SlideShare une entreprise Scribd logo

Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment

Télécharger en tant que ODP, PDF
Nagios
Nagios

Leland Lammert's presentation on Nagios in a Multi-Platform Enviornment. The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna

Technologie
1  sur  56
Nagios in a Multi-Platform Environment lvl@omnitec.net Leland V. Lammert, PhD Chief Scientist Omnitec Corporation
The Problem Different OSs can require – Different type of connection – Different installation procedure Nagios checks or an agent require a connection to the remote machine (i.e. from the Nagios server to the remote machine) No issue inside the firewall There are issues for machines outside the firewall
The Solution – SSH SSH forward connections are a good solution for monitoring inside the firewall An ssh reverse tunnel is a good solution for monitoring outside the firewall Active checks can then be used on all systems – No Agents – No Complex Installation – A shell is always available for troubleshooting
4 Today's Outline Secure Shell Connection Process Credentials Setting up a Reverse Tunnel Using checks Gui's - RDP or X Troubleshooting
Secure Shell
SSH History SSH [Secure Shell] is a data exchange protocol that uses an encrypted connection between two network devices SSH replaced Telnet and other insecure remote shells which send information, most notably passwords, in plaintext SSH encryption provides confidentiality and integrity of data over an insecure network Connection Types – Normal [Forward] – Tunnel [Reverse]
SSH Advantages Secure [ssh2] – Host Identity Verified – User Authorization – Secure Data Transmission Ubiquitous ('Nix, Windows [Cygwin], OSX) Reverse Tunnels require no firewall changes Allows Active Checks No agent to install or configure Simplified testing, GUI still available [X or RDP]
SSH Details Authentication is verified with SSH keys [Forward] ssh connections work for hosts behind the firewall [Reverse or Tunnel] ssh connections work for hosts anywhere else The tunnel passes traffic TO the remote machine FROM the Nagios Server (reverse operation) SSH Connections can be used to standardize connections to ALL machines!
Forward connections Requires – Static IP – Open port A static IP may not available at external locations An open port for an incoming connection is a BIG security problem Even when an agent is used [NSCA], there is no access to the remote machine for testing and troubleshooting
Reverse Connections - Tunnels A Tunnel is packet encapsulation using a network protocol The data payload protocol is then encapsulated in a delivery protocol. – L2TP (layer 2) Tunneling Protocol) – SSH – Socks Reverse Tunnels - an ssh connection from client to server, where data is transmitted from server to client (i.e. reverse)
Connection Process Startup – Start Session – Exchange Server key – Generate Session key Authentication – Exchange Client key – If ACK, continue
SSH Startup
SSH Authentication
SSH uses Asymetric Encryption Public/Private Keypair A Keypair verifies identity for: – Machine – User Currently keys are 2048 bits in length, usual RSA Each Key has two parts: – Public and Private – AKA the keypair Keys are created with ssh-keygen
Credentials
Host and User Credentials Host Key Verifies that the host/server at the other end of the connection is the same one seen previously User Keys Verifies that the user is authorized for the connection Why not Passwords? ● Requires manual entry ● Cannot be automated without storing as plaintext ● Much less secure than key
Keys on Unix/Linux Keys: /home/<user>/.ssh Private key: id_rsa Public key: id_rsa.pub
Keys on Windows Typical Cygwin install location C:Program FilesCygwin Home directories: <Cygwin>/home/<user>/.ssh Keys: ~/.ssh Private key: id_rsa Public key: id_rsa.pub
