confdroid/confdroid_nrpe
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

adjusted for puppet-lint compliance

Browse Source
This commit is contained in:
Arne Teuke
2025-05-12 16:58:52 +02:00
parent 02c01237c5
commit 848db297c9
40 changed files with 258 additions and 5911 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
manifests/commands/definition_rules.pp
View File

@@ -1,88 +1,69 @@
## cd_nrpe::commands::definition_rules.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary manage command definitions via define and Puppet rules.
# @example
# cd_nrpe::commands::definitions { 'check_users':
# ne_check_cmd => 'check_users',
# ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
# ne_cmd_comment => 'check the amount of user logged in locally',
# ne_check_cmd => 'check_users',
# ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
# ne_cmd_comment => 'check the amount of user logged in locally',
# }
###############################################################################
class cd_nrpe::commands::definition_rules (
) inherits cd_nrpe::params {
if $ne_manage_cmds == true {
require cd_nrpe::main::files
# manage the commands.cfg file
concat { $ne_cmd_file:
ensure => present,
path => $ne_cmd_file,
owner => $ne_user,
group => $ne_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => nrpe_etc_t,
seluser => system_u,
notify => Service[$ne_service],
ensure => present,
path => $ne_cmd_file,
owner => $ne_user,
group => $ne_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => nrpe_etc_t,
seluser => system_u,
notify => Service[$ne_service],
}
# manage the file header
concat::fragment { 'nrpe_cmd_header':
target => $ne_cmd_file,
content => template($ne_cmd_head_erb),
order => '000',
target => $ne_cmd_file,
content => template($ne_cmd_head_erb),
order => '000',
}
# basic example rules
cd_nrpe::commands::definitions { 'check_users':
ne_check_cmd => 'check_users',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
ne_cmd_comment => 'check the amount of user logged in locally',
ne_check_cmd => 'check_users',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
ne_cmd_comment => 'check the amount of user logged in locally',
}
cd_nrpe::commands::definitions { 'check_load':
ne_check_cmd => 'check_load',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
ne_check_cmd => 'check_load',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
}
cd_nrpe::commands::definitions { 'check_disk':
ne_check_cmd => 'check_disk',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$ -p $ARG3$',
ne_check_cmd => 'check_disk',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$ -p $ARG3$',
}
cd_nrpe::commands::definitions { 'check_procs':
ne_check_cmd => 'check_procs',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$ -s $ARG3$',
ne_check_cmd => 'check_procs',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$ -s $ARG3$',
}
cd_nrpe::commands::definitions { 'check_swap':
ne_check_cmd => 'check_swap',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
ne_check_cmd => 'check_swap',
ne_cmd_argstring => '-w $ARG1$ -c $ARG2$',
}
}
}

47
manifests/commands/definitions.pp
View File

@@ -1,53 +1,34 @@
## cd_nrpe::commands::definitions.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Populate command definitions through external puppet rules, i.e.
# from other modules.
# @param [string] ne_check_cmd Specify the check_command to use.
# @param [string] ne_cmd_path The path to the command scripts, usually
# where the nagis_plugins are located. If you use your own scripts, specify
# @param [String] ne_check_cmd Specify the check_command to use.
# @param [String] ne_cmd_path The path to the command scripts, usually
# where the nagios_plugins are located. If you use your own scripts, specify
# the custom location **__including the trailing slash__**
# @param ne_cmd_argstring Specify the string of valid argument for the command
# @param [String] ne_cmd_argstring Specify the string of valid argument for the command
# , i.e. -w $ARG1$ -c $ARG2$. See the arguments in the man pages for the
# checks.
# @param [string] ne_cmd_comment Specify an optional comment for your command
# @param [String] ne_cmd_comment Specify an optional comment for your command
# definition
###############################################################################
define cd_nrpe::commands::definitions (
$ne_check_cmd = undef,
$ne_cmd_path = '/usr/lib64/nagios/plugins/',
$ne_cmd_argstring = undef,
$ne_cmd_comment = '',
Optional[String] $ne_check_cmd = undef,
String $ne_cmd_path = '/usr/lib64/nagios/plugins/',
Optional[String] $ne_cmd_argstring = undef,
String $ne_cmd_comment = '',
) {
$ne_cmd_file = $::cd_nrpe::params::ne_cmd_file
$ne_cmd_rule_erb = $::cd_nrpe::params::ne_cmd_rule_erb
$ne_manage_cmds = $::cd_nrpe::params::ne_manage_cmds
$ne_cmd_file = $cd_nrpe::params::ne_cmd_file
$ne_cmd_rule_erb = $cd_nrpe::params::ne_cmd_rule_erb
$ne_manage_cmds = $cd_nrpe::params::ne_manage_cmds
if $ne_manage_cmds == true {
concat::fragment { $name:
target => $ne_cmd_file,
content => template($ne_cmd_rule_erb),
target => $ne_cmd_file,
content => template($ne_cmd_rule_erb),
}
}
}

