cloud-mu 3.5.0 → 3.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Berksfile +5 -2
- data/Berksfile.lock +135 -0
- data/ansible/roles/mu-base/README.md +33 -0
- data/ansible/roles/mu-base/defaults/main.yml +2 -0
- data/ansible/roles/mu-base/files/check_apm.cfg +1 -0
- data/ansible/roles/mu-base/files/check_apm.sh +18 -0
- data/ansible/roles/mu-base/files/check_disk.cfg +1 -0
- data/ansible/roles/mu-base/files/check_elastic_shards.cfg +1 -0
- data/ansible/roles/mu-base/files/check_elastic_shards.sh +12 -0
- data/ansible/roles/mu-base/files/check_logstash.cfg +1 -0
- data/ansible/roles/mu-base/files/check_logstash.sh +14 -0
- data/ansible/roles/mu-base/files/check_mem.cfg +1 -0
- data/ansible/roles/mu-base/files/check_updates.cfg +1 -0
- data/ansible/roles/mu-base/files/logrotate.conf +35 -0
- data/ansible/roles/mu-base/files/nrpe-apm-sudo +1 -0
- data/ansible/roles/mu-base/files/nrpe-elasticshards-sudo +2 -0
- data/ansible/roles/mu-base/handlers/main.yml +5 -0
- data/ansible/roles/mu-base/meta/main.yml +53 -0
- data/ansible/roles/mu-base/tasks/main.yml +113 -0
- data/ansible/roles/mu-base/templates/nrpe.cfg.j2 +231 -0
- data/ansible/roles/mu-base/tests/inventory +2 -0
- data/ansible/roles/mu-base/tests/test.yml +5 -0
- data/ansible/roles/mu-base/vars/main.yml +1 -0
- data/ansible/roles/mu-compliance/README.md +33 -0
- data/ansible/roles/mu-compliance/defaults/main.yml +2 -0
- data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark.xml +15674 -0
- data/ansible/roles/mu-compliance/files/U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark.xml +17553 -0
- data/ansible/roles/mu-compliance/handlers/main.yml +2 -0
- data/ansible/roles/mu-compliance/meta/main.yml +53 -0
- data/ansible/roles/mu-compliance/tasks/main.yml +45 -0
- data/ansible/roles/mu-compliance/tests/inventory +2 -0
- data/ansible/roles/mu-compliance/tests/test.yml +5 -0
- data/ansible/roles/mu-compliance/vars/main.yml +4 -0
- data/ansible/roles/mu-elastic/README.md +51 -0
- data/ansible/roles/mu-elastic/defaults/main.yml +2 -0
- data/ansible/roles/mu-elastic/files/jvm.options +93 -0
- data/ansible/roles/mu-elastic/handlers/main.yml +10 -0
- data/ansible/roles/mu-elastic/meta/main.yml +52 -0
- data/ansible/roles/mu-elastic/tasks/main.yml +186 -0
- data/ansible/roles/mu-elastic/templates/elasticsearch.yml.j2 +110 -0
- data/ansible/roles/mu-elastic/templates/kibana.yml.j2 +131 -0
- data/ansible/roles/mu-elastic/templates/password_set.expect.j2 +19 -0
- data/ansible/roles/mu-elastic/tests/inventory +2 -0
- data/ansible/roles/mu-elastic/tests/test.yml +5 -0
- data/ansible/roles/mu-elastic/vars/main.yml +2 -0
- data/ansible/roles/mu-logstash/README.md +51 -0
- data/ansible/roles/mu-logstash/defaults/main.yml +2 -0
- data/ansible/roles/mu-logstash/files/02-beats-input.conf +5 -0
