#!/bin/bash # I, Ian Kelling, follow the GNU license recommendations at # https://www.gnu.org/licenses/license-recommendations.en.html. They # recommend that small programs, < 300 lines, be licensed under the # Apache License 2.0. This file contains or is part of one or more small # programs. If a small program grows beyond 300 lines, I plan to switch # its license to GPL. # Copyright 2024 Ian Kelling # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # this was part of distro-end ### begin nagios ### pi nagios-nrpe-server case $HOSTNAME in kd) # the backport is for this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800345 pi nagios4 nagios-nrpe-plugin monitoring-plugins-basic/bullseye-backports s rm -fv /etc/apache2/conf-enabled/nagios4-cgi.conf # to add a password for admin: # htdigest /etc/nagios4/htdigest.users Nagios4 iank # now using the same pass as prometheus # nagstamon auth settings, set to digest instead of basic. web-conf -p 3005 - apache2 i.b8.nz <<'EOF' # adapted from /etc/apache2/conf-enabled/nagios4-cgi.conf ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4 ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4 # Where the stylesheets (config files) reside Alias /nagios4/stylesheets /etc/nagios4/stylesheets # Where the HTML pages live Alias /nagios4 /usr/share/nagios4/htdocs Options FollowSymLinks DirectoryIndex index.php index.html AllowOverride AuthConfig # # The default Debian nagios4 install sets use_authentication=0 in # /etc/nagios4/cgi.cfg, which turns off nagos's internal authentication. # This is insecure. As a compromise this default apache2 configuration # only allows private IP addresses access. # # The ... below shows how you can secure the nagios4 # web site so anybody can view it, but only authenticated users can issue # commands (such as silence notifications). To do that replace the # "Require all granted" with "Require valid-user", and use htdigest # program from the apache2-utils package to add users to # /etc/nagios4/htdigest.users. # # A step up is to insist all users validate themselves by moving # the stanza's in the .. into the . # Then by setting use_authentication=1 in /etc/nagios4/cgi.cfg you # can configure which people get to see a particular service from # within the nagios configuration. # AuthDigestDomain "Nagios4" AuthDigestProvider file AuthUserFile "/etc/nagios4-htdigest.users" AuthGroupFile "/etc/group" AuthName "Nagios4" AuthType Digest Require valid-user Options +ExecCGI EOF ;; esac # when you alter a service through the web, it changes vars in /var/lib/nagios4/status.dat. for example: # notifications_enabled=1 # note, the same variable exists in the correspdonding "define service {" # in the default config, we have these definitions # 11 define command { # 2 define contact { # 1 define contactgroup { # 9 define host { # 4 define hostgroup { # 23 define service { # 5 define timeperiod { # on klaxon # klaxon:/etc/nagios3 # grep -rho '^ *define [^{ ]*' | sort | uniq -c # 76 define command # 11 define contact # 6 define contactgroup # 162 define host # 1 define hostextinfo # 16 define hostgroup # 3040 define service # 2 define servicedependency # 6 define timeperiod ### end nagios ###