30
manifests/firewall/iptables.pp
View File

@@ -1,36 +1,18 @@
## cd_nrpe::firewall::iptables.pp #
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary manage firewall settings through cd_firewall or puppetlabs-firewall
# @summary manage firewall settings through puppetlabs-firewall
###############################################################################
class cd_nrpe::firewall::iptables (
) inherits cd_nrpe::params {
if $ne_incl_fw == true {
firewall { "${ne_fw_order_no}${ne_nrpe_port} port ${ne_nrpe_port}":
# source => $nagios_server,
proto => 'tcp',
dport => $ne_nrpe_port,
jump => 'accept',
# source => $nagios_server,
proto => 'tcp',
dport => $ne_nrpe_port,
jump => 'accept',
}
}
}

18
manifests/init.pp
View File

@@ -1,24 +1,6 @@
## cd_nrpe::init.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of
# <service / purpose>
# Copyright (C) 2017 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class initializes the cd_nrpe Module.
##############################################################################
class cd_nrpe {

23
manifests/main/config.pp
View File

@@ -1,30 +1,11 @@
## cd_nrpe::main::config.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all aspects of configuring the module logic for
# cd_nrpe.
# @summary Class manages the module logic for cd_nrpe.
##############################################################################
class cd_nrpe::main::config (
) inherits cd_nrpe::params {
include cd_nrpe::main::service
}

55
manifests/main/dirs.pp
View File

@@ -1,55 +1,36 @@
## cd_nrpe::main::dirs.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all directories required for cd_nrpe.
###############################################################################
class cd_nrpe::main::dirs (
) inherits cd_nrpe::params {
require cd_nrpe::main::user
# manage main conf_d_dir
file { $ne_main_conf_d_dir:
ensure => directory,
path => $ne_main_conf_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
ensure => directory,
path => $ne_main_conf_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
file { $ne_run_dir:
ensure => directory,
path => $ne_run_dir,
owner => $ne_user,
group => $ne_user,
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => var_run_t,
seluser => system_u,
ensure => directory,
path => $ne_run_dir,
owner => $ne_user,
group => $ne_user,
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => var_run_t,
seluser => system_u,
}
}

104
manifests/main/files.pp
View File

@@ -1,91 +1,73 @@
## cd_nrpe::main::files.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all configuration files required for cd_nrpe.
##############################################################################
class cd_nrpe::main::files (
) inherits cd_nrpe::params {
require cd_nrpe::main::dirs
# manage /etc/nagios/nrpe.cfg
file { $ne_main_conf_file:
ensure => file,
path => $ne_main_conf_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nrpe_etc_t,
seluser => system_u,
content => template($ne_main_conf_erb),
notify => Service[$ne_service],
ensure => file,
path => $ne_main_conf_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => nrpe_etc_t,
seluser => system_u,
content => template($ne_main_conf_erb),
notify => Service[$ne_service],
}
# manage /etc/sysconfig/nrpe
file { $ne_nrpe_conf_file:
ensure => file,
path => $ne_nrpe_conf_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
content => template($ne_nrpe_conf_erb),
notify => Service[$ne_service],
ensure => file,
path => $ne_nrpe_conf_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
content => template($ne_nrpe_conf_erb),
notify => Service[$ne_service],
}
if $ne_allow_sudo == true {
file { $ne_sudo_file:
ensure => file,
path => $ne_sudo_file,
owner => 'root',
group => 'root',
mode => '0440',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
content => template($ne_sudo_rule_erb),
ensure => file,
path => $ne_sudo_file,
owner => 'root',
group => 'root',
mode => '0440',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
content => template($ne_sudo_rule_erb),
}
# file for sudo selinux policy
file { $ne_nrpe_te_file:
ensure => file,
path => $ne_nrpe_te_file,
owner => 'root',
group => 'root',
mode => '0440',
selrange => s0,
selrole => object_r,
seltype => nrpe_etc_t,
seluser => system_u,
content => template($ne_nrpe_te_erb),
notify => Exec['create_nrpe_pp'],
ensure => file,
path => $ne_nrpe_te_file,
owner => 'root',
group => 'root',
mode => '0440',
selrange => s0,
selrole => object_r,
seltype => nrpe_etc_t,
seluser => system_u,
content => template($ne_nrpe_te_erb),
notify => Exec['create_nrpe_pp'],
}
}
}

