SSH server enable / disable password authentication

Enable
sed -i 's|[#]*PasswordAuthentication no|PasswordAuthentication yes|g' /etc/ssh/sshd_config
sed -i 's|UsePAM no|UsePAM yes|g' /etc/ssh/sshd_config
service ssh restart

Disable (don´t forget to install pre-shared-key first: http://www.panticz.de/ssh_pre-shared-key_authentication)
<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/disable_ssh_password_authentication.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -";
echo " 

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

# LXC
# disable login without password
lxc-attach -n ${CONTAINER} -- sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- sed -i 's|UsePAM yes|UsePAM no|g' /etc/ssh/sshd_config
lxc-attach -n ${CONTAINER} -- service ssh restart

# generate SSH key for root
lxc-attach -n ${CONTAINER} -- ssh-keygen -q -f /root/.ssh/id_rsa -N ''

Icinga plugins

# basic plugins
apt-get install -y nagios-plugins-basic

# memory
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/icinga/master/plugins/scripts/check_mem.sh -O - | bash -

# hddtemp
https://raw.githubusercontent.com/panticz/icinga/master/plugins/scripts/check_hddtemp.sh

# ipmi
http://www.thomas-krenn.com/de/wiki/IPMI_Sensor_Monitoring_Plugin_Version_1.x

# sensors
http://www.panticz.de/lm-sensors

# automatic apt-update

# harddisc temperature (http://exchange.nagios.org/components/com_mtree/attachment.php?link_id=341&cf_id=24)

pnp4nagios

#
# graph (server)
# TODO: BROKEN with Icinga 1.7.1?
#
apt-get install -y pnp4nagios

sed -i 's|/cgi-bin/nagios3|/icinga/cgi-bin|g' /etc/pnp4nagios/config.php

sed -i 's|/etc/nagios3/htpasswd.users|/etc/icinga/htpasswd.users|g' /etc/pnp4nagios/apache.conf

sed -i 's|process_performance_data=0|process_performance_data=1|g' /etc/icinga/icinga.cfg
sed -i 's|#broker_module=/usr/lib/icinga/idomod.so config_file=/etc/icinga/idomod.cfg|broker_module=/usr/lib/pnp4nagios/npcdmod.o config_file=/etc/pnp4nagios/npcd.cfg|g' /etc/icinga/icinga.cfg

sed -i 's|log_type = syslog|log_type = file|g'

Install icinga SSH on client

# icinga SSH on server
# run once
# /var/lib/nagios/.ssh/config
su -s /bin/bash nagios -c "ssh-keygen -q -f /var/lib/nagios/.ssh/id_rsa -N ''"

# run for every client
# TODO: automate, one command?
su -s /bin/bash nagios
ssh-copy-id root@192.168.1.222
ssh root@192.168.1.222
exit

# install on client
# apt-get install -y nagios-plugins
apt-get install -y nagios-plugins-basic
# apt-get install -y nagios-plugins-standard
# apt-get install -y nagios-plugins-contrib --no-install-recommends

chown root:root /usr/lib/nagios/plugins/check_ide_smart
chmod u+s /usr/lib/nagios/pl

Install Icinga / Nagios NRPE plugin

# on Icinga / Nagios client
apt-get install -y nagios-nrpe-server
sed -i 's|allowed_hosts=127.0.0.1|allowed_hosts=192.168.1.197|g' /etc/nagios/nrpe.cfg
/etc/init.d/nagios-nrpe-server restart

cat < /etc/nagios/nrpe.d/my.cfg
command[check_root]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /
command[check_http]=/usr/lib/nagios/plugins/check_http -H localhost
command[check_ssh]=/usr/lib/nagios/plugins/check_ssh localhost
EOF

/etc/init.d/nagios-nrpe-server restart

# test access
/usr/lib/nagios/plugins/check_nrpe -H

# on Icinga / Nagios server
apt-ge

Install icinga srver

<?php
$URL="https://raw.githubusercontent.com/panticz/installit/master/install.icinga.sh";
echo "wget $URL -O - | bash -";
echo " 

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

Admin login
http://YOUR_IP/icinga/
user: icingaadmin
pass: icingaadmin

Icinga Apache configuration
/etc/apache2/conf-available/icinga.conf

Icinga repository
http://packages.icinga.org/

Enable automatic updates
# http://www.panticz.de/debian-ubuntu-automatic-upgrades
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/enable_auto_update.sh -O - | bash -

configure contact
sed -i 's|root@localhost|YOUR@EMAIL-ADDRESS.com|g' /etc/icinga/objects/contacts_icinga.cfg

change password
htpasswd -c /etc/icinga/htpasswd.users icingaadmin

plugins
http://www.panticz.de/Icinga-plugins

LDAP
a2enmod authnz_ldap

echo "pass1234" > /etc/apache2/ldap_password.inc
chmod 600 /etc/apache2/ldap_password.inc

sed -i 's|=icingaadmin|=*|g' /etc/icinga/cgi.cfg

/etc/icinga/apache2.conf
- AuthUserFile /etc/icinga/htpasswd.users
+ AuthBasicProvider ldap
+ AuthLDAPBindDN "ldap@example.com"
+ AuthLDAPBindPassword "exec:/bin/cat /etc/apache2/ldap_password.inc"
+ AuthLDAPURL "ldap://ldap.example.com:3268/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
+ AuthLDAPRemoteUserIsDN off
+ Require ldap-group CN=IPG.DevOps,OU=_IntranetPermissionGroups,DC=example,DC=com

service apache2 restart

# config
https://wiki.icinga.org/display/Dev/Icinga+Core+Debug+Config

# cgi
http://docs.icinga.org/latest/de/cgiparams.html#cgiparams-ahas
http://icinga.example.com/cgi-bin/icinga/status.cgi?servicestatustypes=20&noheader=1

Links
http://www.debmon.org/ - Debian Monitoring Project
http://packages.debian.org/wheezy/icinga
http://packages.icinga.org/debian/ - Icinga repository
https://www.icinga.org/icinga2/ - Icinga 2 preview
http://www.sysadminslife.com/monitoring-2/icinga-1-9-installation-unter-debian-squeeze-wheezy-aktuellste-version/

Subscribe to