- data/ansible/roles/mu-logstash/files/10-rails-filter.conf +16 -0
- data/ansible/roles/mu-logstash/files/jvm.options +84 -0
- data/ansible/roles/mu-logstash/files/logstash.yml +304 -0
- data/ansible/roles/mu-logstash/handlers/main.yml +20 -0
- data/ansible/roles/mu-logstash/meta/main.yml +52 -0
- data/ansible/roles/mu-logstash/tasks/main.yml +254 -0
- data/ansible/roles/mu-logstash/templates/20-cloudtrail.conf.j2 +28 -0
- data/ansible/roles/mu-logstash/templates/30-elasticsearch-output.conf.j2 +19 -0
- data/ansible/roles/mu-logstash/templates/apm-server.yml.j2 +33 -0
- data/ansible/roles/mu-logstash/templates/heartbeat.yml.j2 +29 -0
- data/ansible/roles/mu-logstash/templates/nginx/apm.conf.j2 +25 -0
- data/ansible/roles/mu-logstash/templates/nginx/default.conf.j2 +56 -0
- data/ansible/roles/mu-logstash/templates/nginx/elastic.conf.j2 +27 -0
- data/ansible/roles/mu-logstash/tests/inventory +2 -0
- data/ansible/roles/mu-logstash/tests/test.yml +5 -0
- data/ansible/roles/mu-logstash/vars/main.yml +2 -0
- data/ansible/roles/mu-rdp/README.md +33 -0
- data/ansible/roles/mu-rdp/meta/main.yml +53 -0
- data/ansible/roles/mu-rdp/tasks/main.yml +9 -0
- data/ansible/roles/mu-rdp/tests/inventory +2 -0
- data/ansible/roles/mu-rdp/tests/test.yml +5 -0
- data/ansible/roles/mu-windows/tasks/main.yml +3 -0
- data/bin/mu-ansible-secret +1 -1
- data/bin/mu-aws-setup +4 -3
- data/bin/mu-azure-setup +5 -5
- data/bin/mu-configure +25 -17
- data/bin/mu-firewall-allow-clients +1 -0
- data/bin/mu-gcp-setup +3 -3
- data/bin/mu-load-config.rb +1 -0
- data/bin/mu-node-manage +66 -33
- data/bin/mu-self-update +2 -2
- data/bin/mu-upload-chef-artifacts +6 -1
- data/bin/mu-user-manage +1 -1
- data/cloud-mu.gemspec +25 -23
- data/cookbooks/firewall/CHANGELOG.md +417 -224
- data/cookbooks/firewall/LICENSE +202 -0
- data/cookbooks/firewall/README.md +153 -126
- data/cookbooks/firewall/TODO.md +6 -0
- data/cookbooks/firewall/attributes/firewalld.rb +7 -0
- data/cookbooks/firewall/attributes/iptables.rb +3 -3
- data/cookbooks/firewall/chefignore +115 -0
- data/cookbooks/firewall/libraries/helpers.rb +5 -0
- data/cookbooks/firewall/libraries/helpers_firewalld.rb +1 -1
- data/cookbooks/firewall/libraries/helpers_firewalld_dbus.rb +72 -0
- data/cookbooks/firewall/libraries/helpers_iptables.rb +3 -3
- data/cookbooks/firewall/libraries/helpers_nftables.rb +170 -0
- data/cookbooks/firewall/libraries/helpers_ufw.rb +7 -0
- data/cookbooks/firewall/libraries/helpers_windows.rb +8 -9
- data/cookbooks/firewall/libraries/provider_firewall_firewalld.rb +9 -9
- data/cookbooks/firewall/libraries/provider_firewall_iptables.rb +7 -7
- data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu.rb +12 -8
- data/cookbooks/firewall/libraries/provider_firewall_iptables_ubuntu1404.rb +13 -9
