linux – Page 43 – Kev's Development Toolbox

July 2, 2009

Setting up Nagios system monitoring on Ubuntu8.1 server

Latest package is nagios3 – to install:

<code>sudo apt-get install nagios3

A good article on setup and config is here.

To restart the Nagios server after making config changes: sudo /etc/init.d/nagios3 restart

Resolving CGI auth issues

Part of the install instructions above told me to create a user ‘nagios’, but the default config is setup to allow ‘nagiosadmin’ access to monitor services. Accessing the wepages you get this:

<code>"It appears as though you do not have permission to view information for
any of the hosts you requested... If you believe this is an error, check
the HTTP server authentication requirements for accessing this CGI and
check the authorization options in your CGI configuration file."</code>

To fix this, edit /etc/nagios3/cgi.cfg, and replace ‘nagiosadmin’ everywhere with ‘nagios’ (assuming the user you created was called ‘nagios’)

June 4, 2009

Ubuntu 9 server cron jobs (cron.daily, cron.weekly etc)

I have some backup scripts that live in my home directory and are symlinked into the /etc/cron.daily and cron.weekly etc dirs. Apparently run-parts will not run scripts that have a ‘.’ in the filename, so the symlink to the .sh files has to be named minus the file extension.

Also, testing the scripts with ‘sudo runparts /etc/crond.daily’ gave errors like this:

<code>run-parts: failed to exec /etc/cron.daily/update_apache_logs: Exec format error</code>

To fix this, I added this to the top of each of the scripts:

<code>#!/bin/sh</code>

May 29, 2007

Making changes to /etc/profile

If you make changes to /etc/profile and want them to take effect immediately without rebooting, run the script using . ./profile (assuming the file has execute flag set, if not chmod +x profile to set it).

August 10, 2006

Blacklisting incoming sites using iptables

Use this command to add an ip address to be blocked by iptables:

<code>
iptables -I INPUT -s x.x.x.x -j DROP
iptables -I INPUT -s x.x.x.x -j LOG
</code>

This example inserts a rule at the top of the table to block all incoming requests from ip x.x.x.x, and then inserts a second rule at the top to first log any connection attempts from this address (before they are blocked).

To see what rules are currently configured, use: iptables -L

For more info, see this entry in the O’Reily Linux Hacks book.