Archive for November, 2009


SLES 10 compatible nrpe init.d script

Filed Under: Sysadmin by Simon — 2 Comments
November 12, 2009
No Gravatar

Looking for an nrpe init.d script for SLES10? It’s based on the standard SLES 10 init.d build script :)

Text version of the file available here. nrpe

#!/bin/sh
#
#     Template SUSE system startup script for example service/daemon NRPE
#     Copyright (C) 1995–2005  Kurt Garloff, SUSE / Novell Inc.
#
#     This library is free software; you can redistribute it and/or modify it
#     under the terms of the GNU Lesser General Public License as published by
#     the Free Software Foundation; either version 2.1 of the License, or (at
#     your option) any later version.
#
#     This library is distributed in the hope that it will be useful, but
#     WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#     Lesser General Public License for more details.
#
#     You should have received a copy of the GNU Lesser General Public
#     License along with this library; if not, write to the Free Software
#     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
#     USA.
#
# /etc/init.d/NRPE
#   and its symbolic link
# /(usr/)sbin/rcNRPE
#
# Template system startup script for some example service/daemon NRPE
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux/SUSE/Novell based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
# See skeleton.compat for a template that works with other distros as well.
#
### BEGIN INIT INFO
# Provides:          NRPE
# Required-Start:    $syslog $remote_fs
# Should-Start:      $time ypbind smtp
# Required-Stop:     $syslog $remote_fs
# Should-Stop:       ypbind smtp
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: NRPE XYZ daemon providing ZYX
# Description:       Start NRPE to allow XY and provide YZ
#    continued on second line by ‘#<TAB>’
#    should contain enough info for the runlevel editor
#    to give admin some idea what this service does and
#    what it’s needed for …
#    (The Short-Description should already be a good hint.)
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
#
# Notes on Required-Start/Should-Start:
# * There are two different issues that are solved by Required-Start
#    and Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
#     which services absolutely need to be started to make the start of
#     this service make sense. Example: nfsserver should have
#     Required-Start: $portmap
#     Also, required services are started before the dependent ones.
#     The runlevel editor will warn about such missing hard dependencies
#     and suggest enabling. During system startup, you may expect an error,
#     if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
#     This is needed by insserv to determine which service should be
#     started first (and at a later stage what services can be started
#     in parallel). The tag Should-Start: is used for this.
#     It tells, that if a service is available, it should be started
#     before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
#   use names of services (contents of their Provides: section)
#   or pseudo names starting with a $. The following ones are available
#   according to LSB (1.1):
#    $local_fs        all local file systems are mounted
#                (most services should need this!)
#    $remote_fs        all remote file systems are mounted
#                (note that /usr may be remote, so
#                 many services should Require this!)
#    $syslog            system logging facility up
#    $network        low level networking (eth card, …)
#    $named            hostname resolution available
#    $netdaemons        all network daemons are running
#   The $netdaemons pseudo service has been removed in LSB 1.2.
#   For now, we still offer it for backward compatibility.
#   These are new (LSB 1.2):
#    $time            the system time has been set correctly
#    $portmap        SunRPC portmapping service available
#   UnitedLinux extensions:
#    $ALL            indicates that a script should be inserted
#                at the end
# * The services specified in the stop tags
#   (Required-Stop/Should-Stop)
#   specify which services need to be still running when this service
#   is shut down. Often the entries there are just copies or a subset
#   from the respective start tag.
# * Should-Start/Stop are now part of LSB as of 2.0,
#   formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
#   insserv does support both variants.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
#   (%fillup_and_insserv macro in %post of many RPMs) to specify whether
#   a startup script should default to be enabled after installation.
#   It’s not used by insserv.
#
# Note on runlevels:
# 0 – halt/poweroff             6 – reboot
# 1 – single user            2 – multiuser without network exported
# 3 – multiuser w/ network (text mode)  5 – multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.

# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
NRPE_BIN=/opt/nagios/nrpe/bin/nrpe
test -x $NRPE_BIN || { echo “$NRPE_BIN not installed”;
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }

# Check for existence of needed config file and read it
NRPE_CONFIG=/etc/nagios/nrpe.conf
test -r $NRPE_CONFIG || { echo “$NRPE_CONFIG not existing”;
if [ "$1" = "stop" ]; then exit 0;
else exit 6; fi; }

# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     be verbose in local rc status and clear it afterwards
#      rc_status -v -r  ditto and clear both the local and overall rc status
#      rc_status -s     display “skipped” and exit with status 3
#      rc_status -u     display “unused” and exit with status 3
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num>
#      rc_reset         clear both the local and overall rc status
#      rc_exit          exit appropriate to overall rc status
#      rc_active        checks whether a service is activated by symlinks
. /etc/rc.status

# Reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0      – success
# 1       – generic or unspecified error
# 2       – invalid or excess argument(s)
# 3       – unimplemented feature (e.g. “reload”)
# 4       – user had insufficient privileges
# 5       – program is not installed
# 6       – program is not configured
# 7       – program is not running
# 8–199  – reserved (8–99 LSB, 100–149 distrib, 150–199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.

case “$1″ in
start)
echo -n “Starting NRPE ”
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
/sbin/startproc $NRPE_BIN -c $NRPE_CONFIG -d

# Remember status and be verbose
rc_status -v
;;
stop)
echo -n “Shutting down NRPE ”
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.

/sbin/killproc -TERM $NRPE_BIN

# Remember status and be verbose
rc_status -v
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start

# Remember status and be quiet
rc_status
;;
status)
echo -n “Checking for service NRPE ”
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.

# Return value is slightly different for the status command:
# 0 – service up and running
# 1 – service dead, but /var/run/  pid  file exists
# 2 – service dead, but /var/lock/ lock file exists
# 3 – service not running (unused)
# 4 – service status unknown :-(
# 5–199 reserved (5–99 LSB, 100–149 distro, 150–199 appl.)

# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $NRPE_BIN
# NOTE: rc_status knows that we called this init script with
# “status” option and adapts its messages accordingly.
rc_status -v
;;
*)
echo “Usage: $0 {start|stop|status|restart|reload}”
exit 1
;;
esac
rc_exit

Comment

Postfix mailserver relaying through Internode

Filed Under: Uncategorized by Simon — Leave a comment
November 6, 2009
No Gravatar

My worry at the moment is I’m not monitoring the array very often. If something dies, I’d like to know.

I have a homebrew NAS at home which is Fedora based, that has a Raid 5 md disk array.

The easiest solution is to configure the MTA on the box and forward the root mails somewhere where I can read them.

I installed postfix on the Fedora 11 box with a simple yum command
yum install postfix

There after I configured the /etc/postfix/main.cf. I changed these lines….

myhostname = internode.on.net
inet_interfaces = localhost
relayhost = mail.internode.on.net

The internode mailserver does a lookup of you domain before accepting you email, rightfully so.
As I’m not hosting a mailserver, I’m just using it to send a mail out, I set the mailserver hostname to internode.on.net. This simply means that when the internode server checks the domain, it will resolve.

As I don’t want anyone trying to relay through the server, I’ll set it to only accept connections from localhost. The box sits behind my ADSL router, so it’s protected by NAT from internet based attacks, but if one of my Windows PCs gets infected, it’s possible this box could get used to send spam. There is also the possibility that someone hacks the wireless network and uses the unsuspecting mailserver.

Finally, as I don’t want postfix to try and send the email directly to the receipent mailserver (which in my case is google), I set the internod mailserver as my relayhost.

To test this I created a simple text file which I’ll use to send a test email from the command line.

To: you@yourmail.com
Subject: Hello Test
From: internode.on.net

Hello Test

Now run this command:

sendmail.postfix -t < mail.txt

If you check your /var/log/maillog you should see something like:

Nov  7 18:29:27 postfix/cleanup[5961]: 0B6EA2200F: message-id=<20091107075927.0B6EA2200F@internode.on.net>
Nov  7 18:29:27 postfix/qmgr[5894]: 0B6EA2200F: from=<root@internode.on.net>, size=315, nrcpt=1 (queue active)
Nov  7 18:29:27 postfix/smtp[5964]: 0B6EA2200F: to=<.com>, relay=mail.internode.on.net[203.16.214.182]:25, delay=0.98, delays=0.11/0.01/0.69/0.18, dsn=2.0.0, status=sent (250 ok:  Message 466760145 accepted)
Nov  7 18:29:27 postfix/qmgr[5894]: 0B6EA2200F: removed


Comment
Powered by WordPress | Theme: Motion by 85ideas.