blog [AdminSysGNULinux]

blog

Table des matières

4 billet(s) pour janvier 2026

2026:
- janvier

2025:
- mars
- avril
- mai
- juin
- juillet
- août
- septembre
- octobre
- novembre
- décembre

4 billet(s) pour janvier 2026

AWX sur K8S Kind - partage de fichier pour les blob - Execution pods	2026/01/26 10:15	Jean-Baptiste
Notes rsh rcp	2026/01/21 18:08	Jean-Baptiste
Git - Duplication d'un dépôt	2026/01/19 10:22	Jean-Baptiste
Exemple simple de conf Nagios	2026/01/14 10:07	Jean-Baptiste

Notes supervision consommation CPU

Voir :

Supervision - Sonde Nagios - Mémoire Linux & CPU via SNMP

A superviser

Nombre total de process
Nombre total de threads ps -efL |wc -l
Loadaverage
IOWAIT

IOWAIT

Voir : https://kb.vander.host/operating-systems/how-to-monitor-disk-performance-iowait-on-linux/

top
sar
iostat -d 2 %iowait
iostat -c 5 100
snmpget -Oqv -v3 localhost .1.3.6.1.4.1.2021.11.54.0

./centreon_plugins.pl --plugin=os::linux::snmp::plugin --hostname=localhost --snmp-version=3 --snmp-username "nagios" --authprotocol MD5 --authpassphrase "P@ssw0rd" --mode cpu-detailed --warning-wait=15 --critical-wait=25

Script check_cpu_stats.sh

Source : https://github.com/Napsty/check_cpu_stats/blob/main/check_cpu_stats.sh

check_cpu_stats.sh

#!/bin/bash
# ==============================================================================
# CPU Utilization Statistics plugin for Nagios 
#
# Original author:  Steve Bosek
# Creation date:    8 September 2007
# Description:      Monitoring plugin (script) to check cpu utilization statistics.
#                   This script has been designed and written on Unix platforms
#                   requiring iostat as external program.
#                   The script is used to query 6 of the key cpu statistics
#                   (user,system,iowait,steal,nice,idle) at the same time.
# History/Changes:  HISTORY moved out of plugin into Git repository / README.md
# License:          GNU General Public License v3.0 (GPL3), see LICENSE in Git repository
#
# Copyright 2007-2009,2011 Steve Bosek
# Copyright 2008 Bas van der Doorn
# Copyright 2008 Philipp Lemke
# Copyright 2016 Philipp Dallig
# Copyright 2022-2023 Claudio Kuenzler
#
# Usage:   ./check_cpu_stats.sh [-w <user,system,iowait>] [-c <user,system,iowait>] ( [-i <report interval>] [-n <report number> ] [-b <N,processname>])
#
# Example: ./check_cpu_stats.sh
#          ./check_cpu_stats.sh -w 70,40,30 -c 90,60,40
#          ./check_cpu_stats.sh -w 70,40,30 -c 90,60,40 -i 3 -n 5 -b '1,apache2' -b '1,running process'
# ========================================================================================
# -----------------------------------------------------------------------------------------
# Plugin description
PROGNAME=$(basename $0)
RELEASE="Revision 3.1.5"
 
# Paths to commands used in this script.  These may have to be modified to match your system setup.
export PATH=$PATH:/usr/local/bin:/usr/bin:/bin # Set path
IOSTAT="iostat"
#Needed for HP-UX
SAR="/usr/bin/sar"
 
# Nagios return codes
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
 
# Plugin default parameters value if not defined
LIST_WARNING_THRESHOLD=${LIST_WARNING_THRESHOLD:="70,40,30"}
LIST_CRITICAL_THRESHOLD=${LIST_CRITICAL_THRESHOLD:="90,60,40"}
INTERVAL_SEC=${INTERVAL_SEC:="1"}
NUM_REPORT=${NUM_REPORT:="3"}
# -----------------------------------------------------------------------------------------
# Check required commands
if [ `uname` = "HP-UX" ];then
  if [ ! -x $SAR ]; then
    echo "UNKNOWN: sar not found or is not executable by the nagios user."
    exit $STATE_UNKNOWN
  fi
else
  for cmd in iostat; do
  if ! `command -v ${cmd} >/dev/null 2>&1`; then
    echo "UNKNOWN: ${cmd} does not exist, please check if command exists and PATH is correct"
    exit ${STATE_UNKNOWN}
  fi
done
fi
# -----------------------------------------------------------------------------------------
# Functions plugin usage
print_release() {
  echo "$RELEASE"
  exit ${STATE_UNKNOWN}
}
 
print_usage() {
  echo ""
  echo "$PROGNAME $RELEASE - Monitoring plugin to check CPU Utilization"
  echo ""
  echo "Usage: check_cpu_stats.sh [-w] [-c] [-i] [-n] [-b]+"
  echo ""
  echo "  -w  Warning threshold in % for warn_user,warn_system,warn_iowait CPU (default : 70,40,30)"
  echo "  -c  Critical threshold in % for crit_user,crit_system,crit_iowait CPU (default : 90,60,40)"
  echo "  -i  Interval in seconds for iostat (default : 1)"
  echo "  -n  Number of reports for iostat (default : 3)"
  echo "  -b  The plugin will exit OK when condition matches (number of CPUs and process running), expects an input of N,process (e.g. 4,apache2). Can be used multiple times: -b 1,puppet -b 4,apache2 -b 4,containerd. Works only under Linux."
  echo "  -v  Show version"
  echo "  -h  Show this page"
  echo ""
  echo "Usage: $PROGNAME"
  echo "Usage: $PROGNAME --help"
  echo ""
  exit 0
}
 