23
manifests/main/install.pp
View File

@@ -1,33 +1,14 @@
## cd_nrpe::main::install.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manage all aspects of installing binaries required for
# cd_nrpe
# @summary Class manages installing binaries required for cd_nrpe
###############################################################################
class cd_nrpe::main::install (
) inherits cd_nrpe::params {
require cd_resources
package {$reqpackages:
package { $reqpackages:
ensure => $pkg_ensure,
}
}

29
manifests/main/service.pp
View File

@@ -1,30 +1,12 @@
## cd_nrpe::main::service.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages the service(s) for cd_nrpe.
#############################################################################
class cd_nrpe::main::service (
) inherits cd_nrpe::params {
if $ne_incl_fw == true {
if $ne_incl_fw == true {
require cd_nrpe::firewall::iptables
}
@@ -39,10 +21,9 @@ class cd_nrpe::main::service (
}
service { $ne_service:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
}

50
manifests/main/user.pp
View File

@@ -1,49 +1,31 @@
## cd_nrpe::main::user.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages service users for cd_nrpe.
#############################################################################
class cd_nrpe::main::user (
) inherits cd_nrpe::params {
require cd_nrpe::main::install
group { $ne_user:
ensure => present,
name => $ne_user,
gid => $ne_user_uid,
allowdupe => false,
ensure => present,
name => $ne_user,
gid => $ne_user_uid,
allowdupe => false,
}
user { $ne_user:
ensure => present,
name => $ne_user,
allowdupe => false,
comment => $ne_user_comment,
uid => $ne_user_uid,
gid => $ne_user,
groups => $ne_user_groups,
managehome => true,
home => $ne_user_home,
shell => $ne_user_shell,
require => Group[$ne_user],
user { $ne_user:
ensure => present,
name => $ne_user,
allowdupe => false,
comment => $ne_user_comment,
uid => $ne_user_uid,
gid => $ne_user,
groups => $ne_user_groups,
managehome => true,
home => $ne_user_home,
shell => $ne_user_shell,
require => Group[$ne_user],
}
}

