Commandes à copier/coller pour récupérer les scripts de check
This commit is contained in:
parent
3a0105ea2e
commit
1bb15cc057
|
@ -128,14 +128,20 @@ Générer un mot de passe pour l'accès à l'interface de management (nécessair
|
||||||
# apg -n1 -m 12 > /etc/openvpn/management-pwd
|
# apg -n1 -m 12 > /etc/openvpn/management-pwd
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
On peut utiliser le check NRPE OpenVPN suivant [pour Debian](https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_debian.pl) ou [pour OpenBSD](https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_openbsd.pl) :
|
On peut utiliser le check NRPE OpenVPN suivant pour monitorer le service OpenVPN [pour Debian](https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_debian.pl) ou [pour OpenBSD](https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_openbsd.pl), à ajouter dans la configuration NRPE :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
## Debian
|
## Debian
|
||||||
|
# wget https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_debian.pl -O /usr/local/lib/nagios/plugins/check_openvpn
|
||||||
|
# chmod 755 /usr/local/lib/nagios/plugins/check_openvpn
|
||||||
|
# chown root:nagios /usr/local/lib/nagios/plugins/check_openvpn
|
||||||
# apt install libnet-telnet-perl
|
# apt install libnet-telnet-perl
|
||||||
# /usr/local/lib/nagios/plugins/check_openvpn -H 127.0.0.1 -p 1195 -P $MANAGEMENT_PWD
|
# /usr/local/lib/nagios/plugins/check_openvpn -H 127.0.0.1 -p 1195 -P $MANAGEMENT_PWD
|
||||||
|
|
||||||
## OpenBSD
|
## OpenBSD
|
||||||
|
# wget https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_openbsd.pl -O /usr/local/libexec/nagios/plugins/check_openvpn.pl
|
||||||
|
# chmod 755 /usr/local/libexec/nagios/plugins/check_openvpn.pl
|
||||||
|
# chown root:wheel /usr/local/libexec/nagios/plugins/check_openvpn.pl
|
||||||
# pkg_add p5-Net-Telnet
|
# pkg_add p5-Net-Telnet
|
||||||
# /usr/local/libexec/nagios/plugins/check_openvpn.pl -H 127.0.0.1 -p 1195 -P $MANAGEMENT_PWD
|
# /usr/local/libexec/nagios/plugins/check_openvpn.pl -H 127.0.0.1 -p 1195 -P $MANAGEMENT_PWD
|
||||||
~~~
|
~~~
|
||||||
|
@ -144,11 +150,17 @@ On peut également utiliser le [check NRPE suivant](https://gitea.evolix.org/evo
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
## Debian
|
## Debian
|
||||||
|
# wget https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_certificates.sh -O /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh
|
||||||
|
# chmod 755 /usr/local/lib/nagios/plugins/check_openvpn
|
||||||
|
# chown root:nagios /usr/local/lib/nagios/plugins/check_openvpn
|
||||||
# visudo -f /etc/sudoers.d/openvpn
|
# visudo -f /etc/sudoers.d/openvpn
|
||||||
nagios ALL=NOPASSWD: /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh
|
nagios ALL=NOPASSWD: /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh
|
||||||
# sudo /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh
|
# sudo /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh
|
||||||
|
|
||||||
## OpenBSD
|
## OpenBSD
|
||||||
|
# wget https://gitea.evolix.org/evolix/ansible-roles/raw/branch/unstable/openvpn/files/check_openvpn_certificates.sh -O /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||||
|
# chmod 755 /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||||
|
# chown root:wheel /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||||
# vim /etc/doas.conf
|
# vim /etc/doas.conf
|
||||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||||
# doas /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
# doas /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||||
|
@ -157,6 +169,9 @@ permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_
|
||||||
Un script [cert-expirations.sh](https://gitea.evolix.org/evolix/shellpki/raw/branch/dev/cert-expirations.sh) peut être mis en cron pour avertir régulièrement des prochaines expirations des certificats clients et serveur :
|
Un script [cert-expirations.sh](https://gitea.evolix.org/evolix/shellpki/raw/branch/dev/cert-expirations.sh) peut être mis en cron pour avertir régulièrement des prochaines expirations des certificats clients et serveur :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
|
# wget https://gitea.evolix.org/evolix/shellpki/raw/branch/dev/cert-expirations.sh -O /usr/share/scripts/cert-expirations.sh
|
||||||
|
# chmod +x /usr/share/scripts/cert-expirations.sh
|
||||||
|
# crontab -e
|
||||||
@monthly /usr/share/scripts/cert-expirations.sh | mail -E -s "PKI VPN XXX : recapitulatif expirations" mail@example.com
|
@monthly /usr/share/scripts/cert-expirations.sh | mail -E -s "PKI VPN XXX : recapitulatif expirations" mail@example.com
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue