how to issue service check through external command

Gerd Mueller gmueller at netways.de
Mon Sep 3 15:43:18 CEST 2007


Hi,

Did you restart nagios and the webserver?

Cheers,

Gerd

Am Montag, den 03.09.2007, 15:25 +0530 schrieb Navdeep Sidhu:
> Hi Guys
> 
> I'm trying to issue certain service checks through external commands but
> getting an error "could not open command file nagios.cmd for update"
> 
> I went through Nagios FAQ & Google but didn't find the way out.
> 
> I have setup the permissions according to the recommendations & external
> command check option is enabled in nagios configuration file also.
> 
>  drwxrwsr-x  2 nagios nagiocmd   4096 Sep  3 14:15 rw
>  prw-rw----   1 nagios nagiocmd       0   Sep  3 14:15 nagios.cmd
> 
> Pl help in this regard.
> 
> Thanks in advance
> 
> Regards
> Navdeep Singh Sidhu
> 
> -----Original Message-----
> From: nagios-users-bounces at lists.sourceforge.net
> [mailto:nagios-users-bounces at lists.sourceforge.net] On Behalf Of
> nagios-users-request at lists.sourceforge.net
> Sent: Sunday, September 02, 2007 12:59 AM
> To: nagios-users at lists.sourceforge.net
> Subject: Nagios-users Digest, Vol 16, Issue 1
> 
> Send Nagios-users mailing list submissions to
> 	nagios-users at lists.sourceforge.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.sourceforge.net/lists/listinfo/nagios-users
> or, via email, send a message with subject or body 'help' to
> 	nagios-users-request at lists.sourceforge.net
> 
> You can reach the person managing the list at
> 	nagios-users-owner at lists.sourceforge.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Nagios-users digest..."
> 
> 
> Today's Topics:
> 
>    1. from address (David Walgamotte)
>    2. How to auto-start NRPE daemon on reboot (FreeBSD) ?
>       (Sean Schertell)
>    3. check_dns works fine for half my servers,	fails for other
>       half (Sean Schertell)
>    4. Re: How to auto-start NRPE daemon on reboot (FreeBSD) ?
>       (Jeremy C. Reed)
>    5. Re: check_dns works fine for half my servers,	fails for other
>       half (Marc Powell)
>    6. Re: How to auto-start NRPE daemon on reboot	(FreeBSD) ?
>       (Sean Schertell)
>    7. Re: check_dns works fine for half my servers,	fails for other
>       half (Sean Schertell)
>    8. Re :RE: Re :RE:  Configuring Web Interface (manoj  kumar)
>    9. Re: nagios server inside vmware (Nagios)
>   10. Re: check_dns works fine for half my servers, fails for other
>       half (Andreas Ericsson)
>   11. Re: check_dns works fine for half my servers,	fails for other
>       half (S. William Schulz)
>   12. Re: check_dns works fine for half my servers,	fails for other
>       half (Marc Powell)
>   13. Re: check_dns works fine for half my servers,	fails for other
>       half (Marc Powell)
>   14. check_snmp and disk monitring (Melanie Pfefer)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 31 Aug 2007 15:03:00 -0500
> From: "David Walgamotte" <dwalgamo at gmail.com>
> Subject: [Nagios-users] from address
> To: Nagios-users at lists.sourceforge.net
> Message-ID:
> 	<77ad9a6b0708311303h47198d9eib240ad51873bb27d at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> I need to change the from address. Mail server will not accept an
> invalid
> user account from same domain. I need to change MAIL FROM: < address> on
> acks from nagios. please help. tried adding stuff to mailrc no luck.
> 
> -- 
> Thank You, Regards,
> David
> -------------- next part --------------
> An HTML attachment was scrubbed...
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 31 Aug 2007 15:55:47 -0700
> From: Sean Schertell <sean at datafly.net>
> Subject: [Nagios-users] How to auto-start NRPE daemon on reboot
> 	(FreeBSD) ?
> To: Nagios-users at lists.sourceforge.net
> Message-ID: <098CA4D3-F1E1-45EE-83C9-0B27930E4F05 at datafly.net>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> 
> Hi Guys,
> 
> I've got a spiffy new rc.d script that works great for starting/ 
> stopping the nrpe daemon. But simply adding nrpe_enable="yes" to my / 
> etc/rc.conf doesn't seem to do the trick.