213
manifests/params.pp
View File

@@ -1,74 +1,57 @@
## cd_nrpe::params.pp
# Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE.
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class holds all parameters for the cd_nrpe module and is
# inherited by all classes except defines.
# @see https://www.nagios.org/documentation/
# @param [string] pkg_ensure
# @param [String] pkg_ensure
# which [package type](https://confdroid.com/2017/05/puppet-type-package/)
# to choose, i.e. `latest` or `present`.
# @param [string] ne_log_facility the log facility to use.
# @param [string] ne_log_file If a log file is specified in this option,
# @param [String] ne_log_facility the log facility to use.
# @param [String] ne_log_file If a log file is specified in this option,
# nrpe will write to that file instead of using syslog. i.e. /var/run/nrpe.log
# @param [string] ne_debug Whether debugging messages are logged to the
# @param [String] ne_debug Whether debugging messages are logged to the
# syslog facility.
# @param [string] ne_nrpe_port the NRPE port. used in firewall ( optional)
# @param [String] ne_nrpe_port the NRPE port. used in firewall ( optional)
# and configuration file.
# @param [string] ne_listen_queue_size Listen queue size (backlog) for
# @param [String] ne_listen_queue_size Listen queue size (backlog) for
# serving incoming connections.
# @param [string] ne_nagios_server ipaddress of the nagios server to be allowed
# @param [String] ne_nagios_server ipaddress of the nagios server to be allowed
# to connect to NRPE service. Default is to look up a global parameter from
# ENC.
# @param [string] ne_dont_blame_nrpe whether or not the NRPE daemon will
# @param [String] ne_dont_blame_nrpe whether or not the NRPE daemon will
# allow clients to specify arguments to commands that are executed.
# @param [string] ne_allow_bash_cmd_subst whether or not the NRPE daemon will
# @param [String] ne_allow_bash_cmd_subst whether or not the NRPE daemon will
# allow clients to specify arguments that contain bash command substitutions
# of the form $(...).
# @param [boolean] ne_allow_sudo Whether to allow sudo access. used in nrpe.cfg
# @param [Boolean] ne_allow_sudo Whether to allow sudo access. used in nrpe.cfg
# as well as for creating a sudo role.
# @param [string] ne_command_prefix allows you to prefix all commands with a
# user-defined string.
# @param [string] ne_incl_fw Whether to include firewall rules
# @param [string] ne_command_timeout maximum number of seconds that the NRPE
# @param [String] ne_command_prefix allows you to prefix all commands with a
# user-defined String.
# @param [String] ne_incl_fw Whether to include firewall rules
# @param [String] ne_command_timeout maximum number of seconds that the NRPE
# daemon will allow plugins to finish executing before killing them off.
# @param [string] ne_connection_timeout maximum number of seconds that the
# @param [String] ne_connection_timeout maximum number of seconds that the
# NRPE daemon will wait for a connection to be established before exiting.
# @param [string] ne_ssl_version These directives allow you to specify how to
# @param [String] ne_ssl_version These directives allow you to specify how to
# use SSL/TLS.
# @param [string] ne_ssl_use_adh This is for backward compatibility and is
# @param [String] ne_ssl_use_adh This is for backward compatibility and is
# DEPRECATED. Set to 1 to enable ADH or 2 to require ADH. 1 is currently the
# default but will be changed in a later version.
# @param [string] ne_ssl_cipher_list ciphers can be used. For backward
# @param [String] ne_ssl_cipher_list ciphers can be used. For backward
# compatibility, this defaults to 'ssl_cipher_list=ALL:!MD5:@STRENGTH' in
# this version but will be changed in a later version of NRPE.
# @param [string] ne_ssl_cacert_file path and name of the ssl certificate
# @param [String] ne_ssl_cacert_file path and name of the ssl certificate
# authority (ca) file / chain. must be full path.
# @param [string] ne_ssl_cert_file path and name of the server ssl certificate.
# @param [String] ne_ssl_cert_file path and name of the server ssl certificate.
# must include full path.
# @param [string] ne_ssl_privatekey_file path and name of the server ssl
# @param [String] ne_ssl_privatekey_file path and name of the server ssl
# private key. Must include full path.
# @param [string] ne_ssl_client_certs determines client certificate usage.
# @param [String] ne_ssl_client_certs determines client certificate usage.
# Values: 0 = Don't ask for or require client certificates
# 1 = Ask for client certificates
# 2 = Require client certificates
# @param [string] ne_ssl_logging determines which SSL messages are send to
# @param [String] ne_ssl_logging determines which SSL messages are send to
# syslog. OR values together to specify multiple options.
# Values: 0x00 (0) = No additional logging (default)
# 0x01 (1) = Log startup SSL/TLS parameters
@@ -78,109 +61,105 @@
# 0x10 (16) = Log if client has a certificate
# 0x20 (32) = Log details of client's certificate if it has one
# -1 or 0xff or 0x2f = All of the above
# @param [array] ne_nasty_metachars list of characters that cannot
# @param [Array] ne_nasty_metachars list of characters that cannot
# be passed to the NRPE daemon.
# @param [string] ne_include_file include definitions from an external
# @param [String] ne_include_file include definitions from an external
# config file.
# @param [string] ne_fw_order_no ordering prefix for he firewall rules. Adjust
# @param [String] ne_fw_order_no ordering prefix for he firewall rules. Adjust
# to your environment if needed.
# @param [string] ne_ssl_opts Specify additional SSL options.
# @param [string] ne_user the NRPE service user
# @param [string] ne_user_comment The comment for the service user /etc/passwd
# @param [string] ne_user_uid the UID for the service user
# @param [string] ne_user_home the home for the service user
# @param [string] ne_user_shell the shell for the service user.
# @param [string] ne_user_groups additional groups for the service user.