Keys on OSX Keys: /Users/<user>/.ssh Private key: id_rsa Public key: id_rsa.pub
Setting up a Reverse Tunnel
Basic ssh command ssh Base command -f Run in background -X Enable X Forwarding ('Nix) -n Prevent reading from STDIN -N No remote command -R Reverse Operation ssh -f -X -n -N -R
Ports REMOTE:127.0.0.1:LOCAL* REMOTE Port on remote machine [from] 127.0.0.1 localhost LOCAL Port on local machine [to] * Remember, this is being done at the external machine – so the “Remote” port here is actually on the Nagios server!
Authentication $USER_NAME@$REMOTE_HOST USER_NAME User ID on remote machine REMOTE _HOST Hostname or IP of remote hostt -p LOGIN_PORT LOGIN_PORT Port for login on remote machine -i IDENTITY_FILE IDENTITY_FILE Private key file to use
Three Steps to Create a Tunnel 1. Remote to Nagios Connect remote machine to Nagios server and create Tunnel 2. Make it permanent – cron – autossh – launchctl/launchd 3. Nagios to Remote Setup access from Nagios user or process to remote machine
Step 1. Remote to Nagios Connect remote machine to Nagios server and create Tunnel
Step 1 – 'Nix Create keypair on remote system and copy to Nagios Server – ssh-keygen – cat ~/.ssh/id_rsa.pub ● <highlight> – ssh <nagios server> – vim ~/.ssh/authorized_keys – G o <shift insert> – :x <exit> test
Step 1 – Windows Install Cygwin (cygwin.com/install.html) – Install in c:program filesCygwin – Add autossh, rsync, bash, perl Create keypair on remote system and copy to Nagios Server [same as 'Nix]
Step 1 – OSX Create keypair on remote system and copy to Nagios Server [same as 'Nix]
Step 2. Make it permanent
Step 2 – 'Nix cron Connection variables REMOTE_HOST="nagios._______.com" USER_NAME="________" REMOTE_PORT="____" LOCAL_PORT="____" * LOGIN_PORT="____" * IDENTITY_KEY="/home/nagios/.ssh/id_rsa" * NOTE: The ssh port should be changed for security, do NOT use the standard port 22.
Step 2 – 'Nix cron Command to create the link COMMAND="ssh -f -n -N -R $REMOTE_PORT:127.0.0.1:$LOCAL_PORT $USER_NAME@$REMOTE_HOST -p$LOGIN_PORT -i $IDENTITY_KEY"
Step 2 – 'Nix cron Running? If not, start it pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND Working? Login to Nagios and check from the other side ssh -i$IDENTITY_KEY -p$LOGIN_PORT $USER_NAME@$REMOTE_HOST netstat -an | egrep "tcp.*127.0.0.1:$REMOTE_PORT.*LISTEN" > /dev/null 2>&1 If not working, kill and restart. if [ $? -ne 0 ] ; then pkill -f -x "$COMMAND" $COMMAND fi
Step 2 – Windows autossh Install service cygrunsrv -I AutoSSH -f "nagios_link" -p /usr/bin/autossh -a " -M <port + 1000>:<port + 2000> -N -R <port>:127.0.0.1:<ssh port> <user>@<nagios server>" Use services.msc to set restart options and credentials: – cyg_server – <created Nagios user> – Local Administrator
Step 2 – OSX Install autossh with homebrew Command /usr/local/bin/autossh -M <port + 1000>:<port + 2000> -N -R -p 2206 -g 4000:127.0.0.1:22 <user>@<nagios server> -tt Launchctl Can install AutoSSH as System Service Autostart at boot
Step2 – OSX launchctl Autossh file template ID=username HOST=hostname if [ "X$SSH_AUTH_SOCK" = "X" ]; then eval `ssh-agent -s` ssh-add $HOME/.ssh/id_rsa fi #AUTOSSH_POLL=600 #AUTOSSH_PORT=20000 #AUTOSSH_GATETIME=30 #AUTOSSH_LOGFILE=$HOST.log #AUTOSSH_DEBUG=yes #AUTOSSH_PATH=/usr/local/bin/ssh export AUTOSSH_POLL AUTOSSH_LOGFILE AUTOSSH_DEBUG AUTOSSH_PATH AUTOSSH_GATETIME AUTOSSH_PORT autossh -2 -fN -M 20000 -R 2200:localhost:22 ${ID}@${HOST}
Step 3 – Nagios to Remote Setup access from Nagios user or process to remote machine
Step 3 - 'Nix Copy Nagios user public key to remote Note: Nagios may use different UID than the one for testing – cat ~/.ssh/id_rsa.pub – <highlight> – ssh <remote server> – vim .ssh/authorized_keys – G o <shift insert> – :x
Step 3 – Windows Same as 'Nix
Step 3 – OSX Same as 'Nix
