Archivi tag: commands

Nagios: script bash per monitorare lo stato dei volumi RAID

Partendo dalle considerazioni fatte in questo post, ho deciso di mettere a punto uno script bash da integrare a Nagios, in modo da monitorare lo status dei volumi RAID (e dei dischi fisici annessi) a prescindere dal metodo utilizzato per l’implementazione di tale tecnologia (hardware, fake oppure software).

nagiosDi seguito riporto il suddetto script nella sua interezza:

#!/bin/bash

type=$1

subtype=$2

element=$3

usage="check_raid <--software|--fake|--hardware> [--megaraid|--mpt] [--volume|--physical|--battery]"

if [[ ! -z "$type" && "$type" =~ "software" ]];then
        okswraid=0;
        koswraid=0;
        volumes=`cat /proc/mdstat | grep md | grep active | grep -v inactive | awk '{print $1}' | wc -l`
        if [[ ! -z $volumes ]];then
                for (( v=1; v<=$volumes; v++ ))
                do
                        volume=`cat /proc/mdstat | grep md | grep active | grep -v inactive | awk '{print $1}' | sed -n "$v p"`
                        raidtype=`cat /proc/mdstat | grep md | grep active | grep -v inactive | awk '{print $4}' | sed -n "$v p"`
                        diskno=`cat /proc/mdstat | grep '[[0-9]\/[0-9]]' | awk '{print $3}' | sed -n "$v p"`
                        disksok=`echo $diskno | sed 's/\[//g' | cut -d '/' -f1`
                        diskstotal=`echo $diskno | sed 's/\]//g' | cut -d '/' -f2`
                        if [[ "$disksok" -eq "$diskstotal" ]];then
                                echo "OK: Software RAID volume $volume configured in $raidtype is OK, with $diskno disks UP"
                                ((okswraid++))
                        elif [[ "$disksok" -lt "$diskstotal" ]];then
                                echo "CRITICAL: Software RAID volume $volume configured in $raidtype is CRITICAL, with $diskno disks UP"
                                ((koswraid++))
                        fi
                done

                if [[ $koswraid -eq 0 ]];then
                        exit 0;
                else
                        exit 2;
                fi
        else
                echo "UNKNOWN: No software RAID configured"
                exit 3;
        fi

elif [[ ! -z "$type" && "$type" =~ "fake" ]];then
        bin=`/usr/bin/which dmraid`
        if [[ ! -z $bin ]];then
                result=`$bin -s`
                disksno=`$bin -r | grep -v no | wc -l`
                disksok=`$bin -r | grep ok | wc -l`
                if [[ ! -z "$result" && "$result" =~ "ok" ]];then
                        echo "OK: RAID Status is OK, with $disksok/$disksno disks OK"
                        exit 0;
                elif [[ ! -z "$result" && "$result" =~ "no raid" ]];then
                        echo "UNKNOWN: no fake RAID configured"
                        exit 3;
                else
                        echo "CRITICAL: RAID Status is KO, with $disksok/$disksno disks OK"
                        exit 2;
                fi
        else
                echo "UNKNOWN: no dmraid binary found - please install dmraid"
                exit 3;
        fi

