Monitoring a Linux Mail Server

Similar documents
NRPE Documentation CONTENTS. 1. Introduction... a) Purpose... b) Design Overview Example Uses... a) Direct Checks... b) Indirect Checks...

Nagios XI - NRPE Troubleshooting and Common Solutions

wget

Linux Networking: network services

Load Balancing/High Availability Configuration for neoninsight Server

Firewalling and Network Security I -Linux. Jeff Muday Academic Computing Specialist Wake Forest University

Configure a Mail Server

SSH, SCP, SFTP, Denyhosts. Süha TUNA Res. Assist.

Configuring MailArchiva with Insight Server

How To Run Nrpe On Nagios On Windows 7.5 (Windows) On A Linux Computer On A Windows 7 (Windows 7) On An Ubuntu Computer On An Ipad Or Ipad (Windows 8) On Your Pc

13. Configuring FTP Services in Knoppix

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Secure Shell Demon setup under Windows XP / Windows Server 2003

Syslog & xinetd. Stephen Pilon

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

Red Hat Linux Networking

Supermicro Server Monitoring with SuperDoctor 5 and Nagios Using SNMP Protocol. Version 1.1b

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Monitoring VoIP Systems. Sebastian Damm

What is included in the ATRC server support

Evaluation of standard monitoring tools(including log analysis) for control systems at Cern

How to Tunnel Remote Desktop using SSH (Cygwin) for Windows XP (SP2)

Monitoring Clearswift Gateways with SCOM

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0

NETWORK MONITOR. Some high-end network monitoring. Watching your systems with Nagios COVER STORY. What Is Nagios? Installing the Server and Plugins

Linux MDS Firewall Supplement

Linux Firewalls (Ubuntu IPTables) II

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with the Nagios Open Source Network Monitoring System

Hadoop Hands-On Exercises

Parallels Plesk Panel

Nagios Web Service Checker

File Transfer Examples. Running commands on other computers and transferring files between computers

An Introduction to Monitoring with Nagios

OS Installation: CentOS 5.8

Desktop : Ubuntu Desktop, Ubuntu Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu Server, Ubuntu Server, CentOS 5, CentOS 6

BF2CC Daemon Linux Installation Guide

Avast for linux technical documentation

Monitoring Software Services registered with science.canarie.ca

Alinto Mail Server Pro

Monitoring Windows Servers and Applications with GroundWork Monitor Enterprise 6.7. Product Application Guide October 8, 2012

Lab Objectives & Turn In

Parallels Plesk Control Panel

avast! for linux technical documentation

Laboration 3 - Administration

Secure File Transfer Installation. Sender Recipient Attached FIles Pages Date. Development Internal/External None 11 6/23/08

1 Accessing accounts on the Axxess Mail Server

Configuring Your Gateman Server

Web Hosting: Pipeline Program Technical Self Study Guide

Introduction to Operating Systems

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Pen Test Tips 2. Shell vs. Terminal

Introduction to system monitoring with Nagios, Check_MK and Open Monitoring Distribution (OMD)

Distributed Systems. Firewalls: Defending the Network. Paul Krzyzanowski

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

I N S T A L L A T I O N M A N U A L

Firewalls and System Protection

WHM Administrator s Guide

Secure Shell. The Protocol

F-Secure Internet Gatekeeper

Dragonframe License Manager User Guide Version 1.2.2

CycleServer Grid Engine Support Install Guide. version 1.25

Linux Server Configuration Guidelines

GWAVA 5. Migration Guide for Netware GWAVA 4 to Linux GWAVA 5

Cloud Control Panel (CCP) Installation Guide

Command lines displayed below are intended to be single line commands. Service Command Line Plugin Command Line Extended Info. Name=_Total!6000!

Using Network Attached Storage with Linux. by Andy Pepperdine

Getting an ipath server running on Linux

F-SECURE MESSAGING SECURITY GATEWAY

Single Node Hadoop Cluster Setup

Business Objects BI Server Installation Guide - Linux

While are you still in Nagios working directory, create a new file for DNS servers monitoring

How to protect your home/office network?