# @param [string] ne_server_address the network interfaces to listen on
# @param [string] ne_allow_weak_rnd_seed Whether to allow weak random seeds
# @param [string] ne_include_selinux Whether to manage selinux
# @param [boolean] ne_enable_ssl Whether to enable SSL certificates.
# @param [array] reqpackages which packages to install
# @param [boolean] ne_manage_cmds Whether to manage command rules for NRPE
# @param [String] ne_ssl_opts Specify additional SSL options.
# @param [String] ne_user the NRPE service user
# @param [String] ne_user_comment The comment for the service user /etc/passwd
# @param [String] ne_user_uid the UID for the service user
# @param [String] ne_user_home the home for the service user
# @param [String] ne_user_shell the shell for the service user.
# @param [String] ne_user_groups additional groups for the service user.
# @param [String] ne_server_address the network interfaces to listen on
# @param [String] ne_allow_weak_rnd_seed Whether to allow weak random seeds
# @param [String] ne_include_selinux Whether to manage selinux
# @param [Boolean] ne_enable_ssl Whether to enable SSL certificates.
# @param [Array] reqpackages which packages to install
# @param [Boolean] ne_manage_cmds Whether to manage command rules for NRPE
# checks, to allow dynamic check & command rules.
###############################################################################
class cd_nrpe::params (
$pkg_ensure = 'latest',
$reqpackages = ['nrpe','nrpe-selinux'],
String $pkg_ensure = 'latest',
Array $reqpackages = ['nrpe','nrpe-selinux'],
$ne_manage_cmds = true,
Boolean $ne_manage_cmds = true,
# NRPE user settings
$ne_user = 'nrpe',
$ne_user_comment = 'NRPE service user',
$ne_user_uid = '1005',
$ne_user_home = '/var/run/nrpe',
$ne_user_groups = undef,
$ne_user_shell = '/sbin/nologin',
String $ne_user = 'nrpe',
String $ne_user_comment = 'NRPE service user',
String $ne_user_uid = '1005',
String $ne_user_home = '/var/run/nrpe',
Optional[String] $ne_user_groups = undef,
String $ne_user_shell = '/sbin/nologin',
# nrpe.cfg
$ne_log_facility = 'daemon',
$ne_log_file = '',
$ne_debug = '0',
$ne_nrpe_port = '5666',
$ne_server_address = '0.0.0.0',
$ne_listen_queue_size = '5',
$ne_nagios_server = $::nagios_server,
$ne_dont_blame_nrpe = '1',
$ne_allow_bash_cmd_subst = '1',
$ne_allow_sudo = true,
$ne_command_prefix = '/usr/bin/sudo',
$ne_command_timeout = '60',
$ne_connection_timeout = '300',
$ne_allow_weak_rnd_seed = '1',
$ne_enable_ssl = false,
$ne_ssl_version = 'TLSv2+',
$ne_ssl_use_adh = '1',
$ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
$ne_ssl_cacert_file = '/etc/pki/tls/certs/ca-chain.crt.pem',
$ne_ssl_cert_file = "/etc/pki/tls/certs/${::fqdn}.crt.pem",
$ne_ssl_privatekey_file = "/etc/pki/tls/private/${::fqdn}.key.pem",
$ne_ssl_client_certs = '2',
$ne_ssl_logging = '0x00',
$ne_nasty_metachars = ["|`&><'\\[]{};\r\n"],
$ne_include_file = '',
String $ne_log_facility = 'daemon',
String $ne_log_file = '',
String $ne_debug = '0',
String $ne_nrpe_port = '5666',
String $ne_server_address = '0.0.0.0',
String $ne_listen_queue_size = '5',
String $ne_nagios_server = $::nagios_server,
String $ne_dont_blame_nrpe = '1',
String $ne_allow_bash_cmd_subst = '1',
Boolean $ne_allow_sudo = true,
String $ne_command_prefix = '/usr/bin/sudo',
String $ne_command_timeout = '60',
String $ne_connection_timeout = '300',
String $ne_allow_weak_rnd_seed = '1',
Boolean $ne_enable_ssl = false,
String $ne_ssl_version = 'TLSv2+',
String $ne_ssl_use_adh = '1',
String $ne_ssl_cipher_list = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',
String $ne_ssl_cacert_file = '/etc/pki/tls/certs/ca-chain.crt.pem',
String $ne_ssl_cert_file = "/etc/pki/tls/certs/${::fqdn}.crt.pem",
String $ne_ssl_privatekey_file = "/etc/pki/tls/private/${::fqdn}.key.pem",
String $ne_ssl_client_certs = '2',
String $ne_ssl_logging = '0x00',
Array $ne_nasty_metachars = ["|`&><'\\[]{};\r\n"],
String $ne_include_file = '',
# nrpe.conf
$ne_ssl_opts = '',
String $ne_ssl_opts = '',
# firewall
$ne_incl_fw = true,
$ne_fw_order_no = '50',
Boolean $ne_incl_fw = true,
String $ne_fw_order_no = '50',
# selinux
$ne_include_selinux = true,
Boolean $ne_include_selinux = true,
) {
# service
$ne_service = 'nrpe'
$ne_service = 'nrpe'
# directories
$ne_main_conf_d_dir = '/etc/nrpe.d'
$ne_run_dir = '/var/run/nrpe'
$ne_main_conf_d_dir = '/etc/nrpe.d'
$ne_run_dir = '/var/run/nrpe'
# files
$ne_main_conf_file = '/etc/nagios/nrpe.cfg'
$ne_main_conf_erb = 'cd_nrpe/nrpe_cfg.erb'
$ne_nrpe_pid_file = "${ne_run_dir}/nrpe.pid"
$ne_nrpe_conf_file = '/etc/sysconfig/nrpe'
$ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb'
$ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg"
$ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb'
$ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb'
$ne_sudo_file = '/etc/sudoers.d/nagios_sudo'
$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb'
$ne_nrpe_te_file = "${ne_main_conf_d_dir}/nrpe.te"
$ne_nrpe_te_erb = 'cd_nrpe/nrpe.te.erb'
$ne_nrpe_mod_file = "${ne_main_conf_d_dir}/nrpe.mod"
$ne_checkmodule_nrpe_erb = 'cd_nrpe/checkmodule_nrpe.erb'
$ne_nrpe_pp_file = "${ne_main_conf_d_dir}/nrpe.pp"
$ne_semodule_erb = 'cd_nrpe/semodule_nrpe.erb'
$ne_main_conf_file = '/etc/nagios/nrpe.cfg'
$ne_main_conf_erb = 'cd_nrpe/nrpe_cfg.erb'
$ne_nrpe_pid_file = "${ne_run_dir}/nrpe.pid"
$ne_nrpe_conf_file = '/etc/sysconfig/nrpe'
$ne_nrpe_conf_erb = 'cd_nrpe/nrpe_conf.erb'
$ne_cmd_file = "${ne_main_conf_d_dir}/commands.cfg"
$ne_cmd_head_erb = 'cd_nrpe/cmd_head.erb'
$ne_cmd_rule_erb = 'cd_nrpe/cmd_rule.erb'
$ne_sudo_file = '/etc/sudoers.d/nagios_sudo'
$ne_sudo_rule_erb = 'cd_nrpe/sudo_rule.erb'
$ne_nrpe_te_file = "${ne_main_conf_d_dir}/nrpe.te"
$ne_nrpe_te_erb = 'cd_nrpe/nrpe.te.erb'
$ne_nrpe_mod_file = "${ne_main_conf_d_dir}/nrpe.mod"
$ne_checkmodule_nrpe_erb = 'cd_nrpe/checkmodule_nrpe.erb'
$ne_nrpe_pp_file = "${ne_main_conf_d_dir}/nrpe.pp"
$ne_semodule_erb = 'cd_nrpe/semodule_nrpe.erb'
# includes must be last
include cd_nrpe::main::config
}