elif [[ ! -z "$type" && "$type" =~ "hardware" ]];then
        okraid=0;
        oksmart=0;
        koraid=0;
        kosmart=0;
        if [[ ! -z "$subtype" && "$subtype" =~ "--megaraid" ]];then
                bin=`/usr/bin/which MegaCli64`
                if [[ ! -z $bin ]];then
                        if [[ ! -z "$element" && "$element" =~ "--volume" ]];then
                                result=`$bin -LDinfo -Lall -aALL | grep State | awk '{print $3}'`
                                if [[ ! -z "$result" && $result =~ "Optimal" ]];then
                                        echo "OK: RAID Volume state is $result"
                                        exit 0;
                                else
                                        echo "CRITICAL: RAID Volume state is $result"
                                        exit 2;
                                fi
                        elif [[ ! -z "$element" && "$element" =~ "--physical" ]];then
                                diskno=`$bin -PDList -aALL | grep "S.M.A.R.T alert" | wc -l`
                                for (( d=1; d<=$diskno; d++ ))
                                do
                                        result=`$bin -PDList -aALL | grep "Firmware state" | sed -n "$d p" | awk '{print $3}' | sed 's/,//g'`
                                        if [[ ! -z "$result" && $result =~ "Online" ]];then
                                                echo "RAID Status for Physical Disk number $d is OK"
                                                ((okraid++));
                                        else
                                                echo "RAID Status for Physical Disks number $d is KO"
                                                ((koraid++));
                                        fi
                                done
                                for (( d=1; d<=$diskno; d++ ))
                                do
                                        result=`$bin -PDList -aALL | grep "S.M.A.R.T alert" | sed -n "$d p" | awk '{print $8}'`
                                        if [[ ! -z "$result" && $result =~ "No" ]];then
                                                echo "S.M.A.R.T Status for Physical Disk number $d is OK"
                                                ((oksmart++));
                                        else
                                                echo "S.M.A.R.T. Status for Physical Disks number $d is KO"
                                                ((kosmart++));
                                        fi
                                done
                                if [[ $koraid -eq 0 && $kosmart -eq 0 ]];then
                                        echo "OK: RAID and S.M.A.R.T Status for all Physical Disks is OK"
                                        exit 0;
                                elif [[ $koraid -eq 0 && $kosmart -ne 0 ]];then
                                        echo "CRITICAL: S.M.A.R.T Status for some Physical Disks is KO"
                                        exit 2;
                                elif [[ $koraid -ne 0 && "$kosmart" -eq 0 ]];then
                                        echo "CRITICAL: RAID Status for some Physical Disks is KO"
                                        exit 2;
                                elif [[ $koraid -ne 0 && $kosmart -ne 0 ]];then
                                        echo "CRITICAL: RAID and S.M.A.R.T Status for some Physical Disks is KO"
                                        exit 2;
                                fi
                        elif [[ ! -z "$element" && "$element" =~ "--battery" ]];then
                                result=`$bin -AdpBbuCmd -aAll | grep "Battery State" | awk '{print $3}'`
                                if [[ ! -z "$result" && $result =~ "OK" ]];then
                                        echo "OK: RAID Controller Battery state is OK"
                                        exit 0;
                                else
                                        echo "CRITICAL: RAID Controller Battery state is $result"
                                        exit 2;
                                fi
                        else
                                echo "UNKNOWN: please specify the element to check"
                                echo $usage;
                                exit 3;
                        fi
                else
                        echo "UNKNOWN: No MegaCli64 binary found - please install MegaCli64"
                        exit 3;
                fi

        elif [[ ! -z "$subtype" && "$subtype" =~ "mpt" ]];then
                modprobe mptctl
                bin=`/usr/bin/which mpt-status`
                bin2=`/usr/bin/which lspci`
                bin3=`/usr/bin/which daemonize`
                if [[ ! -z $bin ]];then
                        if [[ ! -z $bin2 ]];then
                                controller_status=`lspci | grep MPT`
                                if [[ ! -z $controller_status ]];then
                                        if [[ ! -z $bin3 ]];then
                                                controller=`$bin -p | grep id | awk '{print $3}' | sed 's/id=//g' | sed 's/,//g'`
                                                if [[ ! -z $controller ]];then
                                                        result=`$bin -i $controller | grep OPTIMAL`
                                                        if [[ ! -z "$result" ]];then
                                                                echo "OK: RAID Status is OPTIMAL"
                                                                exit 0;
                                                        else
                                                                echo "CRITICAL: RAID Status is DEGRADED"
                                                                exit 2;
                                                        fi
                                                else
                                                        echo "UNKNOWN: MPT Controller found but no RAID configured";
                                                        exit 3;
                                                fi
                                        else
                                                echo "UNKNOWN: No daemonize binary found - please install daemonize";
                                                exit 3;
                                        fi
                                else
                                        echo "UNKNOWN: Unable to find RAID Controller";
                                        exit 3;
                                fi
                        else
                                echo "UNKNOWN: No lspci binary found - please install lspci";
                                exit 3;
                        fi
                else
                        echo "UNKNOWN: No mpt-status binary found - please install mpt-status"
                        exit 3;
                fi

        else
                echo "UNKNOWN: please specify the RAID Controller type"
                echo $usage
                exit 3;
        fi
else
        echo "UNKNOWN: please specify the RAID type"
        echo $usage
        exit 3;
fi
exit 0

