TracNav

  1. Real World Configurations
  2. Automatic Push Scripts
    1. Setup
    2. Daily Install
    3. Install_NSClient.cmd
      1. Computer Specific INI Files
  3. Pushing WMI information via client VBS script
    1. 1. Create the client side script (nagios_vbs-antivirusuptodate2.vbs)
    2. 2. Modify NSC.ini
      1. 3. Modify Nagios configuration (windows-clients.cfg)
    3. 4. Install NSCA on the NAGIOS server

Real World Configurations

Feel free to add your own real-world configurations and such here.

For instance if you have a check to see if a specific application is working, let others know how you did it...

Automatic Push Scripts

From
?
Date
?
Objective
Pushing changes automatically to all servers running NSClient++. This can be scheduled to run at a specific time each day. Additional logic could be added to this system so that NSClient is only reinstalled when changes to source files are detected.
Warnings
This solution opens several vulnerabilities and should only be employed on trusted networks. Use at your own risk.
Requires
TODO

Setup

  • On your file server create a share called \Daily_Install

Child folder setup: 

\Daily_Install
\Daily_Install\NSClient_Latest
\Daily_Install\NSClient_Latest\Modules
  • Create a dedicated user who only has access to this location via the share, and folders security permissions
  • Create and install the scripts below

Daily Install

Create this script and have it scheduled to run at a particular time. Use a system account which is limited to access the source files... this should reduce the hack-ability.

You'll need to assign a specific user and password to run this script. 

 @echo off
 echo map drive
 net use i: \\fileserver\Daily_Install /persistent:no
 I:
 echo.
 echo Install NSClient++
 call "i:\NSClient_Latest\Install_NSClient.cmd"
 c:
 echo.
 echo Unmap drive
 net use i: /DELETE

Install_NSClient.cmd

Create this script and place into \NSClient_Latest 

 @echo off
 cd \NSClient_Latest
 if not exist %WINDIR%\system32\NSClient_Latest\NSClient++.exe goto skip01
 echo removing old version
 %WINDIR%\system32\NSClient_Latest\NSClient++ /uninstall
 rmdir /s /q %WINDIR%\system32\NSClient_Latest
 :skip01
 echo.
 echo installing latest version
 mkdir %WINDIR%\system32\NSClient_Latest
 %WINDIR%\system32\NSClient_Latest\modules
 copy "*" "%WINDIR%\system32\NSClient_Latest"
 copy "modules" "%WINDIR%\system32\NSClient_Latest\modules"
 if exist %COMPUTERNAME%.ini copy "%COMPUTERNAME%.ini" "%WINDIR%\system32\NSClient_Latest\NSC.ini"
 %WINDIR%\system32\NSClient_Latest\NSClient++ /install
 %WINDIR%\system32\NSClient_Latest\NSClient++ /start
 cd \

Computer Specific INI Files

If you want to setup a special INI file for a computer, then copy the NSC.ini and call it <machine name>.ini, then include this file in the \Daily_Install\NSClient_Latest dir.

The install script will apply this special INI file to the specific machine at run-time.

Pushing WMI information via client VBS script

From
san
Date
2010-03-10
Objective
Push WMI information from client to NAGIOS server (nsca running on NAGIOS server). The push is required as the Windows client is not always connected/up. Thought as a workaround for WMI/namespace problem (#197) - obviously, this can be expanded to suit your demands.
Warnings
N/A
Requires
  1. VBS script on client
  2. Changes to NSC.ini on client
  3. Changes to NAGIOS server
  4. NSCA server on receiving NAGIOS server

1. Create the client side script (nagios_vbs-antivirusuptodate2.vbs)

Create this script and place into "PATHTONSCA++\scripts" on the client. 

Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
strComputer = "."

' Build and execute WMI query
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\SecurityCenter")
Set colItems = objWMIService.ExecQuery("SELECT * FROM antivirusProduct", "WQL", _
    wbemFlagReturnImmediately + wbemFlagForwardOnly)

' Check single items from query
For Each objItem In colItems
	If objItem.OnAccessScanningEnabled = True Then myOnAccessScanningEnabled = "true"
	If objItem.productUptoDate = True Then myProductUpToDate = "true"
Next 

If myOnAccessScanningEnabled = "true" AND myProductUptoDate = "true" Then
	WScript.Echo "OK: OnAccessScanningEnabled - "& myOnAccessScanningEnabled &", ProductUptoDate - "& myProductUptoDate
	myExit = 0 'OK
ElseIf myOnAccessScanningEnabled = "" OR myProductUptoDate = "" Then
	WScript.Echo "WARNING: OnAccessScanningEnabled - "& myOnAccessScanningEnabled  & _
		", ProductUptoDate - "& myProductUptoDate
	myExit = 1 'WARNING
Else 
	WScript.Echo "ERROR: OnAccessScanningEnabled - "& myOnAccessScanningEnabled  & _
		", productUptoDate - "& myProductUptoDate
	myExit = 2 'ERROR
End If
wscript.quit(myExit)

2. Modify NSC.ini

Add the following to their respective sections on your Windows client. 

[modules]
CheckExternalScripts.dll
...
[External Scripts]
allow_nasty_meta_chars=1
script_win-antivirus = c:\WINDOWS\SYSTEM32\cscript.exe //T:10 //NoLogo scripts\nagios_vbs-antivirusuptodate2.vbs
...
[NSCA Commands]
check_win-antivirus = script_win-antivirus ShowAll
...

Don't forget to restart NSClient++ after you make changes.

3. Modify Nagios configuration (windows-clients.cfg)

On the NAGIOS server, e.g. in /etc/nagios3/conf.d/. 

...
define service{
        use generic-service
        host_name WINDOWSCLIENTHOSTNAMEHERE
        service_description check_win-antivirus
        passive_checks_enabled 1
        active_checks_enabled 0
        check_freshness 0
        freshness_threshold 0
        check_command check_dummy
}
...

4. Install NSCA on the NAGIOS server

E.g. for installation on/in Debian. 

$> apt-get update && apt-get install nsca