> 
> Does anyone know how I can tell FreeBSD to fire off the "/usr/local/ 
> etc/rc.d/nrpe start" command at boot time?
> 
> In case anyone's interested, here's my script:
> 
> 
> 
> 
> #!/bin/sh
> #
> # Startup script for NRPE
> #
> 
> # Source function library.
> . /usr/local/etc/rc.d/functions
> 
> BIN=/usr/local/nagios/bin/nrpe
> CONFIG=/usr/local/nagios/etc/nrpe.cfg
> LOCK=/var/spool/lock/nrpe
> 
> RETVAL=0;
> 
> # See how we were called.
> case "$1" in
>    start)
>          echo -n "Starting NRPE daemon: "
>          daemon $BIN -c $CONFIG -d
>          RETVAL=$?
>          if [ $RETVAL = 0 ] && touch $LOCK
>          then
>                  echo -e "\t\t[ OK ]";
>          else
>                  echo -e "\t\t[ FAILED ]";
>          fi
>          ;;
>    stop)
>          echo -n "Stopping NRPE daemon: "
>          kill `cat /var/run/nrpe.pid` && rm -f /var/run/nrpe.pid
>          RETVAL=$?
>          if [ $RETVAL = 0 ] && rm -f $LOCK
>          then
>                  echo -e "\t\t[ OK ]";
>          else
>                  echo -e "\t\t[ FAILED ]";
>          fi
> 
>          ;;
>    status)
>          status nrpe
>          ;;
>    restart)
>          $0 stop
>          sleep 1
>          $0 start
>          ;;
>    *)
>          echo "Usage: $0 {start|stop|restart|status}"
>          exit 1
> esac
> 
> exit $RETVAL
> 
> 
> 
> 
> 
> ::::  DataFly.Net  ::::
> Complete Web Services
> http://www.datafly.net
> 
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 31 Aug 2007 18:05:02 -0700
> From: Sean Schertell <sean at datafly.net>
> Subject: [Nagios-users] check_dns works fine for half my servers,
> 	fails for other half
> To: Nagios-users at lists.sourceforge.net
> Message-ID: <D6F5973F-6A25-4FD2-9AC4-277323959CA8 at datafly.net>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> 
> I'm not really a DNS guru, so it's probably an obvious thing -- would  
> someone mind enlightening me as to why this happens? How come it  
> works fine for the first server but fails for the second? Their  
> definitely both running DNS.
> 
> [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H  
> microsoft.com -s rosemary.datafly.net
> DNS OK: 0.324 seconds response time. microsoft.com returns  
> 207.46.197.32,207.46.232.182|time=0.323644s;;;0.000000
> 
> [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H  
> microsoft.com -s nutmeg.datafly.net
> DNS CRITICAL - '/usr/bin/nslookup -sil' msg parsing exited with no  
> address
> 
> ???
> 
> Sean
> 
> 
> ::::  DataFly.Net  ::::
> Complete Web Services
> http://www.datafly.net
> 
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Fri, 31 Aug 2007 20:16:28 -0500 (CDT)
> From: "Jeremy C. Reed" <reed at reedmedia.net>
> Subject: Re: [Nagios-users] How to auto-start NRPE daemon on reboot
> 	(FreeBSD) ?
> To: Sean Schertell <sean at datafly.net>
> Cc: Nagios-users at lists.sourceforge.net
> Message-ID: <Pine.NEB.4.64.0708311956211.423 at glacier.reedmedia.net>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> On Fri, 31 Aug 2007, Sean Schertell wrote:
> 
> > I've got a spiffy new rc.d script that works great for starting/ 
> > stopping the nrpe daemon. But simply adding nrpe_enable="yes" to my / 
> > etc/rc.conf doesn't seem to do the trick.
> > 
> > Does anyone know how I can tell FreeBSD to fire off the "/usr/local/ 
> > etc/rc.d/nrpe start" command at boot time?
> > 
> > In case anyone's interested, here's my script:
> 
> Your script is not an script using FreeBSD's new rc.d semantics. So
> don't 
> use rc.conf setting of nrpe_enable="yes" for that. (As it won't know.)
> 
> To use old style, name it to end with ".sh" and make sure it is 
> executable. The defaults of FreeBSD should then work to find it and run
> it 
> at boot.
> 
> If you want to use FreeBSD's new rc.d semantics, have a look at the 
> rc.d scripts included by FreeBSD's nrpe and nrpe2 ports as examples.