Network Security In Linux: Scanning and Hacking

Parallels Plesk Panel 11 for your Linux server

Security Correlation Server Quick Installation Guide

How to backup a remote MySQL server with ZRM over the Internet

Nagios. cooler than it looks. Wednesday, 31 October 2007

Simple. Control Panel. for your Linux Server. Getting Started Guide. Simple Control Panel // Linux Server

How to Set Up pgagent for Postgres Plus. A Postgres Evaluation Quick Tutorial From EnterpriseDB

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Railo Installation on CentOS Linux 6 Best Practices

INASP: Effective Network Management Workshops

Secure Network Filesystem (Secure NFS) By Travis Zigler

EVault Software. Course 361 Protecting Linux and UNIX with EVault

Installing IBM Websphere Application Server 7 and 8 on OS4 Enterprise Linux

Shellshock Security Patch for X86

Kerio Connect. Kerio 4D Migration. Kerio Technologies

Cannot send Autosupport , error message: Unknown User

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Deployment and Monitoring. Pascal Robert MacTI

INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER

STEP 4 : GETTING LIGHTTPD TO WORK ON YOUR SEAGATE GOFLEX SATELLITE

Linux Squid Proxy Server

Transcription:

Monitoring a Linux Mail Server Mike Weber mweber@spidertools.com]

Various Methods to Monitor Mail Server Public Ports SMTP on Port 25 POPS on Port 995 IMAPS on Port 993 SNMP Amavis on Port 10024 Reinjection Port on 10025 Spamassassin on Port 783 NRPE Virus Signatures Virus Activity Virus Numbers Perl Plugin Email Delivery Verify Read Email Headers Verify Read Headers and Content 2011 2

Various Methods to Monitor Mail Server SSH Amavis on Port 10024 Reinjection Port on 10025 Spamassassin on Port 783 Virus Signatures Virus Activity Virus Numbers Email Delivery Verify Read Email Headers Verify Read Headers and Content 2011 3

Monitor Public Mail Ports SMTP Port 25 Port Status Response Times Graph Response Times IMAPS Port 993 Port Status Response Times Graph Response Times POP3S Port 995 Port Status Response Times Graph Response Times 2011 4

Monitor Email Delivery 2011 5

Monitor Public Mail Ports Port Status Connection Time define service{ use generic service hostgroup_name debian servers service_description Postfix Port check_command check_tcp!25 w 03 c 05 }define service{ use generic service hostgroup_name debian servers service_description Secure IMAPS check_command check_tcp!993 w 03 c 06 } define service{ use generic service host_name db service_description POP3S Port 995 check_command check_tcp!995 w 03 c 06 } 2011 6

Monitor Public Mail Ports 2011 7

Monitoring Content Filter, Reinjection and Spamassassin with SNMP Content Filter Port 10024 Reinjection Port 10025 Spamassassin Port 783 2011 8

Monitoring Content Filter and Reinjection 2011 9

Creating Bash Scripts for SNMP Command Definition define command{ command_name command_line } check_amavis $USER1$/check_amavis Service Definition define service{ use host_name service_description check_command } generic service mail Amavis: Virus Protection check_amavis Script Using SNMP #!/bin/bash amavis=$(snmpnetstat v 2c 192.168.5.191 c public Ca grep 10024 wc l) if (($amavis >= 1 )) then echo "Amavis is Running" stateid=0 else echo "Danger: Amavis is NOT running, no virus protection" stateid=2 fi exit $stateid 2011 10