print_help() {
  print_usage
    echo ""
    echo "This plugin will check cpu utilization (user,system,iowait,idle in %)"
    echo ""
  exit 0
}
# -----------------------------------------------------------------------------------------
# Parse parameters
if [ "${1}" = "--help" ]; then print_help; exit $STATE_UNKNOWN; fi
 
while getopts "c:w:i:n:b:hv" Input
do
  case ${Input} in
  w)      LIST_WARNING_THRESHOLD=${OPTARG};;
  c)      LIST_CRITICAL_THRESHOLD=${OPTARG};;
  i)      INTERVAL_SEC=${OPTARG};;
  n)      NUM_REPORT=${OPTARG};;
  b)      BAIL+=("${OPTARG}");;
  h)      print_help;;
  v)      print_release;;
  *)      print_help;;
  esac
done
# -----------------------------------------------------------------------------------------
# List to Table for warning threshold
TAB_WARNING_THRESHOLD=( `echo $LIST_WARNING_THRESHOLD | sed 's/,/ /g'` )
if [ "${#TAB_WARNING_THRESHOLD[@]}" -ne "3" ]; then
  echo "ERROR : Bad count parameter in Warning Threshold"
  exit $STATE_WARNING
else  
USER_WARNING_THRESHOLD=`echo ${TAB_WARNING_THRESHOLD[0]}`
SYSTEM_WARNING_THRESHOLD=`echo ${TAB_WARNING_THRESHOLD[1]}`
IOWAIT_WARNING_THRESHOLD=`echo ${TAB_WARNING_THRESHOLD[2]}` 
fi
 
# List to Table for critical threshold
TAB_CRITICAL_THRESHOLD=( `echo $LIST_CRITICAL_THRESHOLD | sed 's/,/ /g'` )
if [ "${#TAB_CRITICAL_THRESHOLD[@]}" -ne "3" ]; then
  echo "ERROR : Bad count parameter in CRITICAL Threshold"
  exit $STATE_WARNING
else 
USER_CRITICAL_THRESHOLD=`echo ${TAB_CRITICAL_THRESHOLD[0]}`
SYSTEM_CRITICAL_THRESHOLD=`echo ${TAB_CRITICAL_THRESHOLD[1]}`
IOWAIT_CRITICAL_THRESHOLD=`echo ${TAB_CRITICAL_THRESHOLD[2]}`
fi
 
if [ ${TAB_WARNING_THRESHOLD[0]} -ge ${TAB_CRITICAL_THRESHOLD[0]} -o ${TAB_WARNING_THRESHOLD[1]} -ge ${TAB_CRITICAL_THRESHOLD[1]} -o ${TAB_WARNING_THRESHOLD[2]} -ge ${TAB_CRITICAL_THRESHOLD[2]} ]; then
  echo "ERROR : Critical CPU Threshold lower as Warning CPU Threshold "
  exit $STATE_WARNING
fi 
# -----------------------------------------------------------------------------------------
# CPU Utilization Statistics Unix Plateform ( Linux,AIX,Solaris are supported )
case `uname` in
  Linux )
      CPU_REPORT=`iostat -c $INTERVAL_SEC $NUM_REPORT | sed -e 's/,/./g' | tr -s ' ' ';' | sed '/^$/d' | tail -1`
      CPU_REPORT_SECTIONS=`echo ${CPU_REPORT} | grep ';' -o | wc -l`
      CPU_USER=`echo $CPU_REPORT | cut -d ";" -f 2`
      CPU_NICE=`echo $CPU_REPORT | cut -d ";" -f 3`
      CPU_SYSTEM=`echo $CPU_REPORT | cut -d ";" -f 4`
      CPU_IOWAIT=`echo $CPU_REPORT | cut -d ";" -f 5`
      if [ ${CPU_REPORT_SECTIONS} -ge 6 ]; then
      CPU_STEAL=`echo $CPU_REPORT | cut -d ";" -f 6`
      CPU_IDLE=`echo $CPU_REPORT | cut -d ";" -f 7`
      NAGIOS_DATA="user=${CPU_USER}% system=${CPU_SYSTEM}%, iowait=${CPU_IOWAIT}%, idle=${CPU_IDLE}%, nice=${CPU_NICE}%, steal=${CPU_STEAL}% | CpuUser=${CPU_USER}%;${TAB_WARNING_THRESHOLD[0]};${TAB_CRITICAL_THRESHOLD[0]};0; CpuSystem=${CPU_SYSTEM}%;${TAB_WARNING_THRESHOLD[1]};${TAB_CRITICAL_THRESHOLD[1]};0; CpuIowait=${CPU_IOWAIT}%;${TAB_WARNING_THRESHOLD[2]};${TAB_CRITICAL_THRESHOLD[2]};0; CpuIdle=${CPU_IDLE}%;0;0;0; CpuNice=${CPU_NICE}%;0;0;0; CpuSteal=${CPU_STEAL}%;0;0;0;"
      else
      CPU_IDLE=`echo $CPU_REPORT | cut -d ";" -f 6`
      NAGIOS_DATA="user=${CPU_USER}% system=${CPU_SYSTEM}%, iowait=${CPU_IOWAIT}%, idle=${CPU_IDLE}%, nice=${CPU_NICE}%, steal=0.00% | CpuUser=${CPU_USER}%;${TAB_WARNING_THRESHOLD[0]};${TAB_CRITICAL_THRESHOLD[0]};0; CpuSystem=${CPU_SYSTEM}%;${TAB_WARNING_THRESHOLD[1]};${TAB_CRITICAL_THRESHOLD[1]};0; CpuIowait=${CPU_IOWAIT}%;${TAB_WARNING_THRESHOLD[2]};${TAB_CRITICAL_THRESHOLD[2]};0; CpuIdle=${CPU_IDLE}%;0;0;0; CpuNice=${CPU_NICE}%;0;0;0; CpuSteal=0.0%;0;0;0;"
      fi
 