> 
>   Jeremy C. Reed
> 
> p.s. Some of this is documented in the FreeBSD Handbook. Also some is 
> documented in 
> http://bsdwiki.reedmedia.net/wiki/Configure_a_service_to_start_at_boot_t
> ime.html
> http://bsdwiki.reedmedia.net/wiki/Use_an_rc__40__8__41___script_to_deter
> mine_if_a_service_is_running_and_start__44___restart_or_stop_it_as_requi
> red.html
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 31 Aug 2007 20:37:34 -0500
> From: "Marc Powell" <marc at ena.com>
> Subject: Re: [Nagios-users] check_dns works fine for half my servers,
> 	fails for other half
> To: <Nagios-users at lists.sourceforge.net>
> Message-ID: <A7B0A9F02975A74A845FE85D0B95B8FA085B4A1D at misex01.ena.com>
> Content-Type: text/plain;	charset="US-ASCII"
> 
> 
> 
> > -----Original Message-----
> > From: nagios-users-bounces at lists.sourceforge.net [mailto:nagios-users-
> > bounces at lists.sourceforge.net] On Behalf Of Sean Schertell
> > Sent: Friday, August 31, 2007 8:05 PM
> > To: Nagios-users at lists.sourceforge.net
> > Subject: [Nagios-users] check_dns works fine for half my servers,fails
> for
> > other half
> > 
> > I'm not really a DNS guru, so it's probably an obvious thing -- would
> > someone mind enlightening me as to why this happens? How come it
> > works fine for the first server but fails for the second? Their
> > definitely both running DNS.
> > 
> > [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H
> > microsoft.com -s rosemary.datafly.net
> > DNS OK: 0.324 seconds response time. microsoft.com returns
> > 207.46.197.32,207.46.232.182|time=0.323644s;;;0.000000
> > 
> > [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H
> > microsoft.com -s nutmeg.datafly.net
> > DNS CRITICAL - '/usr/bin/nslookup -sil' msg parsing exited with no
> > address
> 
> nutmeg is returning output from nslookup that check_dns can't parse. It
> would appear that nutmeg isn't configured to perform recursive lookups
> (lookups for domains it doesn't host) and you're expecting it to. 
> 
> $ nslookup -sil microsoft.com rosemary.datafly.net
> Server:         rosemary.datafly.net
> Address:        64.34.193.57#53
> 
> Non-authoritative answer:
> Name:   microsoft.com
> Address: 207.46.232.182
> Name:   microsoft.com
> Address: 207.46.197.32
> 
> $ nslookup -sil microsoft.com nutmeg.datafly.net
> Server:         nutmeg.datafly.net
> Address:        72.36.130.114#53
> 
> Non-authoritative answer:
> *** Can't find microsoft.com: No answer
> 
> As an aside, you shouldn't be allowing me to perform recursive lookups
> with your servers anyway. Rosemary could easily be hijacked to perform
> DNS based DOS attacks.
> 
> -
> Marc
> 
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 31 Aug 2007 19:48:16 -0700
> From: Sean Schertell <sean at datafly.net>
> Subject: Re: [Nagios-users] How to auto-start NRPE daemon on reboot
> 	(FreeBSD) ?
> To: Nagios-users at lists.sourceforge.net
> Message-ID: <80A1FF38-09B2-46BC-8A43-F626EAF5A9BD at datafly.net>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> 
> On Aug 31, 2007, at 6:16 PM, Jeremy C. Reed wrote:
> 
> > On Fri, 31 Aug 2007, Sean Schertell wrote:
> >
> >> I've got a spiffy new rc.d script that works great for starting/
> >> stopping the nrpe daemon. But simply adding nrpe_enable="yes" to my /
> >> etc/rc.conf doesn't seem to do the trick.
> >>
> >> Does anyone know how I can tell FreeBSD to fire off the "/usr/local/
> >> etc/rc.d/nrpe start" command at boot time?
> >>
> >> In case anyone's interested, here's my script:
> >
> > Your script is not an script using FreeBSD's new rc.d semantics. So  
> > don't
> > use rc.conf setting of nrpe_enable="yes" for that. (As it won't know.)
> >
> > To use old style, name it to end with ".sh" and make sure it is
> > executable. The defaults of FreeBSD should then work to find it and  
> > run it
> > at boot.
> >
> > If you want to use FreeBSD's new rc.d semantics, have a look at the
> > rc.d scripts included by FreeBSD's nrpe and nrpe2 ports as examples.
