[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [hobbit] client file check
- To: <hobbit (at) hswn.dk>
- Subject: RE: [hobbit] client file check
- From: "Brand, Thomas R." <TRBrand (at) cvs.com>
- Date: Tue, 7 Jul 2009 13:29:42 -0400
- References: <37752EAC00ED92488874A27A4554C2F303330A2A (at) lzbs6301.na.lzb.hq> <4A525711.8090507 (at) makelofine.org> <E38DCD6606C55F499A4125611AB8D9960735DACB (at) cvsexbpd2.Corp.CVS.com> <37752EAC00ED92488874A27A4554C2F303330A30 (at) lzbs6301.na.lzb.hq>
- Thread-index: Acn+dAfMeSjSN4eqQiG1CWoUS9B/2QAAfD9QACXuoIAABfqroA==
- Thread-topic: [hobbit] client file check
> -----Original Message-----
> From: Scot Kreienkamp [mailto:SKreien (at) la-z-boy.com]
> Sent: Tuesday, July 07, 2009 10:19 AM
> To: hobbit (at) hswn.dk
> Subject: RE: [hobbit] client file check
>
> That doesn't work. It doesn't like the backticks in client-local.cfg.
> Now my clients say no files checked.
>
> Thanks,
>
> Scot Kreienkamp
> La-Z-Boy Inc.
> skreien (at) la-z-boy.com
> 734-242-1444 ext 6379
>
> -----Original Message-----
> From: Brand, Thomas R. [mailto:TRBrand (at) cvs.com]
> Sent: Monday, July 06, 2009 4:31 PM
> To: hobbit (at) hswn.dk
> Subject: RE: [hobbit] client file check
>
>
> > -----Original Message-----
> > From: dOCtoR MADneSs [mailto:doctor (at) makelofine.org]
> >
> > You could try something like this :
> > in local-client.cfg add a section for this host :
> > [my_host]
> > file:`sudo ls /your/file`
> > and in hobbit-clients.cfg add a line in your host section :
> > HOST=my_host
> > FILE /your/file YOUR_SWITCHES
> >
> > anyone disagree with it ?
>
> Somewhat of a security risk; when using sudo, I recommend using
> full path to the executable:
> sudo /bin/ls /your/file
>
> and in your /etc/sudoers file:
>
> # Hobbit may run /bin/ls but flags are not allowed
> hobbit ALL = NOPASSWD: /bin/ls [!-]*
>
>
> t09trbrxs# su - hobbit
> hobbit (at) t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys
> /root/.ssh/authorized_keys
> hobbit (at) t09trbrxs:~> sudo /bin/ls --color=always
> /root/.ssh/authorized_keys
> hobbit's password:
> hobbit (at) t09trbrxs:~>
>
Did you add a corresponding rule in hobbit-clients.cfg ?
Example rule from my hobbit-clients.cfg file:
# Check for core dump files; see "client-local.cfg" file
FILE "%.*(core|hs_err_pid.*log).*" yellow NOEXIST
This matches the below check in client-local.cfg
file:`find / -maxdepth 1 -name "*core*" -mmin -360 2>/dev/null`
So, if the client finds a core file in the root directory
(/some_core_file) it reports it to the server; on the server the FILE
rule says
"set the 'files' column to YELLOW if a *core* file is found'
which causes the web page to show:
---------------------------------------------------
Files status at Tue Jul 7 10:20:08 PDT 2009
! /core.20090707.050107.2457.dmp
File exists
-----------------------------------------------------
Then you need to set an appropriate ALERT in hobbit-alerts.cfg:
HOST=testbox SERVICE=files
MAIL yourEmail (at) yourmail.com COLOR=YELLOW