- data/cookbooks/firewall/libraries/provider_firewall_rule.rb +1 -1
- data/cookbooks/firewall/libraries/provider_firewall_ufw.rb +5 -5
- data/cookbooks/firewall/libraries/provider_firewall_windows.rb +4 -4
- data/cookbooks/firewall/libraries/resource_firewall_rule.rb +3 -3
- data/cookbooks/firewall/metadata.json +40 -1
- data/cookbooks/firewall/metadata.rb +15 -0
- data/cookbooks/firewall/recipes/default.rb +7 -7
- data/cookbooks/firewall/recipes/disable_firewall.rb +1 -1
- data/cookbooks/firewall/recipes/firewalld.rb +87 -0
- data/cookbooks/firewall/renovate.json +18 -0
- data/cookbooks/firewall/resources/firewalld.rb +28 -0
- data/cookbooks/firewall/resources/firewalld_config.rb +39 -0
- data/cookbooks/firewall/resources/firewalld_helpers.rb +106 -0
- data/cookbooks/firewall/resources/firewalld_icmptype.rb +88 -0
- data/cookbooks/firewall/resources/firewalld_ipset.rb +104 -0
- data/cookbooks/firewall/resources/firewalld_policy.rb +115 -0
- data/cookbooks/firewall/resources/firewalld_service.rb +98 -0
- data/cookbooks/firewall/resources/firewalld_zone.rb +118 -0
- data/cookbooks/firewall/resources/nftables.rb +71 -0
- data/cookbooks/firewall/resources/nftables_rule.rb +113 -0
- data/cookbooks/mu-activedirectory/Berksfile +1 -1
- data/cookbooks/mu-activedirectory/metadata.rb +1 -1
- data/cookbooks/mu-firewall/metadata.rb +2 -2
- data/cookbooks/mu-master/Berksfile +4 -3
- data/cookbooks/mu-master/attributes/default.rb +5 -2
- data/cookbooks/mu-master/files/default/check_elastic.sh +761 -0
- data/cookbooks/mu-master/files/default/check_kibana.rb +45 -0
- data/cookbooks/mu-master/libraries/mu.rb +24 -0
- data/cookbooks/mu-master/metadata.rb +5 -5
- data/cookbooks/mu-master/recipes/default.rb +31 -20
- data/cookbooks/mu-master/recipes/firewall-holes.rb +5 -0
- data/cookbooks/mu-master/recipes/init.rb +58 -19
- data/cookbooks/mu-master/recipes/update_nagios_only.rb +251 -178
- data/cookbooks/mu-master/templates/default/nagios.conf.erb +5 -11
- data/cookbooks/mu-master/templates/default/web_app.conf.erb +3 -0
- data/cookbooks/mu-php54/Berksfile +1 -1
- data/cookbooks/mu-php54/metadata.rb +2 -2
- data/cookbooks/mu-tools/Berksfile +2 -3
- data/cookbooks/mu-tools/attributes/default.rb +3 -4
- data/cookbooks/mu-tools/files/amazon/etc/bashrc +90 -0
- data/cookbooks/mu-tools/files/amazon/etc/login.defs +292 -0
- data/cookbooks/mu-tools/files/amazon/etc/profile +77 -0
- data/cookbooks/mu-tools/files/amazon/etc/security/limits.conf +63 -0
- data/cookbooks/mu-tools/files/amazon/etc/sysconfig/init +19 -0
- data/cookbooks/mu-tools/files/amazon/etc/sysctl.conf +82 -0
- data/cookbooks/mu-tools/files/amazon-2023/etc/login.defs +294 -0
- data/cookbooks/mu-tools/files/default/logrotate.conf +35 -0
- data/cookbooks/mu-tools/files/default/nrpe_conf_d.pp +0 -0
- data/cookbooks/mu-tools/libraries/helper.rb +21 -9
- data/cookbooks/mu-tools/metadata.rb +4 -4
- data/cookbooks/mu-tools/recipes/apply_security.rb +3 -2
- data/cookbooks/mu-tools/recipes/aws_api.rb +23 -5
- data/cookbooks/mu-tools/recipes/base_repositories.rb +4 -1
- data/cookbooks/mu-tools/recipes/gcloud.rb +56 -56
- data/cookbooks/mu-tools/recipes/nagios.rb +1 -1
- data/cookbooks/mu-tools/recipes/nrpe.rb +20 -2
- data/cookbooks/mu-tools/recipes/rsyslog.rb +12 -1
- data/cookbooks/mu-tools/recipes/set_local_fw.rb +1 -1
- data/data_bags/nagios_services/apm_backend_connect.json +5 -0
- data/data_bags/nagios_services/apm_listen.json +5 -0
- data/data_bags/nagios_services/elastic_shards.json +5 -0
- data/data_bags/nagios_services/logstash.json +5 -0
- data/data_bags/nagios_services/rhel7_updates.json +8 -0
- data/extras/image-generators/AWS/centos7.yaml +1 -0