> >
> >   Jeremy C. Reed
> >
> > p.s. Some of this is documented in the FreeBSD Handbook. Also some is
> > documented in
> > http://bsdwiki.reedmedia.net/wiki/ 
> > Configure_a_service_to_start_at_boot_time.html
> > http://bsdwiki.reedmedia.net/wiki/ 
> > Use_an_rc__40__8__41___script_to_determine_if_a_service_is_running_and
> 
> > _start__44___restart_or_stop_it_as_required.html
> 
> 
> I was trying to be consistent and set everything up as closely as  
> possible to the way I had done it on my RetardedHat boxes.
> 
> Installing nrpe/nagios-plugins from FreeBSD ports is about a thousand  
> times easier and creates a snazzy new-style rc.d script for me right  
> out of the box. And now I can just put nrpe2_enable in my rc.conf and  
> everything works swimmingly. God I love FreeBSD.
> 
> Thanks for mentioning ports -- I don't know why I didn't think of  
> trying that before ;-)
> 
> Sean
> 
> 
> 
> ::::  DataFly.Net  ::::
> Complete Web Services
> http://www.datafly.net
> 
> 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Fri, 31 Aug 2007 19:51:31 -0700
> From: Sean Schertell <sean at datafly.net>
> Subject: Re: [Nagios-users] check_dns works fine for half my servers,
> 	fails for other half
> To: Nagios-users at lists.sourceforge.net
> Message-ID: <BC2ACBC5-CCF7-4274-B6E8-0738C0DC70BE at datafly.net>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> 
> >> -----Original Message-----
> >> From: nagios-users-bounces at lists.sourceforge.net [mailto:nagios- 
> >> users-
> >> bounces at lists.sourceforge.net] On Behalf Of Sean Schertell
> >> Sent: Friday, August 31, 2007 8:05 PM
> >> To: Nagios-users at lists.sourceforge.net
> >> Subject: [Nagios-users] check_dns works fine for half my  
> >> servers,fails
> > for
> >> other half
> >>
> >> I'm not really a DNS guru, so it's probably an obvious thing -- would
> >> someone mind enlightening me as to why this happens? How come it
> >> works fine for the first server but fails for the second? Their
> >> definitely both running DNS.
> >>
> >> [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H
> >> microsoft.com -s rosemary.datafly.net
> >> DNS OK: 0.324 seconds response time. microsoft.com returns
> >> 207.46.197.32,207.46.232.182|time=0.323644s;;;0.000000
> >>
> >> [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H
> >> microsoft.com -s nutmeg.datafly.net
> >> DNS CRITICAL - '/usr/bin/nslookup -sil' msg parsing exited with no
> >> address
> >
> > nutmeg is returning output from nslookup that check_dns can't  
> > parse. It
> > would appear that nutmeg isn't configured to perform recursive lookups
> > (lookups for domains it doesn't host) and you're expecting it to.
> >
> > $ nslookup -sil microsoft.com rosemary.datafly.net
> > Server:         rosemary.datafly.net
> > Address:        64.34.193.57#53
> >
> > Non-authoritative answer:
> > Name:   microsoft.com
> > Address: 207.46.232.182
> > Name:   microsoft.com
> > Address: 207.46.197.32
> >
> > $ nslookup -sil microsoft.com nutmeg.datafly.net
> > Server:         nutmeg.datafly.net
> > Address:        72.36.130.114#53
> >
> > Non-authoritative answer:
> > *** Can't find microsoft.com: No answer
> >
> > As an aside, you shouldn't be allowing me to perform recursive lookups
> > with your servers anyway. Rosemary could easily be hijacked to perform
> > DNS based DOS attacks.
> >
> > -
> > Marc
> >
> 
> 
> So does that mean then that it isn't possible to use the check_dns  
> plugin without enabling recursive lookups and leaving my server open  
> to DNS DOS attacks?
> 
> Is there any way to use dns_check safely?