Lo usage parla chiaro: il primo argomento identifica, per l’appunto, la tecnologia RAID utilizzata sul sistema target. Il secondo ed il terzo argomento, invece, dovranno essere specificati solo nel caso in cui si abbia a che fare con un RAID di tipo hardware. Nella fattispecie, essi rappresentano, rispettivamente, la tipologia di chipset utilizzata dal controller e l’oggetto di interesse della nostra query, ovvero il volume, i dischi fisici oppure la batteria (tale parametro ha senso solo se il chipset è di tipo LSI MegaRAID).

Configurazione di Nagios

Come al solito, il primo step consiste nel definire un comando che utilizzi lo script (in gergo plugin) riportato in precedenza:

# 'check_local_raid' command definition
define command{
        command_name    check_local_raid
        command_line    $USER1$/check_raid $ARG1$ $ARG2$ $ARG3$
        }

tali direttive andranno opportunamente inserite all’interno del file /etc/nagios/objects/commands.cfg.

Successivamente si potrà procedere con la definizione del servizio che si occuperà del monitoraggio vero e proprio, da aggiungere alla configurazione dell’host target, in questo caso /etc/nagios/object/locahost.cfg:

define service{
        use                             local-service         ; Name of service template to use
        host_name                       localhost
        service_description             RAID Status
        check_command                   check_local_raid!--software
        }

A questo punto non ci rimane che ricaricare la configurazione di Nagios per rendere effettive le suddette modifiche:

[root@linuxbox ~]# service nagios reload

ed abbiamo finito.

Alla prossima.

Avast! free e lo scan che non ti aspetti

Ieri, spulciando gli allarmi di Nagios relativi alla mia rete domestica, ho notato la presenza di una sequela di eventi di questo tipo:

***** Nagios HOME *****

 Notification Type: PROBLEM

 Service: HTTP Not Found
 Host: localhost
 Address: 127.0.0.1
 State: WARNING

 Date/Time: Sat Dec 26 09:04:58 CET 2015

 Additional Info:

 192.168.1.8 - - [26/Dec/2015:09:04:57 +0100] GET /HNAP1/ HTTP/1.1 404 204

ovvero il mio PC client (192.168.1.8) ha provato, in modo automatico, ad accedere a determinate URI HTTP, puntando all’indirizzo IP del suo default gateway (192.168.1.1). In particolare, il file /var/log/httpd/error_log di quest’ultimo riportava le seguenti hit:

[Sat Dec 26 09:04:57 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/HNAP1
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/rom-0
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] scrip not found or unable to stat: /var/www/cgi-bin/webproc
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/a2
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/ajaxmail
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/arr
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/at3
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/atc
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/atx
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/auth
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/bbs
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/bbs
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/bp_revision.cgi
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/br5.cgi
[Sat Dec 26 09:05:03 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/click.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/clicks.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/crtr
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/fg.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/findweather
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/findweather
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/frame_html
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/getattach
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/hotspotlogin.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/hslogin.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/ib
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/index.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/index
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/krcgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/krcgistart
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/link
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/login.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/login
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/logout
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/logout
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/mainmenu.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/mainsrch
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/msglist
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/navega
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/openwebmail
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/out.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/passremind
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/rbaccess
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/rbaccess
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/readmsg
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/rshop.pl
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/search.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/spcnweb
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/sse.dll
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/start
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/te
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/tjcgi1
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/top
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/traffic
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/verify.cgi
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/webproc
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/webscr
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/wingame.pl
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/das
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/fcgi-bin
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/fcgi-bin
[Sat Dec 26 09:05:04 2015] [error] [client 192.168.1.8] File does not exist: /var/www/html/redir