45
manifests/selinux/config.pp
View File

@@ -1,54 +1,35 @@
## cd_nrpe::selinux::config.pp # Module name: cd_nrpe
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# # License:
# This file is part of cd_nrpe.
#
# cd_nrpe is used for providing automatic configuration of NRPE
# Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Class manages all aspects of configuring selinux for NRPE.
##############################################################################
class cd_nrpe::selinux::config (
) inherits cd_nrpe::params {
if $ne_include_selinux == true {
# manage allow nagios sudo
exec { 'nagios_run_sudo':
command => 'setsebool -P nagios_run_sudo 1',
path => ['/usr/bin','/usr/sbin'],
cwd => '/tmp',
unless => 'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"'
command => 'setsebool -P nagios_run_sudo 1',
path => ['/usr/bin','/usr/sbin'],
cwd => '/tmp',
unless => 'getsebool nagios_run_sudo | awk \'{print$3}\' | grep -ic "on"'
}
# create policy file for sudo selinux policy
exec { 'create_nrpe_pp':
command => template($ne_checkmodule_nrpe_erb),
user => 'root',
creates => $ne_nrpe_pp_file,
refreshonly => true,
notify => Exec['import_semodule_nrpe'],
command => template($ne_checkmodule_nrpe_erb),
user => 'root',
creates => $ne_nrpe_pp_file,
refreshonly => true,
notify => Exec['import_semodule_nrpe'],
}
# import semodule
exec { 'import_semodule_nrpe':
command => template($ne_semodule_erb),
user => 'root',
unless => '/sbin/semodule -l | grep nrpe | grep -v nrpe_',
refreshonly => true,
command => template($ne_semodule_erb),
user => 'root',
unless => '/sbin/semodule -l | grep nrpe | grep -v nrpe_',
refreshonly => true,
}
}
}