> 
> Thanks :-)
> 
> Sean
> 
> 
> 
> 
> ::::  DataFly.Net  ::::
> Complete Web Services
> http://www.datafly.net
> 
> 
> 
> 
> ------------------------------
> 
> Message: 8
> Date: 1 Sep 2007 05:30:38 -0000
> From: "manoj  kumar" <iter_manojkumar at rediffmail.com>
> Subject: [Nagios-users] Re :RE: Re :RE:  Configuring Web Interface
> To: <justinm at honeycomb.net>
> Cc: Nagios-users <Nagios-users at lists.sourceforge.net>
> Message-ID:
> 	
> <1188563883.S.15036.27942.f5mail21.rediffmail.com.1188624638.15342 at webma
> il.rediffmail.com>
> 	
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Thanks A Lot Justine!It worked.... :)Warm regards,ManojOn Fri, 31 Aug
> 2007 07:39:42 -0500 \"Justin Maloney\" wroteOK I get what your looking
> for now.  You would need to getthe urls for the hostgroup overview
> page (http://nagios.yourserver/nagios/cgi-bin/status.cgi?hostgroup=
> CHDDLFDHCP-SERVERS&style=detail) and put that in the side.html
> page.  Try just making theliks and see if they work.  The
> format above works to veiw my groups and I can?timage that editing the
> html would be two hard the side.html isn?tdynamic, I don?t
> think. Thank you,JustinMaloneySystems AdministratorHoneycomb
> Internet Services612.617.0007 HiJustin,I have defined hostgroups as
> below - # \'CHDDLF-DHCP SERVERS\' host group definitiondefine
> hostgroup{       
> hostgroup_name CHDDLFDHCP-SERVERS     &nbs
> p; alias         &nbsp
> ; CHDDLFDHCPSERVERS    &nb
>  sp;   contact_groups 
> CHDDLFNT-ADMINS       
> members        CHDDLFDHCP01,CHDD
> LFVDHC01        }#\'CHDDLF-DOMAIN
> CONTROLLERS\' host group definitiondefine
> hostgroup{       
> hostgroup_name CHDDLFDOMAIN-CONTROLLERS    &nbs
> p;  alias        &nbsp
>> CHDDLFDOMAINCONTROLLERS       
> contact_groups 
> CHDDLFNT-ADMINS,CHDSEZNT-ADMINS      &nbsp
> ;members        
> CHDDLFGDC01        }# \'UnixServers\'
> host group definitiondefine
> hostgroup{       
> hostgroup_name  Unix
> Servers       alias   
>       &n
>  bsp; Unix Servers       
> contact_groups CHDDLFUNIX-ADMINS     &nbsp
> ; members        
> damodar,appsdba        }But the view
> pane just shows me \"All Hosts\"and there is no menu where I can see
> them in groups.Attached is the sreen shot of my nagios Web Interface
> (Current.JPG).I want to configure the NAGIOS web interface so that I can
> group differenthosts as the Sub Menu to \"Service Detail\" Menu.The
> Right side Menu should display something like -   o Service
> Detail        o Unix
> Systems        o Windows
> Servers        o WAN linksSome thing
> like the attached image (nagios.JPG).How can we achieve that?Thanks and
> regards,Manoj-----------------------------------------------------------
> -----------------------------------------
>  --------------------------------You could put them in host
> groups,that?s what I do.  I have a host group for each customer and
> thenmore host groups that break down to web servers, mysql servers etc
> for eachcustomer.  Then you just go to the hostgroup over view page
> and click onone.  It will show you all the hosts and there
> services. in the normalstatus page format.  Thank you, Justin
> Maloney SystemsAdministrator HoneycombInternet Services
> 612.617.0007Manoj KumarTHE MAD MANNever Fall in Love Always Rise in
> Love! 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> 
> ------------------------------
> 
> Message: 9
> Date: Sat, 01 Sep 2007 09:15:30 +0200
> From: Nagios <nagios at mels-kooijman.nl>
> Subject: Re: [Nagios-users] nagios server inside vmware
> To: "Cook, Garry" <Garry.Cook at arcadis-us.com>
> Cc: "nagios-users at lists.sourceforge.net"
> 	<nagios-users at lists.sourceforge.net>
> Message-ID: <46D91192.4010600 at mels-kooijman.nl>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Cook, Garry wrote:
> > IIRC, the solution given in that thread was 'Don't use VMware'.
> >
> > I run three different Ubuntu servers (Nagios, MRTG, and NeDi) on
> VMware, and have no issues whatsoever with time (or anything else). I
> don't recall how I originally setup NTP, and I DID have issues in the
> beginning, but they have long since been resolved. If you run into time
> issues and have specific questions, email the list and I'll do my best
> to get back to you with info about how my system is setup.