- data/extras/image-generators/AWS/rhel7.yaml +21 -0
- data/extras/image-generators/AWS/win2k12r2.yaml +1 -0
- data/extras/image-generators/AWS/win2k16.yaml +1 -0
- data/extras/image-generators/AWS/win2k19.yaml +1 -0
- data/extras/list-stock-amis +0 -0
- data/extras/ruby_rpm/muby.spec +8 -5
- data/extras/vault_tools/export_vaults.sh +1 -1
- data/extras/vault_tools/recreate_vaults.sh +0 -0
- data/extras/vault_tools/test_vaults.sh +0 -0
- data/install/deprecated-bash-library.sh +1 -1
- data/install/installer +4 -2
- data/modules/mommacat.ru +3 -1
- data/modules/mu/adoption.rb +1 -1
- data/modules/mu/cloud/dnszone.rb +2 -2
- data/modules/mu/cloud/machine_images.rb +26 -25
- data/modules/mu/cloud/resource_base.rb +213 -182
- data/modules/mu/cloud/server_pool.rb +1 -1
- data/modules/mu/cloud/ssh_sessions.rb +7 -5
- data/modules/mu/cloud/wrappers.rb +2 -2
- data/modules/mu/cloud.rb +1 -1
- data/modules/mu/config/bucket.rb +1 -1
- data/modules/mu/config/function.rb +6 -1
- data/modules/mu/config/loadbalancer.rb +24 -2
- data/modules/mu/config/ref.rb +12 -0
- data/modules/mu/config/role.rb +1 -1
- data/modules/mu/config/schema_helpers.rb +42 -9
- data/modules/mu/config/server.rb +43 -27
- data/modules/mu/config/tail.rb +19 -10
- data/modules/mu/config.rb +6 -5
- data/modules/mu/defaults/AWS.yaml +78 -114
- data/modules/mu/deploy.rb +9 -2
- data/modules/mu/groomer.rb +12 -4
- data/modules/mu/groomers/ansible.rb +104 -20
- data/modules/mu/groomers/chef.rb +15 -6
- data/modules/mu/master.rb +9 -4
- data/modules/mu/mommacat/daemon.rb +4 -2
- data/modules/mu/mommacat/naming.rb +1 -2
- data/modules/mu/mommacat/storage.rb +7 -2
- data/modules/mu/mommacat.rb +33 -6
- data/modules/mu/providers/aws/database.rb +161 -8
- data/modules/mu/providers/aws/dnszone.rb +11 -6
- data/modules/mu/providers/aws/endpoint.rb +81 -6
- data/modules/mu/providers/aws/firewall_rule.rb +254 -172
- data/modules/mu/providers/aws/function.rb +65 -3
- data/modules/mu/providers/aws/loadbalancer.rb +39 -28
- data/modules/mu/providers/aws/log.rb +2 -1
- data/modules/mu/providers/aws/role.rb +25 -7
- data/modules/mu/providers/aws/server.rb +36 -12
- data/modules/mu/providers/aws/server_pool.rb +237 -127
- data/modules/mu/providers/aws/storage_pool.rb +7 -1
- data/modules/mu/providers/aws/user.rb +1 -1
- data/modules/mu/providers/aws/userdata/linux.erb +6 -2
- data/modules/mu/providers/aws/userdata/windows.erb +7 -5
- data/modules/mu/providers/aws/vpc.rb +49 -25
- data/modules/mu/providers/aws.rb +13 -8
- data/modules/mu/providers/azure/container_cluster.rb +1 -1
- data/modules/mu/providers/azure/loadbalancer.rb +2 -2
- data/modules/mu/providers/azure/server.rb +5 -2
- data/modules/mu/providers/azure/userdata/linux.erb +1 -1
- data/modules/mu/providers/azure.rb +11 -8
- data/modules/mu/providers/cloudformation/dnszone.rb +1 -1
- data/modules/mu/providers/google/container_cluster.rb +15 -2
- data/modules/mu/providers/google/folder.rb +2 -1
- data/modules/mu/providers/google/function.rb +130 -4
- data/modules/mu/providers/google/habitat.rb +2 -1
- data/modules/mu/providers/google/loadbalancer.rb +407 -160
- data/modules/mu/providers/google/role.rb +16 -3
- data/modules/mu/providers/google/server.rb +5 -1
- data/modules/mu/providers/google/user.rb +25 -18
- data/modules/mu/providers/google/userdata/linux.erb +1 -1
- data/modules/mu/providers/google/vpc.rb +53 -7
- data/modules/mu/providers/google.rb +39 -39
- data/modules/mu.rb +8 -8
- data/modules/tests/elk.yaml +46 -0
- data/test/mu-master-test/controls/all_in_one.rb +1 -1
- metadata +207 -112
- data/cookbooks/firewall/CONTRIBUTING.md +0 -2
- data/cookbooks/firewall/MAINTAINERS.md +0 -19