      # Bail out possible under certain situations
      if [[ ${#BAIL[*]} -gt 0 ]]; then
        BC_CPU=$(nproc)
        o=0
	while [ ${o} -lt ${#BAIL[*]} ]; do
          BAIL_CPU[${o}]=$(echo "${BAIL[${o}]}" | awk -F',' '{print $1}')
          BAIL_PROCESS[${o}]=$(echo "${BAIL[${o}]}" | awk -F',' '{print $2}')
          BC_PROCESS=$(ps aux | grep "${BAIL_PROCESS[${o}]}" | egrep -v "(grep|check_cpu_stats)" | awk '{print $2}')
          if [[ ${BAIL_CPU[${o}]} -eq ${BC_CPU} && ${BC_PROCESS} -gt 0 ]]; then
            echo "CPU STATISTICS OK - bailing out because of matched bailout patterns - ${NAGIOS_DATA}"
            exit $STATE_OK
          fi
          let o++
        done
      fi
 
      ;;
  AIX ) CPU_REPORT=`iostat -t $INTERVAL_SEC $NUM_REPORT | sed -e 's/,/./g'|tr -s ' ' ';' | tail -1`
      CPU_USER=`echo $CPU_REPORT | cut -d ";" -f 4`
      CPU_SYSTEM=`echo $CPU_REPORT | cut -d ";" -f 5`
      CPU_IOWAIT=`echo $CPU_REPORT | cut -d ";" -f 7`
      CPU_IDLE=`echo $CPU_REPORT | cut -d ";" -f 6`
      NAGIOS_DATA="user=${CPU_USER}% system=${CPU_SYSTEM}%, iowait=${CPU_IOWAIT}%, idle=${CPU_IDLE}%, nice=0.00%, steal=0.00% | CpuUser=${CPU_USER}%;${TAB_WARNING_THRESHOLD[0]};${TAB_CRITICAL_THRESHOLD[0]};0; CpuSystem=${CPU_SYSTEM}%;${TAB_WARNING_THRESHOLD[1]};${TAB_CRITICAL_THRESHOLD[1]};0; CpuIowait=${CPU_IOWAIT}%;${TAB_WARNING_THRESHOLD[2]};${TAB_CRITICAL_THRESHOLD[2]};0; CpuIdle=${CPU_IDLE}%;0;0;0; CpuNice=0.0%;0;0;0; CpuSteal=0.0%;0;0;0;"
            ;;
  SunOS ) CPU_REPORT=`iostat -c $INTERVAL_SEC $NUM_REPORT | tail -1`
          CPU_USER=`echo $CPU_REPORT | awk '{ print $1 }'`
          CPU_SYSTEM=`echo $CPU_REPORT | awk '{ print $2 }'`
          CPU_IOWAIT=`echo $CPU_REPORT | awk '{ print $3 }'`
          CPU_IDLE=`echo $CPU_REPORT | awk '{ print $4 }'`
          NAGIOS_DATA="user=${CPU_USER}% system=${CPU_SYSTEM}%, iowait=${CPU_IOWAIT}%, idle=${CPU_IDLE}%, nice=0.00%, steal=0.00% | CpuUser=${CPU_USER}%;${TAB_WARNING_THRESHOLD[0]};${TAB_CRITICAL_THRESHOLD[0]};0; CpuSystem=${CPU_SYSTEM}%;${TAB_WARNING_THRESHOLD[1]};${TAB_CRITICAL_THRESHOLD[1]};0; CpuIowait=${CPU_IOWAIT}%;${TAB_WARNING_THRESHOLD[2]};${TAB_CRITICAL_THRESHOLD[2]};0; CpuIdle=${CPU_IDLE}%;0;0;0; CpuNice=0.0%;0;0;0; CpuSteal=0.0%;0;0;0;"
          ;;
  HP-UX) CPU_REPORT=`$SAR $INTERVAL_SEC $NUM_REPORT | grep Average`
          CPU_USER=`echo $CPU_REPORT | awk '{ print $2 }'`
          CPU_SYSTEM=`echo $CPU_REPORT | awk '{ print $3 }'`
          CPU_IOWAIT=`echo $CPU_REPORT | awk '{ print $4 }'`
          CPU_IDLE=`echo $CPU_REPORT | awk '{ print $5 }'`
          NAGIOS_DATA="user=${CPU_USER}% system=${CPU_SYSTEM}% iowait=${CPU_IOWAIT}% idle=${CPU_IDLE}% nice=0.00% steal=0.00% | CpuUser=${CPU_USER}%;${TAB_WARNING_THRESHOLD[0]};${TAB_CRITICAL_THRESHOLD[0]};0; CpuSystem=${CPU_SYSTEM}%;${TAB_WARNING_THRESHOLD[1]};${TAB_CRITICAL_THRESHOLD[1]};0; CpuIowait=${CPU_IOWAIT};${TAB_WARNING_THRESHOLD[2]};${TAB_CRITICAL_THRESHOLD[2]};0; CpuIdle=${CPU_IDLE}%;0;0;0; CpuNice=0.0%;0;0;0; CpuSteal=0.0%;0;0;0;"
          ;;  
  #  MacOS X test       
  # Darwin ) CPU_REPORT=`iostat -w $INTERVAL_SEC -c $NUM_REPORT | tail -1`
    #   CPU_USER=`echo $CPU_REPORT | awk '{ print $4 }'`
    #   CPU_SYSTEM=`echo $CPU_REPORT | awk '{ print $5 }'`
    #   CPU_IDLE=`echo $CPU_REPORT | awk '{ print $6 }'`
    #   NAGIOS_DATA="user=${CPU_USER}% system=${CPU_SYSTEM}% iowait=0.00% idle=${CPU_IDLE}% nice=0.00% steal=0.00% | CpuUser=${CPU_USER}%;${TAB_WARNING_THRESHOLD[0]};${TAB_CRITICAL_THRESHOLD[0]};0; CpuSystem=${CPU_SYSTEM}%;${TAB_WARNING_THRESHOLD[1]};${TAB_CRITICAL_THRESHOLD[1]};0; CpuIowait=0.0%;0;0;0; CpuIdle=${CPU_IDLE}%;0;0;0; CpuNice=0.0%;0;0;0; CpuSteal=0.0%;0;0;0;"
    #   ;;
  *)  echo "UNKNOWN: `uname` not yet supported by this plugin. Coming soon !"
      exit $STATE_UNKNOWN 
      ;;
esac
# -----------------------------------------------------------------------------------------
# Add for integer shell issue
CPU_USER_MAJOR=`echo $CPU_USER| cut -d "." -f 1`
CPU_SYSTEM_MAJOR=`echo $CPU_SYSTEM | cut -d "." -f 1`
CPU_IOWAIT_MAJOR=`echo $CPU_IOWAIT | cut -d "." -f 1`
CPU_IDLE_MAJOR=`echo $CPU_IDLE | cut -d "." -f 1`
# -----------------------------------------------------------------------------------------
# Return
if [ ${CPU_USER_MAJOR} -ge $USER_CRITICAL_THRESHOLD ]; then
    echo "CPU STATISTICS CRITICAL : ${NAGIOS_DATA}"
    exit $STATE_CRITICAL
    elif [ ${CPU_SYSTEM_MAJOR} -ge $SYSTEM_CRITICAL_THRESHOLD ]; then
    echo "CPU STATISTICS CRITICAL : ${NAGIOS_DATA}"
    exit $STATE_CRITICAL
    elif [ ${CPU_IOWAIT_MAJOR} -ge $IOWAIT_CRITICAL_THRESHOLD ]; then
    echo "CPU STATISTICS CRITICAL : ${NAGIOS_DATA}"
    exit $STATE_CRITICAL
    elif [ ${CPU_USER_MAJOR} -ge $USER_WARNING_THRESHOLD ] && [ ${CPU_USER_MAJOR} -lt $USER_CRITICAL_THRESHOLD ]; then
    echo "CPU STATISTICS WARNING : ${NAGIOS_DATA}"
    exit $STATE_WARNING 
    elif [ ${CPU_SYSTEM_MAJOR} -ge $SYSTEM_WARNING_THRESHOLD ] && [ ${CPU_SYSTEM_MAJOR} -lt $SYSTEM_CRITICAL_THRESHOLD ]; then
    echo "CPU STATISTICS WARNING : ${NAGIOS_DATA}"
    exit $STATE_WARNING 
    elif  [ ${CPU_IOWAIT_MAJOR} -ge $IOWAIT_WARNING_THRESHOLD ] && [ ${CPU_IOWAIT_MAJOR} -lt $IOWAIT_CRITICAL_THRESHOLD ]; then
    echo "CPU STATISTICS WARNING : ${NAGIOS_DATA}"
    exit $STATE_WARNING   
else
    echo "CPU STATISTICS OK : ${NAGIOS_DATA}"
    exit $STATE_OK
fi
 
