monitoring-plugins/monitoring-plugins-README.SUSE-check_dhcp

README.SUSE for monitoring-plugins-dhcp

== check_dhcp and SuSEfirewall ==

If you run the check_dhcp script on the server, please make sure your UDP ports
67 and 68 on the _client_ are opened in the firewall. You also need to allow
to receive broadcasts for this interface. Otherwise  the script will be unable
to detect anything.

Example:
If your client uses the "external" interface for the check, the entries in
/etc/sysconfig/SuSEfirewall2 should look like:

FW_SERVICES_EXT_UDP="67 68"
FW_ALLOW_FW_BROADCAST_EXT="67 68"

== Special privileges ==

To be "safe per default", SUSE doesn't install this plugin with the
suid bit set. There are two recommended ways about overriding this on
your system:

=== Set the suid bit ===

Copy the prepared permissions file from this directory to the right place 
in your file system:

~ # cp /usr/share/doc/packages/monitoring-plugins-common/example/permissions.d/monitoring-plugins \
    /etc/permissions.d/monitoring-plugins

...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs
(see comments in the file) and run:

~ # SuSEconfig --module permissions

or (on newer openSUSE distributions without SuSEconfig):
~ # chkstat --system --set

This will set the correct permissions (from now on also during an update).

=== Alternative: Use sudo to grant the permission and modify your plugin config ===

This way you just need an entry like:

   nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_dhcp

in ''/etc/sudoers'' and an adapted command definition like the following:

   define command{
        command_name    check_dhcp
        command_line    /usr/bin/sudo $USER1$/check_dhcp <other_options_here>
   }

== Apparmor profile ==

Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_dhcp if you are using
the --extra-opts option. The Apparmor profile allows to open every file below
the /etc/monitoring-plugins/ directory read only for this. All files in other
directories are not allowed.
- adapted README files and package documentation - provide /etc/monitoring-plugins/ directory (incl. README) as mentioned in the latest documentation OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=6 2014-07-16 16:05:40 +02:00			`README.SUSE for monitoring-plugins-dhcp`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00
			`== check_dhcp and SuSEfirewall ==`

			`If you run the check_dhcp script on the server, please make sure your UDP ports`
			`67 and 68 on the _client_ are opened in the firewall. You also need to allow`
- adapted README files and package documentation - provide /etc/monitoring-plugins/ directory (incl. README) as mentioned in the latest documentation OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=6 2014-07-16 16:05:40 +02:00			`to receive broadcasts for this interface. Otherwise the script will be unable`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00			`to detect anything.`

- adapted README files and package documentation - provide /etc/monitoring-plugins/ directory (incl. README) as mentioned in the latest documentation OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=6 2014-07-16 16:05:40 +02:00			`Example:`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00			`If your client uses the "external" interface for the check, the entries in`
			`/etc/sysconfig/SuSEfirewall2 should look like:`

			`FW_SERVICES_EXT_UDP="67 68"`
			`FW_ALLOW_FW_BROADCAST_EXT="67 68"`

			`== Special privileges ==`

			`To be "safe per default", SUSE doesn't install this plugin with the`
			`suid bit set. There are two recommended ways about overriding this on`
			`your system:`

			`=== Set the suid bit ===`

			`Copy the prepared permissions file from this directory to the right place`
			`in your file system:`

- adapted README files and package documentation - provide /etc/monitoring-plugins/ directory (incl. README) as mentioned in the latest documentation OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=6 2014-07-16 16:05:40 +02:00			`~ # cp /usr/share/doc/packages/monitoring-plugins-common/example/permissions.d/monitoring-plugins \`
			`/etc/permissions.d/monitoring-plugins`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00
- adapted README files and package documentation - provide /etc/monitoring-plugins/ directory (incl. README) as mentioned in the latest documentation OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=6 2014-07-16 16:05:40 +02:00			`...afterwards adapt the file /etc/permissions.d/monitoring-plugins to your needs`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00			`(see comments in the file) and run:`

			`~ # SuSEconfig --module permissions`

			`or (on newer openSUSE distributions without SuSEconfig):`
			`~ # chkstat --system --set`

			`This will set the correct permissions (from now on also during an update).`

			`=== Alternative: Use sudo to grant the permission and modify your plugin config ===`

- adapted README files and package documentation - provide /etc/monitoring-plugins/ directory (incl. README) as mentioned in the latest documentation OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=6 2014-07-16 16:05:40 +02:00			`This way you just need an entry like:`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00
			`nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_dhcp`

			`in ''/etc/sudoers'' and an adapted command definition like the following:`

			`define command{`
			`command_name check_dhcp`
			`command_line /usr/bin/sudo $USER1$/check_dhcp <other_options_here>`
			`}`

- allow plugins to open files in /etc/monitoring-plugins/ (Apparmor profiles in /etc/apparmor.d/) - add README files for check_ping and check_ntp_time - enhance all README files with Apparmor information - whitespace and some spelling fixes on check_cups - added debug option to check_cups OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=7 2014-07-22 16:20:27 +02:00			`== Apparmor profile ==`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00
- allow plugins to open files in /etc/monitoring-plugins/ (Apparmor profiles in /etc/apparmor.d/) - add README files for check_ping and check_ntp_time - enhance all README files with Apparmor information - whitespace and some spelling fixes on check_cups - added debug option to check_cups OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=7 2014-07-22 16:20:27 +02:00			`Please check /etc/apparmor.d/usr.lib.nagios.plugins.check_dhcp if you are using`
			`the --extra-opts option. The Apparmor profile allows to open every file below`
			`the /etc/monitoring-plugins/ directory read only for this. All files in other`
			`directories are not allowed.`
remove link to broken package OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=4 2014-07-15 16:54:25 +02:00