- data/cookbooks/firewall/libraries/matchers.rb +0 -30
- data/extras/image-generators/AWS/rhel71.yaml +0 -17
@@ -0,0 +1,231 @@
|
|
1
|
+
#############################################################################
|
2
|
+
# Sample NRPE Config File
|
3
|
+
# Written by: Ethan Galstad (nagios@nagios.org)
|
4
|
+
#
|
5
|
+
# Last Modified: 11-23-2007
|
6
|
+
#
|
7
|
+
# NOTES:
|
8
|
+
# This is a sample configuration file for the NRPE daemon. It needs to be
|
9
|
+
# located on the remote host that is running the NRPE daemon, not the host
|
10
|
+
# from which the check_nrpe client is being executed.
|
11
|
+
#############################################################################
|
12
|
+
|
13
|
+
|
14
|
+
# LOG FACILITY
|
15
|
+
# The syslog facility that should be used for logging purposes.
|
16
|
+
|
17
|
+
log_facility=daemon
|
18
|
+
|
19
|
+
|
20
|
+
|
21
|
+
# PID FILE
|
22
|
+
# The name of the file in which the NRPE daemon should write it's process ID
|
23
|
+
# number. The file is only written if the NRPE daemon is started by the root
|
24
|
+
# user and is running in standalone mode.
|
25
|
+
|
26
|
+
pid_file=/var/run/nrpe/nrpe.pid
|
27
|
+
|
28
|
+
|
29
|
+
|
30
|
+
# PORT NUMBER
|
31
|
+
# Port number we should wait for connections on.
|
32
|
+
# NOTE: This must be a non-priviledged port (i.e. > 1024).
|
33
|
+
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
34
|
+
|
35
|
+
server_port=5666
|
36
|
+
|
37
|
+
|
38
|
+
|
39
|
+
# SERVER ADDRESS
|
40
|
+
# Address that nrpe should bind to in case there are more than one interface
|
41
|
+
# and you do not want nrpe to bind on all interfaces.
|
42
|
+
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
43
|
+
|
44
|
+
#server_address=
|
45
|
+
|
46
|
+
|
47
|
+
|
48
|
+
# NRPE USER
|
49
|
+
# This determines the effective user that the NRPE daemon should run as.
|
50
|
+
# You can either supply a username or a UID.
|
51
|
+
#
|
52
|
+
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
53
|
+
|
54
|
+
nrpe_user=nrpe
|
55
|
+
|
56
|
+
|
57
|
+
|
58
|
+
# NRPE GROUP
|
59
|
+
# This determines the effective group that the NRPE daemon should run as.
|
60
|
+
# You can either supply a group name or a GID.
|
61
|
+
#
|
62
|
+
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
63
|
+
|
64
|
+
nrpe_group=nrpe
|
65
|
+
|
66
|
+
|
67
|
+
|
68
|
+
# ALLOWED HOST ADDRESSES
|
69
|
+
# This is an optional comma-delimited list of IP address or hostnames
|
70
|
+
# that are allowed to talk to the NRPE daemon. Network addresses with a bit mask
|
71
|
+
# (i.e. 192.168.1.0/24) are also supported. Hostname wildcards are not currently
|
72
|
+
# supported.
|
73
|
+
#
|
74
|
+
# Note: The daemon only does rudimentary checking of the client's IP
|
75
|
+
# address. I would highly recommend adding entries in your /etc/hosts.allow
|
76
|
+
# file to allow only the specified host to connect to the port
|
77
|
+
# you are running this daemon on.
|
78
|
+
#
|
79
|
+
# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
|
80
|
+
|
81
|
+
allowed_hosts={{ mu_deployment['mu_all_ips'] | join(",") }}
|
82
|
+
|
83
|
+
# COMMAND ARGUMENT PROCESSING
|
84
|
+
# This option determines whether or not the NRPE daemon will allow clients
|
85
|
+
# to specify arguments to commands that are executed. This option only works
|
86
|
+
# if the daemon was configured with the --enable-command-args configure script
|
87
|
+
# option.
|
88
|
+
#
|
89
|
+
# *** ENABLING THIS OPTION IS A SECURITY RISK! ***
|
90
|
+
# Read the SECURITY file for information on some of the security implications
|
91
|
+
# of enabling this variable.
|
92
|
+
#
|
93
|
+