What was just created? Take note – at the current time there are working ssh connections to: – Any 'Nix – Any Windows* – OSX These connections can be used for active checks, as well as troubleshooting and setting up an RDP or X session if needed. * There sometimes are authentication issues with Windows Domain servers that must be handled uniquely.
Using Checks
Normal [forward] checks Local checks define service{ use local-service host_name Nagios service_description Root Partition check_command check_local_disk!20%!10%!/ } Checks via ssh connection define host{ use openbsd-server host_name mx1 alias mail_mx1_server address 206.197.251.200 icon_image envelope.gif statusmap_image envelope.gif check_command check_smtp }
Reverse Check Same as other checks, except command format includes additional data define service{ use generic-service host_name hanley service_description SSH Check Proc normal_check_interval 15 retry_check_interval 5 notifications_enabled 1 check_command check_by_ssh_reverse!-p2210!proc } Additional data required in command – ssh Private key – ssh Port – Host address
Command Comparison Local command_name check_local_disk command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p } Forward command_name check_by_ssh command_line /usr/bin/ssh -i <nagios user>/.ssh/id_rsa nagios@$HOSTADDRESS$ $ARG1$ 2>/dev/null Reverse command_name check_by_ssh_reverse command_line /usr/bin/ssh $ARG1$ -i <nagios user>/.ssh/id_rsa nagios@$HOSTADDRESS$ $ARG2$ 2>/dev/null
Building Plugins Create test machine VMs work great! – Linux – Windows – OSX Compile set of plugins for that platform Maintain platform plugin set
Gui's - RDP or X
X apps run natively Be sure to include “-X” in tunnel setup Connect to remote with “ssh -X” Launch app Possibly explicit invocation options, a la Firefox: firefox –no-remote Start firefox, but run on the remote machine, forwarding the display to the Nagios server.
RDP on demand On remote machine # # Reverse ssh link for RDP tunnel # ssh -f -n -N -R 3389:127.0.0.1:3389 <user>@<nagios server> -p <ssh port> Tunnel 3389 on remote machine to 3389 on Nagios Server Check for open port netstat -an | grep 3389 Use one connection at a time for sanity!
Troubleshooting
Common Problems Host Key Verification Failed – The Host Key on the sending side is not the same as seen last time – Possible cause - the remote machine has been rebuilt Troubleshooting checks – $64K Secret – tmux – Very step-by-step – Paremeters often not required Useful aliases
●Hostkey verification failed @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for [storm]:2206 has changed, and the key for the corresponding IP address [10.0.0.1]:2206 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is 6b:da:2e:50:a9:ea:b0:b1:3d:c1:b8:4a:a3:a5:56:87. Please contact your system administrator. Add correct host key in /home/lvl/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/lvl/.ssh/known_hosts:5 You can use following command to remove all keys for this IP: ssh-keygen -R storm -f /home/lvl/.ssh/known_hosts Host key verification failed.
tmux tmux is a terminal multiplexer A terminal multiplexer permits switching between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal. Essential for troubleshooting checks!
tmux session
Useful Aliases alias nagc='cd /etc/nagios' alias nagh='cd /var/lib/nagios' alias naghup='ps ax|grep /sbin/nagios |grep -v grep |awk "{print $1}" | xargs kill -HUP' alias nagq='netstat -an | grep 127 | grep LISTEN | grep -v 25 | sort --field-separator=''':''' --key=2.1' alias nagv='/usr/sbin/nagios -v /etc/nagios/nagios.cfg'
Resources SSH and Authentication http://en.wikipedia.org/wiki/Secure_Shell http://tools.ietf.org/html/rfc4252 SSH Cookbook – Tunnels http://en.wikibooks.org/wiki/OpenSSH/Cookboo k/Tunnels
Thank you! Leland Lammert www.omnitec.net lvl@omnitec.net