echo "CPU STATISTICS UNKNOWN: Should never reach this."
exit $STATE_UNKNOWN

2025/03/24 15:06

brouillon, cpu, supervision, nagios, script, bash

Notes supervision check_mk

Voir :

Voir aussi : Nagios, Centreon, Shinken

Note : si vous n'avez pas encore choisi de solution de supervision, Pensez à regarder Zabbix.

Install de check_mk sur Debian

apt-get install xinetd check-mk-agent

n'oublier pas de modifier la ligne disable = yes

/etc/xinetd.d/check_mk

service check_mk
{
        type           = UNLISTED
        port           = 6556
        socket_type    = stream
        protocol       = tcp
        wait           = no
        user           = root
        server         = /usr/bin/check_mk_agent

        # If you use fully redundant monitoring and poll the client
        # from more then one monitoring servers in parallel you might
        # want to use the agent cache wrapper:
        #server         = /usr/bin/check_mk_caching_agent

        # configure the IP address(es) of your Nagios server here:
        #only_from      = 127.0.0.1 10.0.20.1 10.0.20.2

        # Don't be too verbose. Don't log every check. This might be
        # commented out for debugging. If this option is commented out
        # the default options will be used for this service.
        log_on_success =

        #disable        = yes
        disable        = no
}

systemctl restart xinetd

lsof -i TCP:6556
nc 127.0.0.1 6556

2025/03/24 15:06

brouillon, supervision

Notes supervision - plugin Nagios - centreon_plugins.pl

Voir :

Voir aussi :

https://packages.debian.org/sid/monitoring-plugins-contrib

Configure those extra SNMP options in the host/host template configuration in the SNMPEXTRAOPTIONS macro.

snmpwalk	centreon-plugins
-a	--authprotocol
-A	--authpassphrase
-u	--snmp-username
-x	--privprotocol
-X	--privpassphrase
-l	not needed (automatic)
-e	--securityengineid
-E	--contextengineid