Creating Bash Scripts for SNMP snmpnetstat v 2c 192.168.5.45 c public Ca Active Internet (tcp) Connections (including servers) Proto Local Address Remote Address (state) tcp *.ssh *.* LISTEN tcp *.smtp *.* LISTEN tcp *.pop3 *.* LISTEN tcp *.sunrpc *.* LISTEN tcp *.imap *.* LISTEN tcp *.imaps *.* LISTEN tcp *.pop3s *.* LISTEN tcp *.5666 *.* LISTEN tcp *.38922 *.* LISTEN tcp localhost.ipp *.* LISTEN tcp localhost.783 *.* LISTEN tcp localhost.10025 *.* LISTEN tcp 192.168.5.45.smtp 192.168.5.4.37932 CLOSEWAIT tcp 192.168.5.45.smtp 192.168.5.4.39143 CLOSEWAIT tcp 192.168.5.45.smtp 192.168.5.4.44947 CLOSEWAIT tcp 192.168.5.45.smtp 192.168.5.4.46752 CLOSEWAIT tcp 192.168.5.45.smtp 192.168.5.4.50184 CLOSEWAIT tcp 192.168.5.45.smtp 192.168.5.4.55465 CLOSEWAIT tcp 192.168.5.45.smtp 192.168.5.4.55674 CLOSEWAIT tcp 192.168.5.45.smtp 192.168.5.4.59800 CLOSEWAIT tcp 192.168.5.45.34091 192.168.5.4.http TIMEWAIT tcp 192.168.5.45.34094 192.168.5.4.http TIMEWAIT tcp 192.168.5.45.34095 192.168.5.4.http TIMEWAIT tcp 192.168.5.45.34096 192.168.5.4.http TIMEWAIT tcp 192.168.5.45.34097 192.168.5.4.http TIMEWAIT tcp 192.168.5.45.34098 192.168.5.4.http TIMEWAIT tcp 192.168.5.45.53845 a69 192 195 51.d.httpsCLOSEWAIT 2011 11

Checking Amavis - SNMP Install Script Install any script you want to use in the /usr/local/nagios/libexec with the correct permissions Create Command Whenever you use your own script, you will need to create a command to access the script. Create Check Once the command has been created you will be able to use it for any hosts. 2011 12

Checking Amavis - SNMP 2011 13

Checking Spamassassin - SNMP Install Script Install any script you want to use in the /usr/local/nagios/libexec with the correct permissions Create Command Whenever you use your own script, you will need to create a command to access the script. Create Check Once the command has been created you will be able to use it for any hosts. 2011 14

Checking Spamassassin - SNMP 2011 15

Monitor Virus Activity with NRPE Virus Signatures Quarantine Status Number of Viruses Captured 2011 16

Checking Virus Signatures NRPE Daemon You will need to install xinetd and make sure you have a file in /etc/xinetd.d called nrpe on the client and it looks like this: # default: off # description: NRPE (Nagios Remote Plugin Executor) service nrpe { } flags = REUSE type = UNLISTED port = 5666 socket_type = stream wait = no user = nagios group = nagios server = /usr/sbin/nrpe server_args = c /usr/local/nagios/etc/nrpe.cfg inetd log_on_failure += USERID disable = no only_from = 127.0.0.1 192.168.5.50 2011 17

Checking Virus Signatures - NRPE define command{ command_name command_line } check_nrpe $USER1$/check_nrpe H $HOSTADDRESS$ c $ARG1$ define service{ use host_name service_description check_command } generic service mail Virus Signatures check_nrpe!check_signatures command[check_signatures]=/usr/local/nagios/libexec/check_signatures Bash shell script #!/bin/bash dbase=$(tail 300 /var/log/clamav/clamd.log grep "Database correctly reloaded" wc l) sigs=$(tail 300 /var/log/clamav/clamd.log grep "Database correctly reloaded" awk F\( '{print $2}' tail 1) dbdate=$(tail 300 /var/log/clamav/clamd.log grep "Database correctly reloaded" awk F' ' '{print $1,$2,$3}' tail 1) if [ "$dbase" eq 0 ] then echo "Virus Signatures Out of Date" stateid=2 else echo "Virus Database Updated $dbdate with ($sigs" stateid=0 fi exit $stateid 2011 18

Checking Virus Signatures - NRPE 2011 19

Checking Virus Activity - NRPE Command Definition define command{ command_name check_nrpe command_line $USER1$/check_nrpe H $HOSTADDRESS$ c $ARG1$ } Service Definition define service{ use host_name service_description check_command } generic service mail Quarantine Status check_nrpe!check_virus_activity NRPE Command command[check_virus_activity]=/usr/local/nagios/libexec/check_virus_activity Bash Shell Script #!/bin/bash vmail=$(ls /var/virusmails grep virus wc -l) echo "Virus Activity $vmail" exit 1 2011 20

