Recently we’ve been busy implementing a new DNS infrastructure for our resolvers as well as our authoritative servers. We wanted to be ready for future developments like DNSSEC and we wanted to re-new this important part of our infrastructure for a while. This blog-post gives an overview of our new setup.
Posts Tagged ‘nagios’
We’ve read a lot recently about attacks in which an attacker loads a modified module into Apache to insert iframes in outgoing data. Pretty scary, especially since nobody really seems to know how the hacks are performed. Recently, Sucuri wrote a blog article about how to check for rogue Apache modules on Debian. We’ve decided to implement this into an Icinga/Nagios check.
Hope this helps!
Update: I packaged and pushed the wrong version of the script… Silly me. Fixed now!
In addition to the kuminami repository we released last Friday, we’re happy to announce the release of our nagios-plugins-kumina repository, storing our in-house developed plugins for Nagios.
The repository stores two plugins for Nagios, namely a plugin to monitor SSL certificate validity by checking on-disk PEM files, but also a plugin to monitor fluctuations in system load, by comparing the ratio between the 1, 5 and 15 minute system load.
As with the kuminami repository, the code also ships with the infrastructure to build Debian packages.
This post is a part of my series about tips and tricks for puppet, the configuration management tool we prefer to use here at Kumina.
Puppet has nice support for Nagios via its Nagios-specific resources. However, this requires you to use “0” and “1” instead of “true” and “false” for booleans in Nagios. Because we like uniformity, I’ve created a little function that simply converts a named boolean to a numerical. Check it out:
module Puppet::Parser::Functions newfunction(:bool2num, :type => :rvalue) do |args| case args when "true" then "1" when "false" then "0" when "1" then "1" when "0" then "0" when true then "1" when false then "0" else raise Puppet::ParseError, "Either specify true, false, 1 or 0." end end end
Hope this helps someone!
One of my personal missions within Kumina is to decrease the amount of noise. We work fairly event-driven, responding to everything that gets reported. Although I believe our customers like this very much, it can be a bit of a bother in the case where someone is not on helpdesk duty. One of my pet peeves was the fact that Nagios sent SMS alerts to everyone, instead of the person who was on duty at the time.
Since we have multiple Nagios instances, it would be a bit of a hassle to change the config everywhere all the time, so we stuck with the current way. At least you can be sure that someone received the message. But since we get some false positives too, at time, it does add to the bill.
So I decided to create Kumishifts. This little Python script takes a Google Calendar (or any ical you point it at) and distills who’s on duty. It generated a Nagios contacts file based on that information (and then some). We can now actually work with escalations to make sure that if the first person responsible doesn’t respond fast enough (bad person!), a second one will get the message after a little while, too.
We’re not yet deploying the script everywhere, but will soon, after it’s properly tested. I’d appreciated any feedback on the app!