This is from Article 8 titled above. I am curious if there is a way to run the full install and exclude setting up the FireWall? I looked at the script itself and the only things I can think of it commenting out "run_sub ./4-firewall" or to run the part of the script below that:
if [ -f skipped.firewall ]; then
cat <<-SKIPFW
NOTICE:
Your firewall configuration was skipped
You need to manually open ports 5666 for TCP traffic
SKIPFW
fi
I believe I would just run it with "./fullinstall -f skipped.firewall" but I am unsure as the -h only brings up two perimeters:
./fullinstall -h
Nagios Linux Agent Installer Script v2.0.0
Copyright 2009-2017, Nagios Enterprises LLC.
License:
Nagios Software License <http://assets.nagios.com/licenses/nagio ... icense.txt>
Support:
XI Support Mailing List <xisupport@nagios.com> (customers only)
Community Forums <http://support.nagios.com/forum/>
Usage: fullinstall [options...]
Options:
-h | --help
Display this help text
-n | --non-interactive
Assume defaults for all questions (for scripted installs)
Installing NRPE Using the Install Script
Re: Installing NRPE Using the Install Script
Well,
I did a bit more digging with my colleague and I found an option in the 4-firewall script that looks for either "installed.firewall" or "skipped.firewall". I could only find installed.firewall inside the linux-nrpe-agent so I am assuming if I changed that to skipped.firewall that it will see that empty file and ignore installing the Firewall rules. I will update everyone of my findings.
I did a bit more digging with my colleague and I found an option in the 4-firewall script that looks for either "installed.firewall" or "skipped.firewall". I could only find installed.firewall inside the linux-nrpe-agent so I am assuming if I changed that to skipped.firewall that it will see that empty file and ignore installing the Firewall rules. I will update everyone of my findings.
Re: Installing NRPE Using the Install Script
Your thoughts are correct - running touch skipped.firewall before the fullinstall should properly skip those steps.
For reference, the following code:
is bash code for "if the file skipped.firewall exists, then" etc. etc. -f is not a flag that the script can use, but rather the way to check for the existence of a file in bash.
For reference, the following code:
Code: Select all
if [ -f skipped.firewall ]; then
Former Nagios employee
Re: Installing NRPE Using the Install Script
Well,
I tried to untar the file, then I went into /tmp/linux-nrpe-agent/ and ran touch skipped.firewall and it still installed the firewall and enabled it. This is not good, because I need to be able to run this without it turning the firewall on. This is a Production environment and we have external Firewall rules so we don't need to run IPTables. The script I am trying to use is located here https://support.nagios.com/kb/article.php?id=8. Maybe someone else will have better luck?
I tried to untar the file, then I went into /tmp/linux-nrpe-agent/ and ran touch skipped.firewall and it still installed the firewall and enabled it. This is not good, because I need to be able to run this without it turning the firewall on. This is a Production environment and we have external Firewall rules so we don't need to run IPTables. The script I am trying to use is located here https://support.nagios.com/kb/article.php?id=8. Maybe someone else will have better luck?
Re: Installing NRPE Using the Install Script
So, based on the 4-firewall install script, I may be able to trick the script:
#!/bin/bash -e
. ./xi-sys.cfg
# Was previous step completed?
if [ ! -f installed.services ]; then
echo "Services were not initialized - run previous script" >&2
exit 1
fi
# Was this step already completed?
if [ -f installed.firewall ]; then
echo "Firewall rules already configured - skipping."
exit 0
fi
# UPDATE FIREWALL SETTINGS
skip_firewall() {
echo "Firewall rules not touched"
touch skipped.firewall
touch installed.firewall
exit
}
I am thinking if I do a touch skipped.firewall and touch installed.firewall that it will just completely skip over the step but I can't be 100% sure without testing it against another server. Ah, the dilemmas of an installer/tester LOL
#!/bin/bash -e
. ./xi-sys.cfg
# Was previous step completed?
if [ ! -f installed.services ]; then
echo "Services were not initialized - run previous script" >&2
exit 1
fi
# Was this step already completed?
if [ -f installed.firewall ]; then
echo "Firewall rules already configured - skipping."
exit 0
fi
# UPDATE FIREWALL SETTINGS
skip_firewall() {
echo "Firewall rules not touched"
touch skipped.firewall
touch installed.firewall
exit
}
I am thinking if I do a touch skipped.firewall and touch installed.firewall that it will just completely skip over the step but I can't be 100% sure without testing it against another server. Ah, the dilemmas of an installer/tester LOL
Re: Installing NRPE Using the Install Script
Just a follow up. Using touch installed.firewall and touch skipped.firewall seemed to work like a charm. It came back with "Your firewall configuration was skipped" at the end of the script and did not turn on the iptables. Just to make sure I wasn't fully crazy, I decided to test another server that was not in full production rotation with just skipped.firewall and I got the below results:
NOTICE:
Your firewall configuration was skipped
You need to manually open ports 5666 for TCP traffic
But when I ran service iptables status, I got the below results:
[root@ip-10-0-0-113 linux-nrpe-agent]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5666
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
IPTables was disabled prior to running the script so the script is adding the entry even when it is requesting a skip.
NOTICE:
Your firewall configuration was skipped
You need to manually open ports 5666 for TCP traffic
But when I ran service iptables status, I got the below results:
[root@ip-10-0-0-113 linux-nrpe-agent]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5666
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
IPTables was disabled prior to running the script so the script is adding the entry even when it is requesting a skip.
Re: Installing NRPE Using the Install Script
Line 48 and 68 add the iptables rule and restarts iptables. Disabling the first line with a # at the beginning and changing the second to "service iptables status" seems to have done the trick on my system.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.