Checking Quarantine - NRPE Command Definition define command{ command_name check_nrpe command_line $USER1$/check_nrpe H $HOSTADDRESS$ c $ARG1$ } Service Definition define service{ use host_name service_description check_command } generic service mail Quarantine Status check_nrpe!check_virusmail NRPE Command command[check_virusmail]=/usr/local/nagios/libexec/check_virusmail Bash Shell Script #!/bin/bash vmail=$(ls /var/virusmails grep virus wc l) vmail_date=$(ls l /var/virusmails grep virus awk F' ' '{print $6,$7,$8}' tail 1) if [ "$vmail" eq 0 ] then echo "No Viruses in Quarantine" stateid=0 else echo "Viruses Detected!!! Last Virus Captured $vmail_date" stateid=1 fi exit $stateid 2011 21

Monitor Email Delivery Perl Plugin Delivery Confirmation to INBOX Verify that mail was is deliverable. Delivery Confirmation: Read Header Read mail header to verify delivery. Delivery Confirmation: Read Header/Content Read header and content to verify readability. 2011 22

Checking Mail Delivery 2011 23

Checking Email Delivery Create Command Whenever you use your own script, you will need to create a command to access the script. Create Check This example hard codes the check until you know it works, then add arguments. 2011 24

Monitor with SSH Proxy: Secure Communication Amavis -SNMP Reinjection Port -SNMP Spamassassin - SNMP Virus Signatures Quarantine Status Number of Viruses Captured 2011 25

SSH Proxy This wizard monitors the remote host using SSH to execute the plugins and scripts. Download and install the SSH Proxy wizard. Once it is installed select the wizard from the list. 2011 26

SSH Proxy In Step 2 you will need to add an IP Address or fully qualified domain name. You will also need to select the operating system of the machine you will connect up to using SSH. 2011 27

SSH Proxy In Step 2 you will need to add an IP Address or fully qualified domain name. You will also need to select the operating system of the machine you will connect up to using SSH. 2011 28

SSH Proxy 2011 29

SSH Proxy -C "/usr/local/nagios/libexec/check_amavis" 2011 30

SSH Proxy Creating Keys The key to getting the whole thing to work is setting up the passwordless login ability of the nagios user. On the XI box login as the nagios user: su nagios cd /home/nagios ssh keygen Use ENTER to select all options as you want to take default locations and you want a password that is empty(be sure to set up the security requirements listed below). On the host to be monitored follow the same steps. Then on the XI server, log in as nagios and go to the ssh directory. su nagios cd /home/nagios/sssh cp id_rsa.pub nagios_key scp nagios_key nagios@remote_client:/home/nagios/.ssh/nagios_key You copy the public key to a different name, otherwise you will wipe out the public key on the remote client. Now log into the remote client as nagios and move to the /home/nagios/.ssh directory. Execute these commands: cat nagios_key > authorized_keys chmod 600 authorized_keys ls l rw 1 nagios nagios 394 Sep 14 16:24 authorized_keys rw 1 nagios nagios 1671 Sep 14 16:18 id_rsa rw r r 1 nagios nagios 418 Sep 14 16:18 id_rsa.pub You should now be able to log in to the remote host from Nagios XI without a password. 2011 31

SSH Proxy Security If you are using the nagios login without a password and with an empty key phrase, it is important that you set a firewall rule to only allow connections using SSH from trusted hosts. Here is an iptables rule (on a CentOS box) which uses one rule to allow the Nagios XI to use several different ports. Notice the rule order is used with this rule being 7 so that you can block all access after this rule. Firewall iptables I RH Firewall 1 INPUT 7 p tcp m state state NEW m multiport s 192.168.1.1 dports 110,995,993,9202,22 j ACCEPT In addition set your tcp_wrappers file in /etc/hosts.allow so that only trusted hosts can get access to the server using SSH. Be sure to edit this file carefully so you do not lock yourself out. You will also need to edit /etc/hosts.deny to deny everything you do not allow. # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: 127.0.0.1 SSHD: 192.168.1.1 SMTP: ALL POP3: ALL IMAPS: ALL # hosts.deny ALL: ALL 2011 32

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information