|Version 13 (modified by san, 3 years ago) (diff)|
Feel free to add your own real-world configurations and such here.
For instance if you have a check to see if a specific application is working, let others know how you did it...
Automatic Push Scripts
I'm running a smallish enviroment where I have deployed NSClient to roughly 40 servers. I've found that pushing changes to all the servers is very very painful. To resolve this I've created a couple of cmd files which automate this process. In our enviroment this process is scheduled to run at 1am.
Additional logic could be added to this system so that NSClient is only reinstalled when changes to source files are detected.
Note: This solution opens several vulenerabilites and should only be employed on trusted networks. Use at your own risk.
- On your file server create a share called \Daily_Install
Child folder setup:
\Daily_Install \Daily_Install\NSClient_Latest \Daily_Install\NSClient_Latest\Modules
- Create a dedicated user who only has access to this location via the share, and folders security permissions
- Create and install the scripts below
Create this script and have it scheduled to run at a particular time. Use a system account which is limited to access the source files... this should reduce the hack-ability.
You'll need to assign a specific user and password to run this script.
@echo off echo map drive net use i: \\fileserver\Daily_Install /persistent:no I: echo. echo Install NSClient++ call "i:\NSClient_Latest\Install_NSClient.cmd" c: echo. echo Unmap drive net use i: /DELETE
Create this script and place into \NSClient_Latest
@echo off cd \NSClient_Latest if not exist %WINDIR%\system32\NSClient_Latest\NSClient++.exe goto skip01 echo removing old version %WINDIR%\system32\NSClient_Latest\NSClient++ /uninstall rmdir /s /q %WINDIR%\system32\NSClient_Latest :skip01 echo. echo installing latest version mkdir %WINDIR%\system32\NSClient_Latest %WINDIR%\system32\NSClient_Latest\modules copy "*" "%WINDIR%\system32\NSClient_Latest" copy "modules" "%WINDIR%\system32\NSClient_Latest\modules" if exist %COMPUTERNAME%.ini copy "%COMPUTERNAME%.ini" "%WINDIR%\system32\NSClient_Latest\NSC.ini" %WINDIR%\system32\NSClient_Latest\NSClient++ /install %WINDIR%\system32\NSClient_Latest\NSClient++ /start cd \
Computer Specific INI Files
If you want to setup a special INI file for a computer, then copy the NSC.ini and call it <machine name>.ini, then include this file in the \Daily_Install\NSClient_Latest dir.
The install script will apply this special INI file to the specific machine at run-time.
Pushing WMI information via client VBS script
Objective: Push WMI information from client to NAGIOS server (nsca running on NAGIOS server).
Thought as a workaround for http://nsclient.org/nscp/ticket/197 - obviously this can be expanded.
- Changes to NSC.ini on client
- VBS script on client
- NSCA server on receiving NAGIOS server
Create this script and place into "PATHTONSCA++\scripts" on the client. Please excuse the horrible code.
Const wbemFlagReturnImmediately = &h10 Const wbemFlagForwardOnly = &h20 strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\SecurityCenter") Set colItems = objWMIService.ExecQuery("SELECT * FROM antivirusProduct", "WQL", _ wbemFlagReturnImmediately + wbemFlagForwardOnly) For Each objItem In colItems If objItem.OnAccessScanningEnabled = True Then myOnAccessScanningEnabled = "true" myMsg = 1 End If If objItem.productUptoDate = True Then myProductUptoDate = "true" myMsg = myMsg+1 End If Next If myOnAccessScanningEnabled = "true" AND myProductUptoDate = "true" Then myExit = 0 WScript.Echo "OK: OnAccessScanningEnabled - "& myOnAccessScanningEnabled &", productUptoDate - "& myProductUptoDate ElseIf myOnAccessScanningEnabled = "" OR myProductUptoDate = "" Then WScript.Echo "WARNING: OnAccessScanningEnabled - "& myOnAccessScanningEnabled & _ ", productUptoDate - "& myProductUptoDate myExit = 1 'WARNING Else WScript.Echo "ERROR: OnAccessScanningEnabled - "& myOnAccessScanningEnabled & _ ", productUptoDate - "& myProductUptoDate myExit = 2 'ERROR End If wscript.quit(myExit)
[modules] CheckExternalScripts.dll ... [External Scripts] allow_nasty_meta_chars=1 script_win-antivirus = c:\WINDOWS\SYSTEM32\cscript.exe //T:10 //NoLogo scripts\nagios_vbs-antivirusuptodate2.vbs ... [NSCA Commands] check_win-antivirus = script_win-antivirus ShowAll ...