> >
> > The only current problem that I have with VMware is that sometimes my
> virtual host's filesystem will get kicked into read-only mode. This
> issue only relates to servers attached to an iSCSI SAN, and has already
> been fixed for RHEL and SUSE. I have a ticket open with them now to
> address the issue with Ubuntu.
> >
> > Thanks,
> > Garry
> >
> >   
> 
> I have Suse 10.2 and Nagios, MRTG, Netdirector in production running on 
> vmware GSX server, soon we migrate it to the vmware ESX cluster. The 
> only problems was the solved filesystem issue after a diskerror. It 
> happens once on the ESX, the san was on that moment not multipath.
> The time on ESX gives no problem, on vmware-server, the free one, there 
> is time a problem. NTP is configurerd to synchro the local time from a 
> server in DMZ, this one connect to the public time servers.
> Conclusion: why not use VMware
>  
> Greetings,
> Mels
> 
> 
> 
> ------------------------------
> 
> Message: 10
> Date: Sat, 01 Sep 2007 09:22:01 +0200
> From: Andreas Ericsson <ae at op5.se>
> Subject: Re: [Nagios-users] check_dns works fine for half my servers,
> 	fails for other half
> To: Sean Schertell <sean at datafly.net>
> Cc: Nagios-users at lists.sourceforge.net
> Message-ID: <46D91319.6070502 at op5.se>
> Content-Type: text/plain; charset=ISO-8859-15; format=flowed
> 
> Sean Schertell wrote:
> >> nutmeg is returning output from nslookup that check_dns can't  
> >> parse. It
> >> would appear that nutmeg isn't configured to perform recursive
> lookups
> >> (lookups for domains it doesn't host) and you're expecting it to.
> >>
> >>
> >> As an aside, you shouldn't be allowing me to perform recursive
> lookups
> >> with your servers anyway. Rosemary could easily be hijacked to
> perform
> >> DNS based DOS attacks.
> >>
> >> -
> >> Marc
> >>
> > 
> > 
> > So does that mean then that it isn't possible to use the check_dns  
> > plugin without enabling recursive lookups and leaving my server open  
> > to DNS DOS attacks?
> > 
> > Is there any way to use dns_check safely?
> > 
> 
> Ask it for a name it knows about.
> 
> -- 
> Andreas Ericsson                   andreas.ericsson at op5.se
> OP5 AB                             www.op5.se
> Tel: +46 8-230225                  Fax: +46 8-230231
> 
> 
> 
> ------------------------------
> 
> Message: 11
> Date: Sat, 1 Sep 2007 07:45:21 -0400
> From: "S. William Schulz" <swschulz at gmail.com>
> Subject: Re: [Nagios-users] check_dns works fine for half my servers,
> 	fails for other half
> To: "Sean Schertell" <sean at datafly.net>
> Cc: Nagios-users at lists.sourceforge.net
> Message-ID:
> 	<92010c400709010445y67479b7vdb678374c0cd3240 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> > > As an aside, you shouldn't be allowing me to perform recursive
> lookups
> > > with your servers anyway. Rosemary could easily be hijacked to
> perform
> > > DNS based DOS attacks.
> > >
> > > -
> > > Marc
> >
> > So does that mean then that it isn't possible to use the check_dns
> > plugin without enabling recursive lookups and leaving my server open
> > to DNS DOS attacks?
> >
> > Is there any way to use dns_check safely?
> 
> I think the keyword in Marc's statement was "me" - him, Marc, being
> outside of your network should not be allowed to perform recursive
> lookups via one of your nameservers.  If you are going to enable
> recursive lookups for your own users/internal machines, limit access
> to that feature via acl's to only those users/IPs/hosts.
> 
> Otherwise, with recursive off, ask them about a name they are
> authoritative for.
> 
> SWS
> 
> 
> 
> ------------------------------
> 
> Message: 12
> Date: Sat, 1 Sep 2007 08:37:40 -0500
> From: "Marc Powell" <marc at ena.com>
> Subject: Re: [Nagios-users] check_dns works fine for half my servers,
> 	fails for other half
> To: <nagios-users at lists.sourceforge.net>
> Message-ID: <A7B0A9F02975A74A845FE85D0B95B8FA085B4A1E at misex01.ena.com>
> Content-Type: text/plain;	charset="US-ASCII"
> 
> Please always respond on list.
