Jérémy Lecour
03c53433d6
minifirewall_status returns "started" on stdout and exit code 0, or "stopped" on stdout and exit code 1. The state of minifirewall is determined by looking for common iptables rules applied by minifirewall. check_minifirewall is an NRPE plugin for minifirewall. It returns: * 0 (OK) if the firewall state is consistent with its configuration (from the alert5 script) * 1 (WARNING) if the firewall is started but alert5 is not configured properly * 2 (CRITICAL) if the firewall is not running but it should be.
57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
---
|
|
|
|
- include_role:
|
|
name: remount-usr
|
|
|
|
- name: /usr/share/scripts exists
|
|
file:
|
|
dest: /usr/share/scripts
|
|
mode: "0700"
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
|
|
- name: minifirewall_status is installed
|
|
copy:
|
|
src: minifirewall_status
|
|
dest: /usr/share/scripts/minifirewall_status
|
|
force: no
|
|
mode: "0700"
|
|
owner: root
|
|
group: root
|
|
|
|
- name: /usr/local/lib/nagios/plugins/ exists
|
|
file:
|
|
dest: "{{ item }}"
|
|
mode: "02755"
|
|
owner: root
|
|
group: staff
|
|
state: directory
|
|
with_items:
|
|
- /usr/local/lib/nagios
|
|
- /usr/local/lib/nagios/plugins
|
|
|
|
- name: check_minifirewall is installed
|
|
copy:
|
|
src: check_minifirewall
|
|
dest: /usr/local/lib/nagios/plugins/check_minifirewall
|
|
force: no
|
|
mode: "0755"
|
|
owner: root
|
|
group: staff
|
|
|
|
- name: check_minifirewall is available for NRPE
|
|
lineinfile:
|
|
dest: /etc/nagios/nrpe.d/evolix.cfg
|
|
regexp: 'command\[check_minifirewall\]'
|
|
line: 'command[check_minifirewall]=sudo /usr/local/lib/nagios/plugins/check_minifirewall'
|
|
notify: restart nagios-nrpe-server
|
|
|
|
- name: sudo without password for nagios
|
|
lineinfile:
|
|
dest: /etc/sudoers.d/evolinux
|
|
regexp: 'check_minifirewall'
|
|
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall'
|
|
insertafter: '^nagios'
|
|
validate: "visudo -cf %s"
|