Alla luce di ciò mi sono allarmato, e, credendo che si trattasse di un malware, ho trascorso circa 2 ore tra scansioni antivirus (Avast! Free per l’appunto), Malwarebytes e SuperAntiSpyware, senza ottenere grandi risultati. Infine, giusto per scrupolo, sono andato a controllare il file /var/log/httpd/access_log che riportava lo UA (User Agent) utilizzato per accedere alle suddette URI. Di seguito ne riporto il contenuto:

192.168.1.8 - - [26/Dec/2015:09:04:57 +0100] "GET / HTTP/1.1" 200 - "-" "avast! Antivirus"
192.168.1.8 - - [26/Dec/2015:09:04:57 +0100] "GET /HNAP1/ HTTP/1.1" 404 204 "-" "avast! Antivirus"
192.168.1.8 - - [26/Dec/2015:09:05:03 +0100] "GET /rom-0 HTTP/1.1" 404 203 "-" "avast! Antivirus"
192.168.1.8 - - [26/Dec/2015:09:05:03 +0100] "GET /cgi-bin/webproc?getpage=/../../etc/passwd&var:language=en_us&var:page=* HTTP/1.1" 404 213 "-" "avast! Antivirus"

ovvero l’origine del presunto “attacco” era, molto semplicemente, Avast! free. Infatti, andando a spulciare tra le funzionalità del suddetto antivirus, ho notato la presenza della cosiddetta Protezione rete domestica, la quale non fa altro che scansionare il range di IP della LAN su cui è attestato il client, identificando i vari dispositivi connessi ed i servizi attivi su ciascuno di essi. avast In più, credendo che il mio default gateway fosse uno dei tanti home router dozzinali che si trovano ai discount, ha iniziato a ricercare le suddette URI palesemente vulnerabili (per maggiori info basta cercare home router vulnerabilities su Google).

Tutto è bene quel che finisce bene.

Alla prossima.

Effettuare check su macchine remote mediante Nagios

In questo post ho discusso dell’autenticazione SSH mediante lo scambio delle chiavi RSA. Adesso spiegherò come effettuare dei check su macchine remote (CentOS 6) utilizzando uno degli NMS più diffusi in ambito open source, ovvero Nagios.

nag.jpg

In particolare, esso ci mette a disposizione un plugin pensato proprio per eseguire i suddetti check, il cui nome è piuttosto esplicativo: check_by_ssh. Prima di scendere nel dettaglio su come utilizzare il plugin in questione (con relativa sintassi), occorre descrivere, passo dopo passo, l’iter per la preparazione delle macchine remote e della macchina che ospita l’NMS vero e proprio.

Preparazione della macchina su cui è installato Nagios

Il primo step consiste nella modifica delle proprietà relative all’utente nagios, il quale verrà utilizzato dall’NMS per autenticarsi sulla macchina remota e lanciare tutti i controlli del caso. Analizzando il file /etc/passwd si nota che l’utente nagios possiede le seguenti caratteristiche:

nagios:x:496:492::/var/spool/nagios:/sbin/nologin

ciò significa che il suddetto utente non può loggarsi ed utilizzare la shell.

Per rimuovere tale limitazione è sufficiante modificare la stringa precedentemente illustrata nel modo seguente:

nagios:x:496:492::/var/spool/nagios:/bin/bash

dove 496 rappresenta l’UID, 492 il GID, /var/spool/nagios la directory home e /bin/bash la shell dell’utente.

A questo punto modifichiamo la password associata all’utente in questione:

[root@NMS ~]# passwd nagios

ed infine proviamo a loggarci:

su nagios

Se il prompt ottenuto è il seguente:

bash-4.1$

vuol dire che le nostre modifiche sono andate a buon fine.

Ora procediamo con la generazione della coppia di chiavi RSA (pubblica e privata) per la macchina su cui è installato Nagios (le quali, ovviamente, devono riferirsi all’utente nagios). Il comando da lanciare è il seguente:

 bash-4.1$ ssh-keygen
 Generating public/private rsa key pair.
 Enter file in which to save the key (/var/spool/nagios/.ssh/id_rsa):
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /var/spool/nagios/.ssh/id_rsa.
 Your public key has been saved in /var/spool/nagios/.ssh/id_rsa.pub.
 The key fingerprint is:
 f1:e5:35:cc:29:78:48:89:b5:ea:d6:ce:42:f5:3c:b8 nagios@NMS.test.loc

Preparazione delle macchine remote

Anche su ciascuna macchina remota che deve essere interrogata dal nostro NMS è necessario modificare le proprietà dell’utente nagios (seguendo quanto riportato in precedenza), eccezion fatta per la generazione delle chiavi RSA.