> 
> > -----Original Message-----
> > From: Sean Schertell [mailto:sean at datafly.net]
> > Sent: Friday, August 31, 2007 8:47 PM
> > To: Marc Powell
> > Subject: Re: [Nagios-users] check_dns works fine for half my servers,
> > fails for other half
> > 
> > Thanks Mark,
> > 
> > So does that mean then that it isn't possible to use the check_dns
> > plugin without enabling recursive lookups and leaving my server open
> > to DNS DOS attacks?
> 
> Sure it's possible, and if the server is supposed to be a recursive
> server (most are) then check_dns will work as you're testing it. Nutmeg
> does not appear to be a recursive server though so you can't ask it
> about microsoft.com since it doesn't know anything about it. Change that
> to nutmeg.aspen.com or some other host in a domain it's authoritative
> for.
> 
> > Is there any way to use dns_check safely?
> 
> My concerns about safety weren't related to check_dns at all. My concern
> is that anyone anywhere in the world can use rosemary to attack other
> DNS servers. As a bonus, you would be the apparent source of that
> attack. IMHO, you should be using ACL's to allow recursive lookups only
> for those networks that should be using that nameserver. Bind provides
> an easy way of doing this if that's what you're using --
> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html
> 
> --
> Marc
> 
> 
> 
> ------------------------------
> 
> Message: 13
> Date: Sat, 1 Sep 2007 08:43:39 -0500
> From: "Marc Powell" <marc at ena.com>
> Subject: Re: [Nagios-users] check_dns works fine for half my servers,
> 	fails for other half
> To: <nagios-users at lists.sourceforge.net>
> Message-ID: <A7B0A9F02975A74A845FE85D0B95B8FA085B4A1F at misex01.ena.com>
> Content-Type: text/plain;	charset="US-ASCII"
> 
> 
> 
> > -----Original Message-----
> > From: nagios-users-bounces at lists.sourceforge.net [mailto:nagios-users-
> > bounces at lists.sourceforge.net] On Behalf Of Marc Powell
> > Sent: Saturday, September 01, 2007 8:38 AM
> > To: nagios-users at lists.sourceforge.net
> > Subject: Re: [Nagios-users] check_dns works fine for half my
> servers,fails
> > for other half
> > 
> 
> 
> > about microsoft.com since it doesn't know anything about it. Change
> that
> > to nutmeg.aspen.com or some other host in a domain it's authoritative
> > for.
> 
> Sorry, to avoid confusion I really meant to say 'nutmeg.datafly.net'.
> 
> --
> Marc
> 
> 
> 
> 
> 
> ------------------------------
> 
> Message: 14
> Date: Sat, 1 Sep 2007 18:38:35 +0100 (BST)
> From: Melanie Pfefer <melanie_pfefer at yahoo.co.uk>
> Subject: [Nagios-users] check_snmp and disk monitring
> To: nagios-users at lists.sourceforge.net,
> 	nagiosplug-help at lists.sourceforge.net
> Message-ID: <966547.97595.qm at web26203.mail.ukl.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
> 
> Hi,
> I am using RHEL3 and installed
> mysql5/apache2.0.59/php5 and nagios 2.9 and
> plugin1.4.9.
> 
> 
> My objective is to start monitoring disk usage of
> remote servers. Any idea how to do that?
> 
> thanks.
> 
> 
> 
> 
>       ___________________________________________________________ 
> Want ideas for reducing your carbon footprint? Visit Yahoo! For Good
> http://uk.promotions.yahoo.com/forgood/environment.html
> 
> 
> 
> ------------------------------
> 
> ------------------------------------------------------------------------
> -
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> 
> ------------------------------
> 
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> 
> 
> End of Nagios-users Digest, Vol 16, Issue 1
> *******************************************
> ======================================
> i-choose online store at www.tataindicom.com
> Your Comfort.Your Convenience.YourChoice.
> ====================================== 
> 
> DISCLAIMER:
> The information contained in this message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and permanently delete this message and any attachments from your system. Any dissemination, use, review, distribution, printing or copying of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change.TATATELESERVICES LTD. (including its group companies) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. TATA TELESERVICES LTD. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor t
 hat this communication is free of viruses, interceptions or interference.
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
-- 
Gerd Mueller                  NETWAYS GmbH
Senior Systems Engineer       Deutschherrnstr. 47a
Fon. +49 911 92885-0          D-90429 Nuernberg
Fax. +49 911 92885-33              
gmueller at netways.de           http://www.netways.de     

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list