On lance une fois cpan pour le configurer

cpan
 
# On ferme la session puis on la reouvre pour sourcer le .bashrc
exit
 
# Ou
source ~/.bashrc

cpan common/sense.pm
cpan Types/Serialiser.pm
cpan JSON
 
# Pour la commande net-snmp-config necessaire à cpan SNMP
#sudo apt-get install libsnmp-dev
#sudo yum install net-snmp-devel
 
cpan SNMP

Le plugin a besoin de pouvoir écrire

mkdir -p /var/lib/centreon/centplugins
chown nagios: /var/lib/centreon/ /var/lib/centreon/centplugins/
chmod 1777 /var/lib/centreon/centplugins/

./centreon_plugins.pl --list-plugin
./centreon_plugins.pl --list-plugin | grep ^PLUGIN | grep -i snmp | grep -i linux 
 
./centreon_plugins.pl --plugin os::linux::snmp::plugin
./centreon_plugins.pl --plugin os::linux::snmp::plugin --help
./centreon_plugins.pl --plugin os::linux::snmp::plugin --list-mode
./centreon_plugins.pl --plugin os::linux::snmp::plugin --memory
./centreon_plugins.pl --plugin os::linux::snmp::plugin --mode memory
./centreon_plugins.pl --plugin os::linux::snmp::plugin --mode memory --hostname localhost
./centreon_plugins.pl --plugin os::linux::snmp::plugin --mode memory --hostname localhost --help

./centreon_plugins.pl --plugin os::linux::snmp::plugin --mode memory --hostname localhost --snmp-version='3' --authpassphrase P@ssw0rd --snmp-username nagios --authprotocol MD5
OK: Ram Total: 15.25 GB Used (-buffers/cache): 1.95 GB (12.81%) Free: 13.30 GB (87.19%), Buffer: 94.79 MB, Cached: 2.05 GB, Shared: 555.96 MB | 'used'=2097471488B;;;0;16376958976 'free'=14279487488B;;;0;16376958976 'used_prct'=12.81%;;;0;100 'buffer'=99397632B;;;0; 'cached'=2202296320B;;;0; 'shared'=582967296B;;;0;

Exemple avec Fortigate

src/centreon_plugins.pl --plugin=network::fortinet::fortigate::snmp::plugin --mode=cluster-status --hostname=firewall --snmp-version='2c' --snmp-community='public'  --warning-status='%{role} !~ /master|slave/' --critical-status='%{sync_status} !~ /^synchronized/' --opt-exit warning --verbose --critical-total-nodes=2

Note : Pour certain plugin il est important d'écrire --hostname=localhost et non --hostname localhost, de même pour les autres arguments

Exemple conf Nagios

commands.cfg

define command{
        command_name    check_centreon_snmp_linux_disk_all
        command_line    $USER1$/centreon_plugins --plugin=os::linux::snmp::plugin --mode=storage --hostname=$HOSTADDRESS$ --snmp-version=3 --snmp-username "$USER6$" --authprotocol MD5 --authpassphrase "$USER7$" --filter-storage-type=hrStorageFixedDisk --add-access --critical-access=readOnly --warning-usage $ARG1$ --critical-usage $ARG2$ --name --regexp --storage='^((?!cdrom).)*$'
        }

mode multi

./centreon_plugins.pl --plugin=os::linux::snmp::plugin --hostname=localhost --snmp-version=3 --snmp-username "nagios" --authprotocol MD5 --authpassphrase "P@ssw0rd" --mode multi --modes-exec 'uptime,memory,swap,cpu'

Wrapper en bash

Dans notre cas les plugins sont tous dans /usr/local/nagios/libexec/ mais si on fait un lien symbolique ln -s /usr/local/nagios/libexec/centreon-plugins-develop/src/centreon_plugins /usr/local/nagios/libexec/ ça ne fonctionne pas.

D'où ce petit wrapper.

centreon_plugins

#! /bin/bash
set -euo pipefail
 
SCRIPT_DIR=$(readlink -m "$(dirname "$0")")
cd "${SCRIPT_DIR}/centreon-plugins-develop/src/" || exit 2
 
export PERL5LIB="/usr/local/nagios/lib/perl5/site_perl/5.8.8:/usr/local/nagios/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi"
exec perl ./centreon_plugins.pl "$@"

Il faut aussi les dépendances suivantes

yum install perl net-snmp-utils net-snmp-perl

Conf pour Centreon

Exemple :

$CENTREONPLUGINS$/centreon_plugins --plugin=network::fortinet::fortigate::snmp::plugin --hostname=$HOSTADDRESS$ --snmp-version='$_HOSTSNMPVERSION$' --snmp-community='$_HOSTSNMPCOMMUNITY$' --mode=cluster-status --warning-status='%{role} !~ /master|slave/' --critical-status='%{sync_status} !~ /^synchronized/' --opt-exit warning --critical-total-nodes=2 $_HOSTSNMPEXTRAOPTIONS$

Autres plugins Centreon similaires

$ rpm -qf /usr/lib/centreon/plugins/centreon_linux_snmp.pl
centreon-plugin-Operatingsystems-Linux-Snmp-20241107-152627.el8.noarch

/usr/lib/centreon/plugins/centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=memory --hostname=127.0.0.1 --snmp-version=3 --snmp-username=nagios --authprotocol=MD5 --authpassphrase='P@ssw0rd' --warning-usage=80 --critical-usage=90

Autres

ILO

/usr/lib/centreon/plugins/centreon_hp_ilo_restapi.pl --plugin=hardware::server::hp::ilo::restapi::plugin --mode=hardware --hostname='192.168.1.101' --api-username='sup_ro' --api-password='P@ssw0rd12345678'  --component='.*' --verbose --insecure

