Extremely Serious

Category: Tinker Board

Compiling NRPE 4 Plugin to Tinkerboard

Installing NRPE

  1. Refresh the repository:
    sudo apt-get update
  2. Install the dependencies:
    sudo apt-get install libssl-dev -y
  3. Change the directory to your home directory:
    cd ~
  4. Download the nrpe 4 source codes:
    wget https://github.com/NagiosEnterprises/nrpe/releases/download/nrpe-4.0.3/nrpe-4.0.3.tar.gz
  5. Extract the downloaded source codes:
    tar xvf nrpe-4.0.3.tar.gz
  6. Change to the directory of the newly extracted source codes:
    cd nrpe-4.0.3
  7. Run the configure script:
    ./configure
  8. Compile the check_nrpe plugin only:
    sudo make check_nrpe
  9. Install the newly compiled plugin:
    sudo make install-plugin
  10. Update the file /usr/local/nagios/etc/objects/commands.cfg to add the following entry:
    define command {
    	command_name    check_nrpe
    	command_line    /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -t 30 -c $ARG1$ $ARG2$
    }

Testing The Plugin

Using the command check_nrpe we can check the load on the host 10.0.0.202 (i.e. NRPE daemon must be configured and listening on port 5666) using the following command:

/usr/local/nagios/libexec/check_nrpe -H 10.0.0.202 -c check_load

Expect to see the output of the check_load plugin executed on the host 10.0.0.202

Configuring Nagios 4 to Tinkerboard

Installing Nagios

  1. Update the system:
    sudo apt-get update && sudo apt-get upgrade
  2. Install the dependencies:
    sudo apt-get install autoconf gcc libc6 make wget unzip apache2 php libapache2-mod-php libgd-dev libsasl2-modules mailutils -y
  3. Change the directory to your home directory:
    cd ~
  4. Download the nagios 4 source codes:
    wget https://assets.nagios.com/downloads/nagioscore/releases/nagios-4.4.6.tar.gz
  5. Extract the downloaded source codes:
    tar xzf nagios-4.4.6.tar.gz
  6. Change to the directory of the newly extracted source codes:
    cd nagios-4.4.6
  7. Run the configure script with integration to apache2:
    ./configure --with-httpd-conf=/etc/apache2/sites-enabled
  8. Compile the source:
    sudo make all
  9. Install the nagios user and group:
    sudo make install-groups-users
  10. Make nagios user a member of the www-data group:
    sudo usermod -aG nagios www-data
  11. Install nagios.
    sudo make install
  12. Install the init script:
    sudo make install-init
  13. Initialize the init script:
    sudo make install-daemoninit
  14. Install and configures permissions on the directory for holding the external command:
    sudo make install-commandmode
  15. Install the sample config files on the /usr/local/nagios/etc directory:
    sudo make install-config
  16. Install the nagios config file to apache2:
    sudo make install-webconf
  17. Update the SUID of the ping command:
    sudo chmod 4755 /bin/ping

Installing the Nagios Plugins

  1. Run the following command:
    sudo apt install nagios-plugins
  2. Update the $USER1$ property in the /usr/local/nagios/etc/resource.cfg file to have /usr/lib/nagios/plugins like as follows:
    $USER1$=/usr/lib/nagios/plugins

Configuring Apache2 Web Server

  1. Enable the rewrite module:
    sudo a2enmod rewrite
  2. Enable the CGI module:
    sudo a2enmod cgi
  3. Create nagiosadmin as a nagios web user:
    sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

    Assign a strong password

  4. Restart the apache2 service:
    sudo systemctl restart apache2

Related Post
Configuring NRPE 4 Daemon and Plugin to Ubuntu 20.04
Compiling NRPE 4 Plugin to Tinkerboard

Securing Tinker Board SSH

  1. Require the sudoer to prompt for a password by updating the /etc/sudoers file with the following:
    Look for the following:

    %sudo ALL=(ALL) NOPASSWD: ALL

    And update to become the following:

    %sudo ALL=(ALL) ALL
  2. Update the /etc/ssh/sshd_config file to have the following added:
    PermitRootLogin no
  3. Install fail2ban using the following command:
    sudo apt-get install fail2ban
  4. Create the file /etc/fail2ban/jail.d/jail.ssh file to have the following:
    [ssh]
     enabled = true
     port = ssh
     filter = sshd
     logpath = /var/log/auth.log
     maxretry = 6
     bantime = -1
     banaction = iptables-allports
  5. Restart the service using the following command:
    sudo systemctl restart fail2ban

See Unbanning an IP

Configure Tinker Board with Static IP

    1. Using terminal go to /etc/network/interfaces.d directory.
    2. Create a file (e.g. ipv4) with the following content for IPv4:
      auto eth0
       iface eth0 inet static
       address <desired IP address for eth0>
       netmask <valid netmask>
       gateway <gateway address>
       #The following dns-nameservers field is optional
       #dns-nameservers <dns addresses delimited by space>
      
      auto wlan0
       iface wlan0 inet static
       address <desired IP address for wlan0>
       netmask <valid netmask>
       gateway <gateway address>
       #The following dns-nameservers field is optional
       #dns-nameservers <dns addresses delimited by space>

      Example

      auto eth0
       iface eth0 inet static
       address 192.168.0.100
       netmask 255.255.255.0
       gateway 192.168.0.1
       dns-nameservers 8.8.8.8 8.8.4.4
      
      auto wlan0
       iface wlan0 inet static
       address 192.168.0.101
       netmask 255.255.255.0
       gateway 192.168.0.1
    3. Disable the DHCPCD service using the following command:
      sudo systemctl disable dhcpcd.service
    4. Attach a LAN cable to your tinker board and run the following command:
      sudo systemctl restart networking

      Check your IP using the following command:

      ip addr show

      You might also want to disable the network manager using the following command if you don't need a desktop UI:

      sudo systemctl disable NetworkManager