Archive for the ‘Icinga’ tag
Icinga/Nagios check for Sophos antivirus signature freshness
I’ve been running Amavisd-new with scanner components like ClamAV and SpamAssassin on the mail relay for my personal mail for several years. Lately I’ve been thinking that since Amavis supports multiple content scanners I should add another antivirus product. Unfortunately there’s a limited number of free (for home/individual use) antivirus products running on Linux, and quite a few of them are not being maintained, but I found a very promising candidate from Sophos.
Adding Sophos antivirus for Linux to Amavisd-new wasn’t all that difficult (and is covered by other articles elsewhere), but one thing was missing to complete the picture: An automated method for checking whether Sophos is running with updated antivirus signature files. I was hoping to find or write something that could be used with Icinga (or Nagios).
Conveniently, Sophos provides an XML URL containing the file name and md5sum of the latest signature file. Below is the status file at the time of writing:
<?xml version="1.0" encoding="utf-8"?> <latest><ide> <name>vawtr-ig.ide</name> <md5>f6f7cda04be9192f23972a2735fbfaca</md5> <size>21584</size> <timestamp>2017-01-18T14:11:00</timestamp> <published>2017-01-18T17:11:27</published> </ide></latest>
Having found the status file, writing a short script didn’t take long. I’m using xmlstarlet for better readability. The script is stored as /usr/local/bin/check_sophos.
#!/bin/bash
SOPHOSDIR=/opt/sophos-av/lib/sav
/usr/bin/GET https://downloads.sophos.com/downloads/info/latest_IDE.xml | \
/usr/bin/xmlstarlet fo | \
/usr/bin/awk -F \(\<\|\>\) '{print $2" "$3}' | \
while read attribute value; do
if [ "$attribute" = "name" ]; then
FILE="$value"
elif [ "$attribute" = "md5" ]; then
MD5SUM="$value"
fi
if [ "x$FILE" != "x" -a "y$MD5SUM" != "y" ]; then
if [ ! -e "${SOPHOSDIR}/${FILE}" ]; then
echo "WARNING: Sophos has not yet downloaded its latest signature file."
exit 1
fi
CHECKSUM=$(/usr/bin/md5sum "${SOPHOSDIR}/${FILE}" | /usr/bin/awk '{ print $1 }')
if [ "$CHECKSUM" = "$MD5SUM" ]; then
echo "OK: Newest signature file ${FILE} has the correct checksum ($MD5SUM)"
exit 0
else
echo "WARNING: ${FILE} seems to be outdated."
exit 1
fi
# Cleanup
FILE=""; MD5SUM="";
fi
done
As those fluent in shell scripting will easily see, the script reads the XML status URL and extracts the file name and md5sum of the most recent antivirus signature file. Then the script checks for the file’s existence, and triggers a warning if the file isn’t there. If the file is present, its md5sum is compared to what should be expected from the XML status URL.
After testing the script I added it to Icinga via NRPE, so now I’ll be getting a notice if something’s wrong with Sophos’ antivirus update.
Raspberry Pi controlled mousetrap
Having had a few spare moments this holiday, I’ve been contemplating how to monitor a mousetrap or two in the attic. By doing that I wouldn’t have to go up to the cold attic in vain, but empty and reset the mousetraps only when needed. It occurred to me that since I’ve already got a Raspberry Pi in the attic for other purposes, why not check the mousetrap from that device? And so, from the combination of an almost justifiable purpose, the testing of the RPi’s GPIO capabilities, and the “this could be fun” factor, a small evening project was born.
The micro switch is positioned so that the trap arm pushes the button when set.
I’ve got a few mousetraps from Clas Ohlson that turned out to be the perfect starting point for my project. Locating a small micro switch, I fastened it to the mousetrap’s side with both glue and screws (glue alone might not be sufficient when the trap springs, and/or if it should bounce into something hard). I mounted the switch in a position so that when the mousetrap is in the loaded position, the micro switch button is pressed; when the mousetrap has sprung the button is released.
Following instructions from eLinux, getting the soldering job done was very easy. I connected the mousetrap to a soldering board with the recommended resistor setup, and connectors for the RPi was soldered onto the board as well. After some basic testing with a Python script, the mousetrap was production ready.
The LED connectors from an old computer chassis never knew they would be recycled for pest control purposes.
I first considered the idea of configuring the mousetrap alarm as a passive Icinga check, but I opted for an active check through the NRPE server instead. This is the Python code that tests the GPIO status, running on the attic RPi:
#!/usr/bin/env python import sys import RPi.GPIO as GPIO # tell the GPIO module that we want to use the # chip's pin numbering scheme GPIO.setmode (GPIO.BCM) # setup pin 24 for input GPIO.setup (24,GPIO.IN) myexit = 0 if GPIO.input (24): print "OK: Trap is set" else: print "CRITICAL: Mouse in trap!" myexit = 2 GPIO.cleanup () sys.exit (myexit)
Then the NRPE configuration, for which the /etc/sudoers file was modified to allow the "nagios" user to run the script with sudo permissions:
command[check_mousetrap]=sudo /usr/local/bin/mousetrap.py
Icinga is ready, willing and able.
Finally, on the Icinga2 server, the configuration for the active check of the mousetrap's state. Icinga can be configured to handle an alarm any way you want. Given the non-urgency of emptying a mousetrap, an email alert (my default) was considered sufficient.
object Service "check_mousetrap" {
import "generic-service"
display_name = "Mousetrap"
host_name = "attic_pi"
check_command = "nrpe"
vars.nrpe_command = "check_mousetrap"
}
With proper monitoring configured, now I just have to wait for the first unlucky tester to come along...
The trap is set, rigged with cheese under the yellow lid.