I posted to delicious.com
Ryan`s Software
http://www.ryansapplesoftware.com/
September 16 2009, 5:59pm | Comments »
-
I posted to 10500bc.org
Customer Weather Notifications with Growl
http://www.10500bc.org/archive/2009/09/11/customer-weather-notifications-with-growl/
Last night I download Prowl on my iPhone and setup my growl to work with it. It’s very cool stuff together, i’ve been using growl forever. Anyway tonight I was reading in this thread in the prowl forum where one poster is using growl notifications for weather. Not just any weather but really local weather. Now if you live in or around a big town, most weather apps are pretty accurate for you area. But when you live out in the sticks like I do, they are only close most of the time. Anyway tonight I set up this excellent pair of perl scripts as outlined here from IBM: Develop your own weahter maps and alerts. Which is a very cool script that will allow you pinpoint your location. I used Photoshop to create the base map from the layers. Once followed all the instructions, some things are not exactly clear at first, but if your familiar with perl reading the code sorts it all out. I setup the notify scripts to send the messages to growl via the growlnotify command. Now once that was all setup I created a simply bash script that would delete the old Radar overlay, pull the current Radar overlay needed and run the perl weather scripts. I then stuck that script in my crontab. So if I’m at my computer I get notified and if i’m away from my computer i get a push notification to my phone. Very cool stuff. Of course I could just look outside to see if it is raining
September 12 2009, 12:25am | Comments »
-
I posted to delicious.com
OBD GPS Logger for Linux and OSX
http://icculus.org/obdgpslogger/
September 6 2009, 1:43am | Comments »
-
I posted to 10500bc.org
Splunk on OSX
http://www.10500bc.org/archive/2009/08/30/splunk-on-osx/
Another tool that I like use is Splunk. Now we use a different set of tools for log monitoring and management at work, but I enjoy using splunk at home. The good thing about Splunk on OSX is that they provide you with a .dmg to download and .pkg to install. Takes longer to download than to install. Once the install is done just start it up and log in.
August 31 2009, 12:54am | Comments »
-
I posted to 10500bc.org
OSSEC on OSX
http://www.10500bc.org/archive/2009/08/30/ossec-on-osx/
Next up for reinstall is OSSEC. OSSEC is an Open Source Host-basted Intrusion Detection System. I also had this installed before the i reinstalled OSX. To install OSSEC just follow the default instructions and everything works out just fine. Note, you’ll have to start this manual after each reboot, I’m sure there is a way to add it to autostart, but I haven’t gotten there yet. To install the OSSEC-WUI follow the instructions up to the point before running the setup.sh script, it will not work on OSX (client anyway, not sure about server). All you need to do to get it working is first change the permission on the whole folder and files to _www. Then you need to add the _www user to the ossec group. That is done with the following command: sudo dscl . -append /Groups/ossec GroupMembership _www Thats it now its up and running and you have a nice interface for it.
August 30 2009, 11:53pm | Comments »
-
I posted to 10500bc.org
Cacti on OSX
http://www.10500bc.org/archive/2009/08/30/cacti-on-osx/
To continue on with monitoring my home network environment with the some of the tools I use to monitor my work environment I’m reinstalling Cacti. Now before the reload of my mac I had cacti running and graphs for at least 3 years. Now while I don’t mind losing that historical data i do mind loosing all the custom scripts that I had written to monitor so of the now SNMP devices on my network, I will probably pull that drive out and copy the data over soon. Note to self include all these config files in my future backup plan. My first run at installing Cacti was via Macports, which I’ve never tried before. What I discovered is that, the version on macports wouldn’t install with the plugins support. So I did the way I normally do an installed from source. No special notes for osx here, it just works. Same goes for adding the plugin support, worked out of the box, following there install instructions. So all I can recommend is following the install instructions and install from ports and you’ll be in business. The only thing that I think doesn’t work is the Localhost memory usage. But I’ll be digging into that soon and getting it sorted out with the mac version.
