Icinga2 configuration file generator for hosts, commands, checks, ... in python
Project description
Icinga2 configuration generator
Icinga2 configuration file generator for hosts, commands, checks, ... in python
Copyright (c) 2020 Fabian Fröhlich mail@icinga2.confgen.org https://icinga2.confgen.org
Full License Information see LICENSE file in root directory of this source code and License section of this File.
Setup
Required
- install check plugins, that you need e.g. our Plugins, Monitoring Plugins or Nagios Plugins
- install icinga2
- install icingaweb2
- install python 3.7 (other versions may also work)
- create group
monitorpermissions
and add usericinga2
to the group (usermod -aG monitorpermissions icinga2
). Note that the username, who runs icinga2 daemon, may be different.
Optional
Install our Plugins
Just copy or link the plugins into your plugindir
. A few plugins need other libaries as curl
or dig
. See installation instructions for each check for details or run the plugin and follow instructions.
Deny TLS Version check
Check if a Server denies a TLS Version. It is recommended to check TLSv1.0 and TLSv1.1.
- require
curl
- link or copy
plugins/check_deny_tls_version.sh
toplugindir
Path exist
Check if a Dir or File exist
- link or copy
plugins/check_path_exists.sh
toplugindir
Group Members
Check Members of given group
- link or copy
plugins/check_group_members.py
toplugindir
NOTICE: It is recommended to check the sudoers of a server.
Existing users
Check if only given users exists
- link or copy
plugins/check_existing_users.py
toplugindir
Docker login
Check if login into docker registry succeed
- link or copy
plugins/check_docker_login.sh
toplugindir
- require
docker
- User of check must have the permission to execute docker commands. You can also run this command as sudo but you should only give the permission to execute
docker
as root.
NOTICE: Due security reasons, you should only use credentials without any privileges on the registry
Recommendated configuration for sudo on docker login
# /etc/sudoers.d/monitorpermissions
Cmnd_Alias DOCKERLOGIN = /usr/bin/docker login
%monitorpermissions ALL=NOPASSWD: DOCKERLOGIN
SSHD Security
Check the running configuration from sshd.
- link or copy
plugins/check_sshd_security.py
toplugindir
- require python3 (other versions may also work, change interpreter in executable)
- require sshd daemon
- require root access on
sshd -T
Recommendated configuration for sudo on sshd -T
# /etc/sudoers.d/monitorpermissions
Cmnd_Alias SSHDCONFIG = /usr/sbin/sshd -T
%monitorpermissions ALL=NOPASSWD: SSHDCONFIG
DNSSEC
Clone https://github.com/f-froehlich/check_dnssec_expiry and link check_dnssec_expiry.sh
into /usr/lib/nagios/plugins/
Be sure you have dig
installed
Notice
Because there are many different check plugin libraries we sort our commands and checks into different modules. Therefore we using the parameter description of the Plugins itself, so you can lookup the documentation of the plugins on there project page.
License
This section contains the additional terms of the AGPLv3 license agreement, a copy of the AGPLv3 is included in the LICENSE file.
-
Adaptation of the README.md is prohibited. The file must also be included with each copy without any modification.
-
Adjustments of any kind must be listed in the attached CHANGELOG.md file. It is sufficient to name the change and the reason for the change here and to give appropriate references to the processing in the source code at the appropriate place.
-
All edited copies must be made available on github. You have to fork the original repository or use a fork from the original repository.
-
You have to place the following link on your Homepage in a suitable place, if you using this software not only for your own Servers, Applications, ...:
We using monitoring configuration tools from <a href="https://icinga2.confgen.org">Fabian Fröhlich</a>
The wording is decisive here, so another language may be used. Attributes of the link may also be adjusted, but the link must be followable by web crawlers (e.g. Googlebot).
Furthermore, the imprint has to include a clear reference to the original github repository https://github.com/f-froehlich/icinga2-config-generator as well as the link mentioned above in the body text.
-
You have to sign up to a free account on our project page, if you are using this configuration generator in commercial way.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for icinga2confgen-0.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b375ff7d07227b3eaaff96df3cd0a3f5c82bcbe12538ee5d7817b93f16f3af38 |
|
MD5 | a0a9f2302500d12d19ff0efe0e82aa7c |
|
BLAKE2b-256 | 53a34ac3175ecef6b9b962661e76ee1f40c7492e9bb94f0c95a95fde1b4e2c88 |