Centreon plugins - old

http://sugarbug.web4me.fr/atelier/techniques/plugins/plugins_centreon/

yum install git
git clone https://github.com/centreon/centreon-plugins.git
cd centreon-plugins/
chmod +x centreon_plugins.pl
cp -R * /usr/lib/centreon/plugins/

Test centreon_plugins.pl

/usr/lib/centreon/plugins/centreon_plugins.pl --version
/usr/lib/centreon/plugins/centreon_plugins.pl --list-plugin
/usr/lib/centreon/plugins/centreon_plugins.pl --plugin=os::linux::snmp::plugin --list-mode
/usr/lib/centreon/plugins/centreon_plugins.pl --plugin=os::linux::snmp::plugin --mode=load --hostname=127.0.0.1 --snmp-version=2c --snmp-community=public --verbose

/usr/lib/nagios/plugins/centreon_plugins.pl --list-plugin
/usr/lib/nagios/plugins/centreon_plugins.pl --plugin=apps::pacemaker::local::plugin --help
/usr/lib/nagios/plugins/centreon_plugins.pl --plugin=apps::pacemaker::local::plugin --list-mode
/usr/lib/nagios/plugins/centreon_plugins.pl --plugin=apps::pacemaker::local::plugin --mode crm --help
/usr/lib/nagios/plugins/centreon_plugins.pl --plugin=apps::pacemaker::local::plugin --mode crm --remote --hostname 192.168.10.3

Dell OpenManage

wget http://folk.uio.no/trondham/software/check_openmanage-3.7.12/check_openmanage
cd /usr/lib/nagios/plugins/
chown centreon:centreon-engine /usr/lib/nagios/plugins/check_openmanage
chmod 755 /usr/lib/nagios/plugins/check_openmanage

Test

# /usr/lib/nagios/plugins/check_openmanage -H 10.245.108.2
OK - System: 'PowerEdge R430', SN: '58RJZG2', 32 GB ram (2 dimms), 1 logical drives, 2 physical drives

Configuration Commands Checks check Command line :

$USER1$/check_openmanage -H $HOSTADDRESS$ -p $_HOSTSNMPVERSION$ -C $_HOSTSNMPCOMMUNITY$ '$_HOSTOPENMANAGE_OPTIONS$'

Configuration Services Templates Dell_OMSA Max Check Attempts : 5 Normal Check Interval : 5 Retry Check Interval: 5 Check Period : 24×7 Check Command : check_openmanage Relation / Linked to host templates / Selected “Servers-Dell-OMSA”

Configuration Hosts Templates “Servers-Dell-OMSA” Relation / Linked Service Templates / Selected “Dell_OMSA”

SNMP plugin

/usr/lib/centreon/plugins/centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=memory --hostname=$HOSTADDRESS$ --snmp-version=2c --snmp-community=public 
 
/usr/lib/centreon/plugins/centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=storage --hostname=$HOSTADDRESS$ --snmp-version='$_HOSTSNMPVERSION$' --snmp-community='$_HOSTSNMPCOMMUNITY$' $_HOSTSNMPEXTRAOPTIONS$ --storage='$_SERVICEFILTER$' --name --regexp --display-transform-src='$_SERVICETRANSFORMSRC$' --display-transform-dst='$_SERVICETRANSFORMDST$' --warning='$_SERVICEWARNING$' --critical='$_SERVICECRITICAL$' $_SERVICEEXTRAOPTIONS$ 
 
/usr/lib/centreon/plugins/centreon_linux_snmp.pl --plugin=os::linux::snmp::plugin --mode=storage --hostname=172.19.0.1 --snmp-version=2c --snmp-community=public --verbose --storage='.*' --name --regexp --display-transform-src='' --display-transform-dst='' --warning=80 --critical=90 $_SERVICEEXTRAOPTIONS$

$ /usr/lib/nagios/plugins/check_centreon_snmp_remote_storage -H 10.245.108.2 -s
hrStorage 1 :: Physical memory
hrStorage 3 :: Virtual memory
hrStorage 6 :: Memory buffers
hrStorage 7 :: Cached memory
hrStorage 8 :: Shared memory
hrStorage 10 :: Swap space
hrStorage 33 :: /dev
hrStorage 36 :: /sys/fs/cgroup
hrStorage 49 :: /etc/resolv.conf
hrStorage 50 :: /etc/hostname
hrStorage 51 :: /etc/hosts
hrStorage 52 :: /dev/shm
hrStorage 53 :: /run/secrets
hrStorage 54 :: /usr/lib/modules/3.10.0-862.3.2.el7.x86_64

$ /usr/lib/nagios/plugins/check_centreon_snmp_remote_storage -H 10.245.108.2 -d 10
Disk OK - Swap space TOTAL: 20.000GB USED: 0.003GB (0%) FREE: 19.997GB (100%)|size=21474832384B used=3145728B;19327349145;20401090764;0;21474832384

Pb

Le plugin Centreon pour Stormshield n'est compatible que en MD5|SHA

source : https://docs.centreon.com/pp/integrations/plugin-packs/procedures/network-stormshield-snmp/

SNMP v3 only: Authentication protocol: MD5|SHA. Since net-snmp 5.9.1: SHA224|SHA256|SHA384|SHA512.

Hors AlmaLinux release 8.10 (Cerulean Leopard) n'est pas compatible net-snmp 5.9.1. J'ai essayé de bidouiller et même de compiler net-snmp mais ça ne fonctionne pas. Il faut soit utiliser MD5/SHA1, soit passer à AlmaLinux 9, soit utiliser la commande snmpwalk/snmpget.