August 30 2009, 10:36pm | Comments »
-
I posted to 10500bc.org
VIM and Nagios
http://www.10500bc.org/archive/2009/08/30/vim-and-nagios/
I edit just about all my nagios files at the command line. I have found a nagios.vim file that highlights the syntax and really helps when working with the files. First you can get it here: nagios syntax Next simply follow the install details listed. I made the following changes to fit my nagios installation on osx via macports: on the line that starts au BufNew, i changed the line to: au BufNewFile,BufRead /opt/local/etc/nagios/objects/*.cfg set filetype=nagios Another note, just in case you haven’t already done so you can auto enable the syntax for vim buy putting the following line in your .vimrc :syntax enable
August 30 2009, 10:20pm | Comments »
-
I posted to 10500bc.org
Liliac Platform for Nagios on OSX
http://www.10500bc.org/archive/2009/08/27/liliac-platform-for-nagios-on-osx/
Tonight I’m attempting to install the liliac platform for nagios on OSX. Here are my notes. Upon downloading extraction and placing the fold in my Webroot, thats /Library/WebServer/Documents/ on OSX. I then load up the install.php file. This will tell you what is missing and what changes need to be made, pretty straight forward so far. First one on my list is Configuration File Writable and points me to: /Library/WebServer/Documents/lilac/includes/lilac-conf.php This is fixed by running the following: $ sudo chown -R www:www /Library/WebServer/Documents/lilac/includes/ Next one is MySQL Client Executable. Since I know that macports used the mysql5 sym link to mysql and I know that my /opt/ folders aren’t exposed to php, the quick fix i did was to create a new symlink to mysql in /usr/bin (Not sure if this is the best way, but it works) $ sudo ln /opt/local/lib/mysql5/bin/mysql /usr/bin/mysql Next one is NMAP Executable Same as the following here, just need to make a link to where my nmap is. $ sudo ln /usr/local/bin/nmap /usr/bin/nmap Next one for me was PHP Command Line Interface (CLI) Available Now on this one i did have php command line working, but i was getting an error message about one of my .so files not being able to be loaded. I took me a while but I finally figured out that I needed to fix it in the private php.ini not in the php.ini that the webserver was using. Removed the bad entry and everything was good. The next and final challenge that I had was PCNTL support. Now this one was a challenge. After some digging around I discovered that the default PHP complied on a mac was not built with this loaded. I ended up have to recomille php with support for this which was a whole challenge to itself, getting the correct source packages and header files and pointing them to the right place. Which could be a whole post to itself. Anyway I finally got that sorted out. Now that all that is done, the next screen is the MySQL Database Setup. Enter your information and it creates the database for you. Next page was the completion and some suggestions. Now its time to Configure things. On the Nagios Daemon Configuration, then the Paths, I entered my nagios information here. On my version it uses /opt/local/etc/nagios and /opt/local/var/nagios/ for the base of things. On Debug I changed to my paths. And for the time being I didn’t alter any other settings. Back to the Home screen then to Nagios Resources. for $USER1$ i changed the path to /opt/local/libexec/nagios Back to the Home screen then to Web Interface Configuration. Changed the Physical HTML path to: /opt/local/share/nagios Once that was done everything was ready to import. Thats under the Tools menu. Now everything is working! While this is really over kill on my tiny home network, I could see how this could be helpful in my work environment.
August 27 2009, 10:53pm | Comments »
-
I posted to 10500bc.org
More Nagios Plugins on OSX
http://www.10500bc.org/archive/2009/08/22/more-nagios-plugins-on-osx/
More about my nagios tweaking on OSX. Adding check_dig (checks the DNS Server) First there is no command defintion for this already setup. You’ll need to edit: /opt/local/etc/nagios/objects/commands.cfg and add the following:
‘check_dig’ command definition
define command{ command_name check_dig command_line $USER1$/check_dig $ARG1$ } in your router,localhost, or where ever this services is add: define service{ use generic-service host_name linksys-wrt54g service_description DNS check_command check_dig!-H $HOSTADDRESS$ -l http://www.google.com -A “+tcp” } Next up is check_dhcp Nothing much here expect on my OSX it doesn’t get a mac so you’ll have to include that in your command: for example mine looks like: check_dhcp!–mac=00:14:51:62:57:b3 -s $HOSTADDRESS$ (note I made that mac up, not sure exactly if thats a good idea or bad idea) Next up is check_disk while check_local_disk is already setup to monitor your disk, I wanted to added my 2 Firewire drives, myservices definition looks like this for the first one. define service{ use local-service host_name localhost service_description FireWire1 check_command check_local_disk!10%!5%!/Volumes/Firewire1 } Next up check_ftp Nothing special here, works out of the box. Next up check_http Works out of the box next up check_ifoperstatus and check_ifstatus works out of the box next up check_ide_smart Was not compiled and installed from Macports on my system. After doing some research the files need to compile this are linux only and after some searching there is no osx version of it. next up check_mysql This was not compiled and installed from Macports on my system for some reason, I think i didn’t have mysql installed at the time. Not sure if it would have worked then. Any way what I ended up having todo was downloading the source file of nagios-plugins. And running the configure like so: ./configure –with-mysql=/opt/local/lib/mysql5 then make then I was able to copy the check_mysql and check_mysql_query to /opt/local/libexec/nagios And they worked fine. check_nagios Works out of the box, here is an example of the file locations on my mac: ./check_nagios -e 5 -F /opt/local/var/nagios/status.dat -C /opt/local/bin/nagios Thats about it for all the stuff that I have and the standard plugins.
August 22 2009, 11:00pm | Comments »
1 2