Recommandé

SSH
SSHSSH
SSHZach Dennis
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricksAssem CHELLI
 

Recommandé

SSH
SSHSSH
SSHZach Dennis
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricksAssem CHELLI
 
Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open sshDan Kaminsky
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGPSarang Ananda Rao
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewallKhubaib Mahar
 
Gwc3
Gwc3Gwc3
Gwc3Dan Kaminsky
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
Ssh
SshSsh
Sshgh02
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modemCyber Security Alliance
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSHJP Bourget
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Sshstuff
SshstuffSshstuff
SshstuffMatt Rae
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
Industrial impacts and enviornment
Industrial impacts and enviornmentIndustrial impacts and enviornment
Industrial impacts and enviornmentAnvita Jain
 
Final for enviornment
Final for enviornmentFinal for enviornment
Final for enviornmentvalentinek09
 

Contenu connexe

Tendances

Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with RaccoonGloria Stoilova
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewallKhubaib Mahar
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHwebelement
 
Ssh
SshSsh
Sshgh02
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 

Tendances (20)

Securing the tunnel with Raccoon
Securing the tunnel with RaccoonSecuring the tunnel with Raccoon
Securing the tunnel with Raccoon
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
openssh portforwarding and linux firewall
openssh portforwarding and linux firewallopenssh portforwarding and linux firewall
openssh portforwarding and linux firewall
 
Gwc3
Gwc3Gwc3
Gwc3
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
Tomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSHTomáš Čorej - OpenSSH
Tomáš Čorej - OpenSSH
 
Ssh
SshSsh
Ssh
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!
 
Hacking the swisscom modem
Hacking the swisscom modemHacking the swisscom modem
Hacking the swisscom modem
 
Secure shell
Secure shellSecure shell
Secure shell
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
 

En vedette

Industrial impacts and enviornment
Industrial impacts and enviornmentIndustrial impacts and enviornment
Industrial impacts and enviornmentAnvita Jain
 
Final for enviornment
Final for enviornmentFinal for enviornment
Final for enviornmentvalentinek09
 
Water pollution due to heavy metals, pesticides
Water pollution due to heavy metals, pesticidesWater pollution due to heavy metals, pesticides
Water pollution due to heavy metals, pesticidesJoy Jones
 
Save the Environment, Save the Earth
Save the Environment, Save the EarthSave the Environment, Save the Earth
Save the Environment, Save the EarthNarendra Singh Plaha
 
Bioremediation of metal contaminated soil
Bioremediation of metal contaminated soilBioremediation of metal contaminated soil
Bioremediation of metal contaminated soilHimanshu Arora
 
Bio-informatique et applications
Bio-informatique et applicationsBio-informatique et applications
Bio-informatique et applicationsSara SI-MOUSSI
 

En vedette (12)

Industrial impacts and enviornment
Industrial impacts and enviornmentIndustrial impacts and enviornment
Industrial impacts and enviornment
 
Final for enviornment
Final for enviornmentFinal for enviornment
Final for enviornment
 
Water pollution due to heavy metals, pesticides
Water pollution due to heavy metals, pesticidesWater pollution due to heavy metals, pesticides
Water pollution due to heavy metals, pesticides
 
Enviornment
EnviornmentEnviornment
Enviornment
 
Save the Environment, Save the Earth
Save the Environment, Save the EarthSave the Environment, Save the Earth
Save the Environment, Save the Earth
 
Marine microbiology
Marine microbiologyMarine microbiology
Marine microbiology
 
Bioremediation of metal contaminated soil
Bioremediation of metal contaminated soilBioremediation of metal contaminated soil
Bioremediation of metal contaminated soil
 
Bio-informatique et applications
Bio-informatique et applicationsBio-informatique et applications
Bio-informatique et applications
 
Microbe presentation
Microbe presentationMicrobe presentation
Microbe presentation
 
Save environment
Save environmentSave environment
Save environment
 
Toxicity of Heavy Metals
Toxicity of Heavy MetalsToxicity of Heavy Metals
Toxicity of Heavy Metals
 
Ppt on internet
Ppt on internetPpt on internet
Ppt on internet
 

Similaire à Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment

Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowNovell
 
Building Security Acсess to Remote Devices
Building Security Acсess to Remote DevicesBuilding Security Acсess to Remote Devices
Building Security Acсess to Remote DevicesGlobalLogic Ukraine
 
Shutdown that bastion host!
Shutdown that bastion host!Shutdown that bastion host!
Shutdown that bastion host!MichaelLudvig
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefAlert Logic
 
Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2GLC Networks
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a servicePino deCandia
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Automating the Network
Automating the NetworkAutomating the Network
Automating the NetworkPuppet
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
linux_Commads
linux_Commadslinux_Commads
linux_Commadstastedone
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0maaz khan
 

Similaire à Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment (20)

Server hardening
Server hardeningServer hardening
Server hardening
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should KnowUsing Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbook
 
Building Security Acсess to Remote Devices
Building Security Acсess to Remote DevicesBuilding Security Acсess to Remote Devices
Building Security Acсess to Remote Devices
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
PowerShell Remoting
PowerShell RemotingPowerShell Remoting
PowerShell Remoting
 
Shutdown that bastion host!
Shutdown that bastion host!Shutdown that bastion host!
Shutdown that bastion host!
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2Up and Running SSH Service - Part 2
Up and Running SSH Service - Part 2
 
Tatu: ssh as a service
Tatu: ssh as a serviceTatu: ssh as a service
Tatu: ssh as a service
 
RemoteAdmin.pptx
RemoteAdmin.pptxRemoteAdmin.pptx
RemoteAdmin.pptx
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Automating the Network
Automating the NetworkAutomating the Network
Automating the Network
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 
linux_Commads
linux_Commadslinux_Commads
linux_Commads
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
 

Plus de Nagios

Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best PracticesNagios
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewNagios
 
Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodTrevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodNagios
 
Sean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsSean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsNagios
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionNagios
 
Janice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsJanice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsNagios
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceNagios
 
Mike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksMike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksNagios
 
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationMike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationNagios
 
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Nagios
 
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosMatt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosNagios
 
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Nagios
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosNagios
 
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Nagios
 
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Nagios
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNagios
 
Nagios Log Server - Features
Nagios Log Server - FeaturesNagios Log Server - Features
Nagios Log Server - FeaturesNagios
 
Nagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios
 
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios
 

Plus de Nagios (20)

Nagios XI Best Practices
Nagios XI Best PracticesNagios XI Best Practices
Nagios XI Best Practices
 
Jesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture OverviewJesse Olson - Nagios Log Server Architecture Overview
Jesse Olson - Nagios Log Server Architecture Overview
 
Trevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The HoodTrevor McDonald - Nagios XI Under The Hood
Trevor McDonald - Nagios XI Under The Hood
 
Sean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient NotificationsSean Falzon - Nagios - Resilient Notifications
Sean Falzon - Nagios - Resilient Notifications
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
 
Janice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios PluginsJanice Singh - Writing Custom Nagios Plugins
Janice Singh - Writing Custom Nagios Plugins
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical Experience
 
Mike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service ChecksMike Weber - Nagios and Group Deployment of Service Checks
Mike Weber - Nagios and Group Deployment of Service Checks
 
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios InstallationMike Guthrie - Revamping Your 10 Year Old Nagios Installation
Mike Guthrie - Revamping Your 10 Year Old Nagios Installation
 
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
Bryan Heden - Agile Networks - Using Nagios XI as the platform for Monitoring...
 
Matt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With NagiosMatt Bruzek - Monitoring Your Public Cloud With Nagios
Matt Bruzek - Monitoring Your Public Cloud With Nagios
 
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
Lee Myers - What To Do When Nagios Notification Don't Meet Your Needs.
 
Eric Loyd - Fractal Nagios
Eric Loyd - Fractal NagiosEric Loyd - Fractal Nagios
Eric Loyd - Fractal Nagios
 
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
Marcelo Perazolo, Lead Software Architect, IBM Corporation - Monitoring a Pow...
 
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
Thomas Schmainda - Tracking Boeing Satellites With Nagios - Nagios World Conf...
 
Nagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson OpeningNagios World Conference 2015 - Scott Wilkerson Opening
Nagios World Conference 2015 - Scott Wilkerson Opening
 
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios CoreNrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
Nrpe - Nagios Remote Plugin Executor. NRPE plugin for Nagios Core
 
Nagios Log Server - Features
Nagios Log Server - FeaturesNagios Log Server - Features
Nagios Log Server - Features
 
Nagios Network Analyzer - Features
Nagios Network Analyzer - FeaturesNagios Network Analyzer - Features
Nagios Network Analyzer - Features
 
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing NagiosNagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
Nagios Conference 2014 - Dorance Martinez Cortes - Customizing Nagios
 

Dernier

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Dernier (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment

  • 1. Nagios in a Multi-Platform Environment lvl@omnitec.net Leland V. Lammert, PhD Chief Scientist Omnitec Corporation
  • 2. The Problem Different OSs can require – Different type of connection – Different installation procedure Nagios checks or an agent require a connection to the remote machine (i.e. from the Nagios server to the remote machine) No issue inside the firewall There are issues for machines outside the firewall
  • 3. The Solution – SSH SSH forward connections are a good solution for monitoring inside the firewall An ssh reverse tunnel is a good solution for monitoring outside the firewall Active checks can then be used on all systems – No Agents – No Complex Installation – A shell is always available for troubleshooting
  • 4. 4 Today's Outline Secure Shell Connection Process Credentials Setting up a Reverse Tunnel Using checks Gui's - RDP or X Troubleshooting
  • 6. SSH History SSH [Secure Shell] is a data exchange protocol that uses an encrypted connection between two network devices SSH replaced Telnet and other insecure remote shells which send information, most notably passwords, in plaintext SSH encryption provides confidentiality and integrity of data over an insecure network Connection Types – Normal [Forward] – Tunnel [Reverse]
  • 7. SSH Advantages Secure [ssh2] – Host Identity Verified – User Authorization – Secure Data Transmission Ubiquitous ('Nix, Windows [Cygwin], OSX) Reverse Tunnels require no firewall changes Allows Active Checks No agent to install or configure Simplified testing, GUI still available [X or RDP]
  • 8. SSH Details Authentication is verified with SSH keys [Forward] ssh connections work for hosts behind the firewall [Reverse or Tunnel] ssh connections work for hosts anywhere else The tunnel passes traffic TO the remote machine FROM the Nagios Server (reverse operation) SSH Connections can be used to standardize connections to ALL machines!
  • 9. Forward connections Requires – Static IP – Open port A static IP may not available at external locations An open port for an incoming connection is a BIG security problem Even when an agent is used [NSCA], there is no access to the remote machine for testing and troubleshooting
  • 10. Reverse Connections - Tunnels A Tunnel is packet encapsulation using a network protocol The data payload protocol is then encapsulated in a delivery protocol. – L2TP (layer 2) Tunneling Protocol) – SSH – Socks Reverse Tunnels - an ssh connection from client to server, where data is transmitted from server to client (i.e. reverse)
  • 11. Connection Process Startup – Start Session – Exchange Server key – Generate Session key Authentication – Exchange Client key – If ACK, continue
  • 14. SSH uses Asymetric Encryption Public/Private Keypair A Keypair verifies identity for: – Machine – User Currently keys are 2048 bits in length, usual RSA Each Key has two parts: – Public and Private – AKA the keypair Keys are created with ssh-keygen
  • 16. Host and User Credentials Host Key Verifies that the host/server at the other end of the connection is the same one seen previously User Keys Verifies that the user is authorized for the connection Why not Passwords? ● Requires manual entry ● Cannot be automated without storing as plaintext ● Much less secure than key