Err undefined symbol: Perl_Gthr_key_ptr

$ env PERL5LIB="/usr/local/nagios/lib/perl5/site_perl/5.8.8:/usr/local/nagios/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi" ./centreon_plugins.pl
/usr/bin/perl: symbol lookup error: /usr/local/nagios/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/auto/JSON/XS/XS.so: undefined symbol: Perl_Gthr_key_ptr

$ readelf -s /usr/local/nagios/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/auto/JSON/XS/XS.so | grep Perl_Gthr_key_ptr
    92: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT  UND Perl_Gthr_key_ptr
   196: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT  UND Perl_Gthr_key_ptr

$ ./centreon_plugins.pl
UNKNOWN: Need to specify '--plugin' option.

Voir Can't locate JSON/XS.pm in @INC

Err - Can't locate JSON/XS.pm in @INC

$ ./centreon_plugins --plugin=network::fortinet::fortigate::snmp::plugin --hostname=$HOSTADDRESS$ --snmp-version=3 --snmp-user14:09:26 [37/453$thprotocol MD5 --authpassphrase "$USER4$" --mode=cluster-status --warning-status='%{role} !~ /master|slave/' --critical-status='%{sync_status} !~ /^synchronized/' --opt-exit warning --critical-total-nodes=2
Can't locate JSON/XS.pm in @INC (@INC contains: /usr/local/nagios/libexec/centreon-plugins-develop/src /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/local/nagios/libexec/centreon-plugins-develop/src/centreon/plugins/misc.pm line 26.
BEGIN failed--compilation aborted at /usr/local/nagios/libexec/centreon-plugins-develop/src/centreon/plugins/misc.pm line 26.
Compilation failed in require at /usr/local/nagios/libexec/centreon-plugins-develop/src/centreon/plugins/output.pm line 25.
BEGIN failed--compilation aborted at /usr/local/nagios/libexec/centreon-plugins-develop/src/centreon/plugins/output.pm line 25.
Compilation failed in require at /usr/local/nagios/libexec/centreon-plugins-develop/src/centreon/plugins/script.pm line 25.
BEGIN failed--compilation aborted at /usr/local/nagios/libexec/centreon-plugins-develop/src/centreon/plugins/script.pm line 25.
Compilation failed in require at ./centreon_plugins.pl line 29. BEGIN failed--compilation aborted at ./centreon_plugins.pl line 29

Solution :

yum install perl net-snmp-utils net-snmp-perl

et définir correctement PERL5LIB

2025/03/24 15:06

brouillon, nagios, centreon, supervision, snmp, perl, bash, wrapper

Voir :

Pb sudo - Lenteur sudo
man sudo_root

Voir aussi :

OpenDoas
runuser / setpriv (util-linux)
sudoedit
sudoreplay
Linux capabilities : se passer des commandes su et sudo
https://blog.guillaume-gomez.fr/Linux-tips/1/2
sux (su X11)
sudoers Audit - list all users allow root privileges
PAM
Ansible sudo su become_method
Notes userhelper - usermode
gosu, setpriv, su-exec
userhelper
systemd-run -t bash ou systemd-run --shell
Pourquoi ne pas utiliser sudo dans un contener : https://docsaid.org/en/blog/gosu-usage/

Notes sudo et sudoers

sudo does fork+exec instead of just exec

visudo

jean ALL=(test) NOPASSWD: ALL

Utilisation

sudo -u test -s /bin/bash
echo 'ls /root/' |sudo -H -S -n bash

Test sudoers

sudo -l
sudo -U username -l
sudo -U username -ll

env_keep : Check environment variables sudo preserved :

sudo sudo -V

Exemple de Sudoers

Accès root sans mdp pour un utilisateur

# export EDITOR=vim
visudo -f /etc/sudoers.d/admin

/etc/sudoers.d/admin

jean        ALL=(ALL)       NOPASSWD: ALL

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
Defaults    requiretty
Host_Alias LOCAL_SERVER=servername
Cmnd_Alias CHK_MSG=/usr/local/bin/check_msg.sh
Defaults:nagios !requiretty
nagios LOCAL_SERVER=(ALL) NOPASSWD: CHK_MSG

operator ALL=(root) sudoedit /home/*/*/test.txt

user1     ALL = NOPASSWD: /bin/ln -s /dev/ttyACM[1-9] /dev/ttyS[1-9]
user1     ALL = NOPASSWD: /usr/bin/unlink /dev/ttyS[1-9]

Faire des groupes

sudo visudo -f /etc/sudoers.d/networking

Cmnd_Alias     CAPTURE = /usr/sbin/tcpdump
Cmnd_Alias     SERVERS = /usr/sbin/apache2ctl, /usr/bin/htpasswd
Cmnd_Alias     NETALL = CAPTURE, SERVERS
%netadmin ALL=NETALL

Demander le mot de passe du compte root au lieu de l'utilisateur

Defaults rootpwc

Demander le mot de passe x fois

Defaults passwd_tries=4

Timeout

Defaults timestamp_timeout=x

Defaults:peter timestamp_timeout=5

Logs

Defaults logfile=/var/log/sudo.log

Mails

#Defaults    mail_always
Defaults    mail_badpass
Defaults    mailto="<email@example.com>"