Una volta ottenuto il prompt:

bash-4.1$

sulla macchina remota, spostiamoci nella home directory di nagios (cd /var/spool/nagios) e lanciamo i seguenti comandi:

bash-4.1$ mkdir .ssh

bash-4.1$ cd .ssh

bash-4.1$ nano authorized_keys

inserendo al suo interno il contenuto del file id_rsa.pub presente nella macchina che ospita l’NMS.

Infine digitiamo:

bash-4.1$ chmod 600 authorized_keys

e proviamo a loggarci (dall’NMS) sulla macchina remota:

bash-4.1$ ssh remotemachine.test.loc

Se il suddetto comando non ci restituisce alcun tipo di errore (e soprattutto non ci richiede l’inserimento di password alcuna), vuol dire che l’autenticazione SSH mediante lo scambio delle chiavi RSA funziona correttamente.

Installiamo quindi i plugins di Nagios attraverso yum:

[root@remotemachine ~]# yum install nagios-plugins-all

Ad installazione completata torniamo sulla macchina su cui è installato Nagios ed esaminiamo il plugin check_by_ssh.

Dall’help del suddetto comando si ottiene:

bash-4.1$ ./check_by_ssh --help

check_by_ssh -H <host> -C <command> [-fqv] [-1|-2] [-4|-6]
       [-S [lines-- [-E [lines-- [-t timeout] [-i identity]
       [-l user] [-n name] [-s servicelist] [-O outputfile]
       [-p port] [-o ssh-option] [-F configfile]

Ergo, editando il file commands.cfg presente nella dir /etc/nagios/objects possiamo forgiare dei comandi ad hoc, ad esempio:

# 'check_remote_disk' command definition
define command{
        command_name    check_remote_disk
        command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -C "/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$"
        }

# 'check_remote_load' command definition
define command{
        command_name    check_remote_load
        command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -C "/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$"
        }

# 'check_remote_procs' command definition
define command{
        command_name    check_remote_procs
        command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -C "/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$"
        }

# 'check_remote_swap' command definition
define command{
        command_name    check_remote_swap
        command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -C "/usr/lib64/nagios/plugins/check_swap -w $ARG1$ -c $ARG2$"
        }

Non ci resta che modificare il file di configurazione che consente a Nagios di monitorare la macchina remota, ad esempio remotemachine.test.loc.cfg:

define service{
        use                             local-service         ; Name of service template to use
        host_name                       remotemachine.test.loc
        service_description             Disk Usage
        check_command                   check_remote_disk!20%!10%!/
        notifications_enabled           0
        }

define service{
        use                             local-service         ; Name of service template to use
        host_name                       remotemachine.test.loc
        service_description             CPU Load
        check_command                   check_remote_load!5.0,4.0,3.0!10.0,6.0,4.0
        notifications_enabled           0
        }

define service{
        use                             local-service         ; Name of service template to use
        host_name                       remotemachine.test.loc
        service_description             CPU Procs
        check_command                   check_remote_procs!250!400!RSZDT
        notifications_enabled           0
        }

define service{
        use                             local-service         ; Name of service template to use
        host_name                      remotemachine.test.loc
        service_description             SWAP Usage
        check_command                   check_remote_swap!20!10
        notifications_enabled           0
        }

Riavviamo Nagios per rendere effettive le suddette modifiche:

[root@NMS objects]# service nagios restart

ed abbiamo finito.

Enjoy!

PS: se sulla macchina target è in funzione SElinux occorre disabilitarlo mediante il comando:

[root@remotemachine]# setenforce 0

e successivamente evitare che tale servizio venga riattivato dopo ogni reboot:

[root@remotemachine]# nano /etc/sysconfig/selinux

sostituendo la stringa

SELINUX=enforcing

con

SELINUX=disabled