  • 17. Keys on Unix/Linux Keys: /home/<user>/.ssh Private key: id_rsa Public key: id_rsa.pub
  • 18. Keys on Windows Typical Cygwin install location C:Program FilesCygwin Home directories: <Cygwin>/home/<user>/.ssh Keys: ~/.ssh Private key: id_rsa Public key: id_rsa.pub
  • 19. Keys on OSX Keys: /Users/<user>/.ssh Private key: id_rsa Public key: id_rsa.pub
  • 20. Setting up a Reverse Tunnel
  • 21. Basic ssh command ssh Base command -f Run in background -X Enable X Forwarding ('Nix) -n Prevent reading from STDIN -N No remote command -R Reverse Operation ssh -f -X -n -N -R
  • 22. Ports REMOTE:127.0.0.1:LOCAL* REMOTE Port on remote machine [from] 127.0.0.1 localhost LOCAL Port on local machine [to] * Remember, this is being done at the external machine – so the “Remote” port here is actually on the Nagios server!
  • 23. Authentication $USER_NAME@$REMOTE_HOST USER_NAME User ID on remote machine REMOTE _HOST Hostname or IP of remote hostt -p LOGIN_PORT LOGIN_PORT Port for login on remote machine -i IDENTITY_FILE IDENTITY_FILE Private key file to use
  • 24. Three Steps to Create a Tunnel 1. Remote to Nagios Connect remote machine to Nagios server and create Tunnel 2. Make it permanent – cron – autossh – launchctl/launchd 3. Nagios to Remote Setup access from Nagios user or process to remote machine
  • 25. Step 1. Remote to Nagios Connect remote machine to Nagios server and create Tunnel
  • 26. Step 1 – 'Nix Create keypair on remote system and copy to Nagios Server – ssh-keygen – cat ~/.ssh/id_rsa.pub ● <highlight> – ssh <nagios server> – vim ~/.ssh/authorized_keys – G o <shift insert> – :x <exit> test
  • 27. Step 1 – Windows Install Cygwin (cygwin.com/install.html) – Install in c:program filesCygwin – Add autossh, rsync, bash, perl Create keypair on remote system and copy to Nagios Server [same as 'Nix]
  • 28. Step 1 – OSX Create keypair on remote system and copy to Nagios Server [same as 'Nix]
  • 29. Step 2. Make it permanent
  • 30. Step 2 – 'Nix cron Connection variables REMOTE_HOST="nagios._______.com" USER_NAME="________" REMOTE_PORT="____" LOCAL_PORT="____" * LOGIN_PORT="____" * IDENTITY_KEY="/home/nagios/.ssh/id_rsa" * NOTE: The ssh port should be changed for security, do NOT use the standard port 22.
  • 31. Step 2 – 'Nix cron Command to create the link COMMAND="ssh -f -n -N -R $REMOTE_PORT:127.0.0.1:$LOCAL_PORT $USER_NAME@$REMOTE_HOST -p$LOGIN_PORT -i $IDENTITY_KEY"
  • 32. Step 2 – 'Nix cron Running? If not, start it pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND Working? Login to Nagios and check from the other side ssh -i$IDENTITY_KEY -p$LOGIN_PORT $USER_NAME@$REMOTE_HOST netstat -an | egrep "tcp.*127.0.0.1:$REMOTE_PORT.*LISTEN" > /dev/null 2>&1 If not working, kill and restart. if [ $? -ne 0 ] ; then pkill -f -x "$COMMAND" $COMMAND fi
  • 33. Step 2 – Windows autossh Install service cygrunsrv -I AutoSSH -f "nagios_link" -p /usr/bin/autossh -a " -M <port + 1000>:<port + 2000> -N -R <port>:127.0.0.1:<ssh port> <user>@<nagios server>" Use services.msc to set restart options and credentials: – cyg_server – <created Nagios user> – Local Administrator
  • 34. Step 2 – OSX Install autossh with homebrew Command /usr/local/bin/autossh -M <port + 1000>:<port + 2000> -N -R -p 2206 -g 4000:127.0.0.1:22 <user>@<nagios server> -tt Launchctl Can install AutoSSH as System Service Autostart at boot
  • 35. Step2 – OSX launchctl Autossh file template ID=username HOST=hostname if [ "X$SSH_AUTH_SOCK" = "X" ]; then eval `ssh-agent -s` ssh-add $HOME/.ssh/id_rsa fi #AUTOSSH_POLL=600 #AUTOSSH_PORT=20000 #AUTOSSH_GATETIME=30 #AUTOSSH_LOGFILE=$HOST.log #AUTOSSH_DEBUG=yes #AUTOSSH_PATH=/usr/local/bin/ssh export AUTOSSH_POLL AUTOSSH_LOGFILE AUTOSSH_DEBUG AUTOSSH_PATH AUTOSSH_GATETIME AUTOSSH_PORT autossh -2 -fN -M 20000 -R 2200:localhost:22 ${ID}@${HOST}
  • 36. Step 3 – Nagios to Remote Setup access from Nagios user or process to remote machine