# Values: 0=do not allow arguments, 1=allow command arguments
|
94
|
+
|
95
|
+
dont_blame_nrpe=0
|
96
|
+
|
97
|
+
|
98
|
+
|
99
|
+
# BASH COMMAND SUBTITUTION
|
100
|
+
# This option determines whether or not the NRPE daemon will allow clients
|
101
|
+
# to specify arguments that contain bash command substitutions of the form
|
102
|
+
# $(...). This option only works if the daemon was configured with both
|
103
|
+
# the --enable-command-args and --enable-bash-command-substitution configure
|
104
|
+
# script options.
|
105
|
+
#
|
106
|
+
# *** ENABLING THIS OPTION IS A HIGH SECURITY RISK! ***
|
107
|
+
# Read the SECURITY file for information on some of the security implications
|
108
|
+
# of enabling this variable.
|
109
|
+
#
|
110
|
+
# Values: 0=do not allow bash command substitutions,
|
111
|
+
# 1=allow bash command substitutions
|
112
|
+
|
113
|
+
allow_bash_command_substitution=0
|
114
|
+
|
115
|
+
|
116
|
+
|
117
|
+
# COMMAND PREFIX
|
118
|
+
# This option allows you to prefix all commands with a user-defined string.
|
119
|
+
# A space is automatically added between the specified prefix string and the
|
120
|
+
# command line from the command definition.
|
121
|
+
#
|
122
|
+
# *** THIS EXAMPLE MAY POSE A POTENTIAL SECURITY RISK, SO USE WITH CAUTION! ***
|
123
|
+
# Usage scenario:
|
124
|
+
# Execute restricted commmands using sudo. For this to work, you need to add
|
125
|
+
# the nagios user to your /etc/sudoers. An example entry for alllowing
|
126
|
+
# execution of the plugins from might be:
|
127
|
+
#
|
128
|
+
# nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/
|
129
|
+
#
|
130
|
+
# This lets the nagios user run all commands in that directory (and only them)
|
131
|
+
# without asking for a password. If you do this, make sure you don't give
|
132
|
+
# random users write access to that directory or its contents!
|
133
|
+
|
134
|
+
#command_prefix=/usr/bin/sudo
|
135
|
+
|
136
|
+
|
137
|
+
|
138
|
+
# DEBUGGING OPTION
|
139
|
+
# This option determines whether or not debugging messages are logged to the
|
140
|
+
# syslog facility.
|
141
|
+
# Values: 0=debugging off, 1=debugging on
|
142
|
+
|
143
|
+
debug=0
|
144
|
+
|
145
|
+
|
146
|
+
|
147
|
+
# COMMAND TIMEOUT
|
148
|
+
# This specifies the maximum number of seconds that the NRPE daemon will
|
149
|
+
# allow plugins to finish executing before killing them off.
|
150
|
+
|
151
|
+
command_timeout=60
|
152
|
+
|
153
|
+
|
154
|
+
|
155
|
+
# CONNECTION TIMEOUT
|
156
|
+
# This specifies the maximum number of seconds that the NRPE daemon will
|
157
|
+
# wait for a connection to be established before exiting. This is sometimes
|
158
|
+
# seen where a network problem stops the SSL being established even though
|
159
|
+
# all network sessions are connected. This causes the nrpe daemons to
|
160
|
+
# accumulate, eating system resources. Do not set this too low.
|
161
|
+
|
162
|
+
connection_timeout=300
|
163
|
+
|
164
|
+
|
165
|
+
|
166
|
+
# WEEK RANDOM SEED OPTION
|
167
|
+
# This directive allows you to use SSL even if your system does not have
|
168
|
+
# a /dev/random or /dev/urandom (on purpose or because the necessary patches
|
169
|
+
# were not applied). The random number generator will be seeded from a file
|
170
|
+
# which is either a file pointed to by the environment valiable $RANDFILE
|
171
|
+
# or $HOME/.rnd. If neither exists, the pseudo random number generator will
|
172
|
+
# be initialized and a warning will be issued.
|
173
|
+
# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
|
174
|
+
|
175
|
+
#allow_weak_random_seed=1
|
176
|
+
|
177
|
+
|
178
|
+
|
179
|
+
# INCLUDE CONFIG FILE
|
