Icinga2: monitor apache or nginx configuration

Icinga2 can check various things using nagios-style scripts.

It can also run specific commands, as far as they provide the required return code.

When dealing with automated upgrades or multiple users managing different parts of apache or nginx configuration files, it's best to check if the overall configuration is still correct.

Icinga2 can periodically checks for apache2ctl -t / nginx -t, and warns if anything is wrong.

It requires new commands. One for apache and one for nginx.

For apache2:

object CheckCommand "Apache check command" {
    import "plugin-check-command"
    command = "/usr/bin/sudo /usr/sbin/apache2ctl -t || exit 2"
}

For nginx:

object CheckCommand "Nginx check command" {
    import "plugin-check-command"
    command = "/usr/bin/sudo /usr/sbin/nginx -t || exit 2"
}

If using Icinga director, make sure to enable the "Render as string" option.

Sudo rules to allow icinga2 to run as root those commands, assuming icinga2 runs as nagios user:

nagios ALL=(root) NOPASSWD: /usr/sbin/apache2ctl -t
nagios ALL=(root) NOPASSWD: /usr/sbin/nginx -t

Once done, create a service on required hosts. If anything goes wrong, you'll know why !

icinga-apache-config-service.png, déc. 2021

apache configuration is not ok, déc. 2021

vmware 7.1.4 and linux-2.6.38

Since few kernels, vmware won't compile, or at least the vmnet driver won't compile. CC [M] /tmp/vmware-root/modules/vmnet-only/driver.o /tmp/vmware-root/modules/vmnet-only/driver.c: In function ‘VNetFileOpUnlockedIoctl’: /tmp/vmware-root/modules/vmnet-only/driver.c:1137: error: implicit declaration  […]

Lire la suite

[Symfony] Coupling sfDoctrineGuardPlugin and fail2ban

Recently I created a quite sensible application using symfony 1.4. As many people, I chose sfDoctrineGuardPlugin as authentication/password recovery/account managing system. But even with this piece of software, you are still vulnerable to bruteforce attacks.

I though of hacking sfDoctrineGuardPlugin's code to create some rules and attack detections. But those systems are quite tricky to create and calibrate. It must not be too aggressive nor too permissive. I wanted something that can bail out someone after $some tries in a $certain time. That implied that I would have to record every try with the current time, and calculate a ratio within which a user can login or not. I seemed simple, then it got too complicated.

Lire la suite

PHP bench: isset vs array_key_exists

I tested the rapidity of isset vs array_key_exists. I always thougt that array_key_exists would be the winner ... Here is my script : ┌─(yoda@ev5)(14:25:29) └─(~/var/www/test)-> cat isset_array-key-exists.php #!/usr/bin/php <?php   define('N', "\n");   error_reporting(E_ALL |  […]

Lire la suite

Symfony, tasks and return values

In symfony, it's possible to return a value in your execute() method. Let's create a test task : ┌─(yoda@box)(09:46:59) └─(~/var/www/test)-> ./symfony generate:task test >> task Creating "/home/yoda/var/www/test.../testTask.class.php" task file Adding a return value at the end of  […]

Lire la suite

[PHP] Pensez à STDClass

Il arrive souvent qu'on ai besoin de retourner plusieurs informations distinctes dans une fonction ou une méthode. La plupart du temps, il suffit de retourner un tableau indexé de manière intelligente. class CSS { public function getDeclaration($pDeclaration) { list($key, $value) = explode(':',  […]

Lire la suite

Haut de page