PATH

/etc/sudoers

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

Exemples sudoers

Exemple sudoedit

/etc/sudoers.d/sudoedit

exploit    ALL=(root) NOPASSWD: sudoedit /var/log/*log
exploit    ALL=(root) NOPASSWD: sudoedit /var/log/*.log.1
exploit    ALL=(root) NOPASSWD: sudoedit /var/log/*err
exploit    ALL=(root) NOPASSWD: sudoedit /var/log/*.gz

export EDITOR=vim
sudoedit /var/log/message.log
sudo -e /var/log/message.log

Alias

Cmnd_Alias ADMIN=/usr/bin/atop, /usr/bin/qps
jean ALL= NOPASSWD: ADMIN

Voir Sudo: You're Doing it Wrong

Defaults insults

# Users  Hosts = (Runas) Cmds
# %Group Hosts = (Runas) Cmds

%wheel ALL=(ALL) ALL

Defaults env_keep+="HOME SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK"

mwlucas dns1=ALL
mwlucas,pkdick dns1,dns2 = \
	/sbin/service names,/sbin/service syslogd


mwlucas db1 = (oracle) ALL
mwlucas dns[1-4]=ALL
mwlucas ALL = /usr/local/sbin/*

mwlucas ALL=/opt/bin/program -[acQ]

# "" disallow arguments
mwlucas ALL=/opt/bin/program ""

Cmnd_Alias BACKUP = /sbin/dump,/sbin/restore,/usr/bin/mt
mwlucas ALL=BACKUP

User_Alias ADMIN_USERS = sysops,admin,sysadm

User_Alias TAPEMONKEYS_USERS = mwlucas, jeanmm
Host_Alias WWW = web1,web2,web3
TAPEMONKEYS_USERS WWW=BACKUP

Runas_Alias DB_RUNAS = oracle, pqsql, mysql
fred DB_HOSTS = (DB_RUNAS) ALL

DBA_USERS DB_HOSTS = (DB_RUNAS) ALL

mwlucas ALL = NOEXEC: ALL


Defaults!ALL NOEXEC
Cmnd_Alias MAYEXEC = /bin/newaliases, /sbin/fdisk
mwlucas ALL = ALL, EXEC: MAYEXEC

mwlucas ALL = sudoedit /etc/rc.conf

identifiant	ALL = (ALL) /chemin/complet/commande, NOPASSWD: /chemin/complet/autrecommande

Toutes les commandes situées à la droite du mot-clé NOPASSWD: peuvent être exécutées par l'utilisateur ou le groupe d'utilisateurs précisé en début d'instruction. Celles restées à sa gauche sont toujours soumises à l'authentification par mot de passe.

User_Alias USER_T_PLOP_ALL=user1
USER_T_PLOP_ALL= (jean) EXEC: NOPASSWD: ALL

#Runas_Alias=oracle, orainst, mysql, myinst

Checksum

Using openssl, to generate the checksum:

openssl dgst -sha224 /usr/local/sbin/mycommand

SHA224(/usr/local/sbin/mycommand)= 52246fd78f692554c9f6be9c8ea001c9131c3426c27c88dbbad08365

Then in your sudoers file (on the same line):

 www-data ALL=(ALL) NOPASSWD: 
    sha224:52246fd78f692554c9f6be9c8ea001c9131c3426c27c88dbbad08365
    /usr/local/sbin/mycommand

Exemple sudo

Get shell

sudo -u jean -i
sudo -u jean -s
sudo -u jean -s /bin/bash
sudo su - jean

PAM

Source : https://www.tecmint.com/switch-user-account-without-password/

Permette aux membres du groupe postgres d'impersonifier l'utilisateur postgres

/etc/pam.d/su

auth       [success=ignore default=1] pam_succeed_if.so user = postgres
auth       sufficient   pam_succeed_if.so use_uid user ingroup postgres

In the above configuration, the first line checks if the target user is postgres, if it is, the service checks the current user, otherwise, the default=1 line is skipped and the normal authentication steps are executed.

Équivalent à

%postgres ALL=NOPASSWD: /bin/su – postgres

Autres

Ausible - become

Voir :

Ansible sudo su become_method become_flags

$ ansible-doc -t become ansible.builtin.sudo
...
become_flags
default: -H -S -n
...

gosu, setpriv, su-exec, setuser (Python)

Voir :

Dans un container doit être appelé exec exec. Exemple :

exec gosu myAppUser /usr/local/bin/myApp --foo=bar

Exemples :

https://github.com/sudo-bmitch/jenkins-docker

gosu user-spec command [args]
gosu tianon bash
gosu nobody:root bash -c 'whoami && id'
gosu 1000:1 id

su-exec apache:1000 /usr/sbin/httpd -f /opt/www/httpd.conf

2025/03/24 15:06

brouillon, sudo

Notes stockage

SDS (Software-Defined Storage)
pNFS
NFSv4.1
Lustre
GlusterFS
Ceph
ZFS
DRBD
Tahoe LAFS
Btrfs
LVM

Voir :

les backends rclone
https://kubernetes-csi.github.io/docs/drivers.html
Docker volume storage
Longhorn / OpenEBS (Container Attached Storage CAS) / CubeFS
- https://www.tauceti.blog/posts/kubernetes-the-not-so-hard-way-with-ansible-persistent-storage-part-2/
Classement https://ossinsight.io/collections/distributed-file-storage/
Ksync (pour dev)

BTRFS
Red Hat will not be moving Btrfs to a fully supported feature. It was fully removed in Red Hat Enterprise Linux 8.
Voir Stratis

https://www.surf.nl/binaries/content/assets/surf/en/knowledgebase/2010/EDS-3R+open-storage-scouting-v1.0.pdf

ZFS

zpool list <plop>

NAS

TrueNAS (FreeNAS)
OpenMediaVault

2025/03/24 15:06

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : 2025/03/24 15:06 de 127.0.0.1