Professional Documents
Culture Documents
Postfix Configuration:
Install VIM:
cd /etc/nagios3/
sudo htpasswd -c htpasswd.users nagios
Restart Nagios:
replace:
define service{
use generic-service ; Name of service template to
use
host_name localhost
service_description Disk Space
check_command check_all_disks!20%!10%!
}
with:
define service{
use generic-service ; Name of service template to
use
host_name localhost
service_description Disk Space
check_command check_disk!20%!10%!/dev/sda1
}
Following the initial creation of the CA file, it will ask you some questions to uniquely
identify this certificate. This is what you should see:
You can make up all this info, but make sure you can remember it as you will need to
know it later on. All you need to fill in is the country code, the state (if you are from the
US), your city, and the organization name (if it is a multi word name, use underscores
for spaces). When you see it ask for your common name, just enter the domain name
you used in the postfix configuration (it does not matter what you enter really as long as
you enter something), Finally, enter an e-mail when it asks. Everything else can be left
blank.
If you screw up, you can re-run the CA.pl script but make sure to delete the demoCA
directory which will be located in the directory you are doing all this work.
Now that we have created a Certificate Authority file we can make the server certificate
and the public key used in the authentication process. To make the server certificate run
this command replacing the information in the single quotes with the information you put
into your CA file:
CN is the place you put the common name you used, O is the organization name, C is
the country, ST is the state, L is the city, emailAddress is... well.. the email address
you used. Make sure you enter those items in EXACTLY the way you did above or your
key will not authenticate.
What this command does is it creates a certificate key file called FOO-key.pem and a req
file called FOO-req.pem. The second file will be used to create the certificate file we will
need.
This create a signed certificate file that will be used to verify your identity as the
originating server. Simply answer yes to the prompts that follow.
Finally copy the certificate files to /etc/postfix and give them the needed permissions:
## TLS Settings
#
# For no logs set = 0
smtp_tls_loglevel = 1
#
# smtp_enforce_tls = yes
# Above is commented because doing it site by site below
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
#
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
smtp_tls_key_file = /etc/postfix/FOO-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
## SASL Settings
# This is going in to THIS server
smtpd_sasl_auth_enable = no
# We need this
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
#smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd
## Gmail Relay
relayhost = [smtp.gmail.com]:587
## Good for Testing
# sender_bcc_maps = hash:/etc/postfix/bcc_table
# Disable DNS Lookups
disable_dns_lookups = yes
#
# Great New feature Address Mapping
# for example may mchirico@localhost to mchirico@gmail.com
smtp_generic_maps = hash:/etc/postfix/generic
#
#
transport_maps = hash:/etc/postfix/transport
Setting up the sasl_passwd file and hash is necessary to log into gmail. Remaining in
the /etc/postfix directory issue the command:
[smtp.gmail.com]:587 osshoustontx@gmail.com:password
The smtp info needs to remain, but you must change the email address and the
password to match your own.
replace bms@bob.com with your username on your linux box before the '@' sign and
your hostname after the '@'. Similarly, replace 'bms@gmail.com' with your gmail
address.
Now we need to make the transport file and hash. This is the file that tells postfix how to
rout emails it gets.
Open a new text file called transport and enter into it:
What this tells postfix is to send all mail to gmail except for two cases.
On my network I have two other computers. One called comp1 the other called
comp2. I am telling postfix to send email meant for those two computers
directly to them.
Remember to make the hash for the transport file.
smtp.gmail.com MUST
#comp1.bob.com MUST
#comp2.bob.com MUST
Open master.cf using $sudo gedit master.cf and find the line that reads relay unix
- - n - - smtp. It will be a little ways down. Beneath that line, you will probably see a
few settings that start with '-o', we will be adding one more. Enter -o
smtp_generic_maps= right below the relay line. This entry tells postfix to send out your
emails with your gmail address as the originating address rather than your Ubuntu
account and domain.
When ever you edit the master.cf file you need to reload postfix. To do this simply issue
the command
define host{
name customer-host ; The name of this host template
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program
restarts
retain_nonstatus_information 1 ; Retain non-status information across
program restarts
check_command check-host-alive
max_check_attempts 10
notification_interval 0 ;(minutes) Zero is only send notifications on
status change
notification_period 24x7
notification_options d,u,r
contact_groups admins
register 1
}
define host{
use customer-host ; Name of host template to use
host_name watchman
alias cta
address cta.homelinux.com
}
define service{
use customer-service
host_name watchman
service_description Current Load
check_command check_nrpe_1arg!check_load
}
define service{
use customer-service
host_name watchman
service_description Check Users
check_command check_nrpe_1arg!check_users
}
define service{
use customer-service
host_name watchman
service_description Software Updates
check_command check_nrpe_1arg!check_apt
define service{
use customer-service
host_name watchman
service_description Total Processes
check_command check_nrpe_1arg!check_total_procs
}
define service{
use customer-service
host_name watchman
service_description Zombie Processes
check_command check_nrpe!check_zombie_procs
}
define service {
use customer-service
host_name watchman
service_description HTTP
check_command check_http
}
define service {
use customer-service
host_name watchman
service_description SSH
check_command check_ssh
}
REMOTE HOST
Install NRPE on Remote Host:
ssh daniel@remotehost.com
sudo apt-get install nagios-nrpe-server
cc
replace:
allowed_hosts=tonytonychopper.homelinux.com
with:
allowed_hosts=tonytonychopper.homelinux.com
replace:
command[check_hda1]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p
/dev/hda1
with (for a 1TB Drive, 500GB use 8%, 2%):
command[check_sda1]=/usr/lib/nagios/plugins/check_disk -w 4% -c 1% -p /dev/
sda1
add definitions:
command[check_swap]=/usr/lib/nagios/plugins/check_swap -w 90% -c 70%
command[check_apt]=/usr/lib/nagios/plugins/check_apt -t 60
Restart NRPE: