The Author – Bart Busschots
Creative Commons
Unless otherwise stated, the content on this site is licensed under Creative Commons Attribution, Noncommercial, No Derivative Works 3.0 License
Nov
24
Nagios DHCP Checking on RHEL4
Filed Under Computers & Tech, System Administration on November 24, 2006 at 8:55 pm
One of my current projects in work is to set up a Nagios install to monitor our network. We have been monitoring with the free version of BigBrother for a while now but BB isn’t as good so we’re switching to Nagios. I had plenty of problems getting Nagios running on RHEL 4 because in work we try to do as much as possible using only RPMs. I’m working on simple how-to for setting up Nagios on RHEL4 which I’ll publish here soon but the base install does not give you DHCP monitoring. I tried to look for RHEL rpms that provide check_dhcp but I couldn’t find any. There were lots for Fedora but they don’t work on RHEL (I tried FC4 and 5 rpms). I tried to manually build the latest version of the Nagios plugins which do contain a check_dhcp binary but there is a problem with that binary that results in it always showing your DHCP server as down. I know the problem is with the binary because if I watch the logs on the DHCP server I see it issuing an offer and tcpdump on my Nagios server shows the offer arriving, yet the plugin still insists that the service is down. The solution is to use this Perl script. However, if you follow the instructions on that page it won’t work on RHEL. I spent an entire day beating this script into submission but in the end I got it working.
[tags]Nagios, RedHat Enterprise Linux, RHEL, RHEL4, DHCP[/tags]
The first thing to do is to download the script and copy it to /usr/lib/nagios/plugins. There’s no point in following the instructions on the site for setting the permissions on the script. It will not work right even if you use setuid like the instructions say. Instead, set its permissions to be the same as everything else in there, owned by root:root with permissions 755. The chances are you won’t have all the Perl libraries that this script needs but they are all in CPAN so they are easy to install. To ensure you have everything you should run the script as root in the following way (replace HOST with the IP of your DHCP server and INT with the interface to use e.g. eth0):
/usr/lib/nagios/plugins/check_dhcp.pl -H HOST -i INT
Once you have the script working in this way you are ready to move on to the next step. In order to get around the problems with running the script with setuid we have to take two steps, firstly we have to create a wrapper script, and secondly we have to make a very restricted entry in the sudoers file.
To create the wrapper script save the code below in a file called /usr/lib/nagios/plugins/check_dhcp.sh and make sure it is owned by root:root and has permissions 755.
#!/bin/bash /usr/bin/sudo /usr/lib/nagios/plugins/check_dhcp.pl -H $1 -i eth0
Note: I’ve hard-coded in the interface I want the script to use to contact the DHCP server, you may wish to edit the script so it takes two arguments and allows you to specify and interface each time you call the script.
Next you need to make the following entry in /etc/sudoers to allow the nagios user to call ONLY the Perl script as root without a password:
nagios ALL=NOPASSWD: /usr/lib/nagios/plugins/check_dhcp.pl *
Once that is done you need to set up a command in your nagios config to use the wrapped plugin as follows:
define command{
command_name check_dhcp
command_line /usr/lib/nagios/plugins/check_dhcp.sh $HOSTADDRESS
}
And that’s it, you can now use the check_dhcp command in your service definitions.
[…] I’m pretty sure this is useless on most versions of Linux because the default DHCP plugin that comes with the Nagios Plugins distribution has this functionality and seems to work just fine everywhere except on RedHat-based distros like RHEL, Centos and Fedora Core. On these systems the default plugin does not seem to work and fails to detect any DHCP servers. This plugin is different to the one I gave instructions for before which tests whether a particular DHCP server is answering requests, this plugin finds rogue servers, it will not alert you if any of your actual DHCP servers are down. Hence, you should probably install both. This plugin is not very polished, it is rough and ready but I know it works on RHEL4. If you’re running a different system you may have to do some minor tweaks but this should serve as an excellent starting point none-the-less. […]
hi,
im running RHEL 4 and the plugin seems to work fine. Got around the permissions problem using:
# chown root:root check_dhcp
# chmod 4755 check_dhcp
all works good
I had the same problem on FC5, but found that it was just the firewall settings blocking the DHCP response from my request. I just opened the ports and it worked fine.
Hi Shuyun,
That’s interesting. However, I haven’t made any firewall changes yet this method works so either FC5 is different or there is a subtly different way in which both plugins access the network and one sits in front of the firewall while the other doesn’t. A lot of DHCP stuff happens over raw sockets and hence doesn’t go through IPTables. I had the inverse problem once where I was trying to firewall off out DHCP server from some network ranges and it really didn’t turn out to be possible with IP Tables on the DHCP server.
Could you perhaps post the relevant IPTables rules?
Bart.