180
|
+
# This directive allows you to include definitions from an external config file.
|
181
|
+
|
182
|
+
#include=<somefile.cfg>
|
183
|
+
|
184
|
+
|
185
|
+
|
186
|
+
# COMMAND DEFINITIONS
|
187
|
+
# Command definitions that this daemon will run. Definitions
|
188
|
+
# are in the following format:
|
189
|
+
#
|
190
|
+
# command[<command_name>]=<command_line>
|
191
|
+
#
|
192
|
+
# When the daemon receives a request to return the results of <command_name>
|
193
|
+
# it will execute the command specified by the <command_line> argument.
|
194
|
+
#
|
195
|
+
# Unlike Nagios, the command line cannot contain macros - it must be
|
196
|
+
# typed exactly as it should be executed.
|
197
|
+
#
|
198
|
+
# Note: Any plugins that are used in the command lines must reside
|
199
|
+
# on the machine that this daemon is running on! The examples below
|
200
|
+
# assume that you have plugins installed in a /usr/local/nagios/libexec
|
201
|
+
# directory. Also note that you will have to modify the definitions below
|
202
|
+
# to match the argument format the plugins expect. Remember, these are
|
203
|
+
# examples only!
|
204
|
+
|
205
|
+
|
206
|
+
# The following examples use hardcoded command arguments...
|
207
|
+
|
208
|
+
command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
|
209
|
+
command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
|
210
|
+
command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
|
211
|
+
command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
|
212
|
+
command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w 15% -c 5% -X nfs -X nfs4
|
213
|
+
|
214
|
+
|
215
|
+
# The following examples allow user-supplied arguments and can
|
216
|
+
# only be used if the NRPE daemon was compiled with support for
|
217
|
+
# command arguments *AND* the dont_blame_nrpe directive in this
|
218
|
+
# config file is set to '1'. This poses a potential security risk, so
|
219
|
+
# make sure you read the SECURITY file before doing this.
|
220
|
+
|
221
|
+
#command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
|
222
|
+
#command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$
|
223
|
+
#command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$
|
224
|
+
|
225
|
+
|
226
|
+
|
227
|
+
# INCLUDE CONFIG DIRECTORY
|
228
|
+
# This directive allows you to include definitions from config files (with a
|
229
|
+
# .cfg extension) in one or more directories (with recursion).
|
230
|
+
|
231
|
+
include_dir=/etc/nagios/nrpe.d/
|
@@ -0,0 +1 @@
|
|
1
|
+
---
|
@@ -0,0 +1,33 @@
|
|
1
|
+
Role Name
|
2
|
+
=========
|
3
|
+
|
4
|
+
Hardening
|
5
|
+
|
6
|
+
Requirements
|
7
|
+
------------
|
8
|
+
|
9
|
+
Windows host with internet connectivity and no other major services running.
|
10
|
+
|
11
|
+
License
|
12
|
+
-------
|
13
|
+
|
14
|
+
Copyright:: Copyright (c) 2021 eGlobalTech, Inc., all rights reserved
|
15
|
+
|
16
|
+
Licensed under the BSD-3 license (the "License");
|
17
|
+
you may not use this file except in compliance with the License.
|
18
|
+
You may obtain a copy of the License in the root of the project or at
|
19
|
+
|
20
|
+
http://egt-labs.com/mu/LICENSE.html
|
21
|
+
|
22
|
+
Unless required by applicable law or agreed to in writing, software
|
23
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
24
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
25
|
+
See the License for the specific language governing permissions and
|
26
|
+
limitations under the License.
|
27
|
+
|
28
|
+
Author Information
|
29
|
+
------------------
|
30
|
+
|
31
|
+
Current developers: John Stange
|
32
|
+
|
33
|
+
egt-labs-admins@egt-labs.com
|