  • 37. Step 3 - 'Nix Copy Nagios user public key to remote Note: Nagios may use different UID than the one for testing – cat ~/.ssh/id_rsa.pub – <highlight> – ssh <remote server> – vim .ssh/authorized_keys – G o <shift insert> – :x
  • 38. Step 3 – Windows Same as 'Nix
  • 39. Step 3 – OSX Same as 'Nix
  • 40. What was just created? Take note – at the current time there are working ssh connections to: – Any 'Nix – Any Windows* – OSX These connections can be used for active checks, as well as troubleshooting and setting up an RDP or X session if needed. * There sometimes are authentication issues with Windows Domain servers that must be handled uniquely.
  • 42. Normal [forward] checks Local checks define service{ use local-service host_name Nagios service_description Root Partition check_command check_local_disk!20%!10%!/ } Checks via ssh connection define host{ use openbsd-server host_name mx1 alias mail_mx1_server address 206.197.251.200 icon_image envelope.gif statusmap_image envelope.gif check_command check_smtp }
  • 43. Reverse Check Same as other checks, except command format includes additional data define service{ use generic-service host_name hanley service_description SSH Check Proc normal_check_interval 15 retry_check_interval 5 notifications_enabled 1 check_command check_by_ssh_reverse!-p2210!proc } Additional data required in command – ssh Private key – ssh Port – Host address
  • 44. Command Comparison Local command_name check_local_disk command_line $USER1$/check_disk -w $ARG1$ -c $ARG2$ -p } Forward command_name check_by_ssh command_line /usr/bin/ssh -i <nagios user>/.ssh/id_rsa nagios@$HOSTADDRESS$ $ARG1$ 2>/dev/null Reverse command_name check_by_ssh_reverse command_line /usr/bin/ssh $ARG1$ -i <nagios user>/.ssh/id_rsa nagios@$HOSTADDRESS$ $ARG2$ 2>/dev/null
  • 45. Building Plugins Create test machine VMs work great! – Linux – Windows – OSX Compile set of plugins for that platform Maintain platform plugin set
  • 46. Gui's - RDP or X
  • 47. X apps run natively Be sure to include “-X” in tunnel setup Connect to remote with “ssh -X” Launch app Possibly explicit invocation options, a la Firefox: firefox –no-remote Start firefox, but run on the remote machine, forwarding the display to the Nagios server.
  • 48. RDP on demand On remote machine # # Reverse ssh link for RDP tunnel # ssh -f -n -N -R 3389:127.0.0.1:3389 <user>@<nagios server> -p <ssh port> Tunnel 3389 on remote machine to 3389 on Nagios Server Check for open port netstat -an | grep 3389 Use one connection at a time for sanity!
  • 50. Common Problems Host Key Verification Failed – The Host Key on the sending side is not the same as seen last time – Possible cause - the remote machine has been rebuilt Troubleshooting checks – $64K Secret – tmux – Very step-by-step – Paremeters often not required Useful aliases
  • 51. ●Hostkey verification failed @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The ECDSA host key for [storm]:2206 has changed, and the key for the corresponding IP address [10.0.0.1]:2206 is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is 6b:da:2e:50:a9:ea:b0:b1:3d:c1:b8:4a:a3:a5:56:87. Please contact your system administrator. Add correct host key in /home/lvl/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/lvl/.ssh/known_hosts:5 You can use following command to remove all keys for this IP: ssh-keygen -R storm -f /home/lvl/.ssh/known_hosts Host key verification failed.
  • 52. tmux tmux is a terminal multiplexer A terminal multiplexer permits switching between several programs in one terminal, detach them (they keep running in the background) and reattach them to a different terminal. Essential for troubleshooting checks!
  • 54. Useful Aliases alias nagc='cd /etc/nagios' alias nagh='cd /var/lib/nagios' alias naghup='ps ax|grep /sbin/nagios |grep -v grep |awk "{print $1}" | xargs kill -HUP' alias nagq='netstat -an | grep 127 | grep LISTEN | grep -v 25 | sort --field-separator=''':''' --key=2.1' alias nagv='/usr/sbin/nagios -v /etc/nagios/nagios.cfg'
  • 55. Resources SSH and Authentication http://en.wikipedia.org/wiki/Secure_Shell http://tools.ietf.org/html/rfc4252 SSH Cookbook – Tunnels http://en.wikibooks.org/wiki/OpenSSH/Cookboo k/Tunnels