Zeb viode sftp permissions check and fix

From Apoyar Wiki
Jump to navigation Jump to search

ZEB-VIODE sftp permissions check and fix


On nagios.apoyar-KITTY machine

/etc/nagios/objects # vi services.cfg

/rds

To check what is the command for RDS

Check_rds! -n zeb -r eu-west-1 -i zeb-db -m status

  1. vi commands.cfg
  1. Check_rds (definition)

Define command { Command_name check_rds Command_name $USER1$|pmp-check-aws-rds.py $ARG1$

(We can run this command to know the arguments)

  1. /usr/local/libexec/nagios/pmp-check-aws-rds.py -h

If we check nagios ZEB-MYSQL[RDS]

MYSQL Connection Time

MYSQL Open file

MYSQL Query Cache

MQSQL Threads Connected

MQSQL Threads running

(MYSQL Check which can be checked over the connection)





RDS – CPU Load

RDS RAM

RDS Status

RDS Storage

(metrics on machine itself)

RDS is the managed service we don’t have access to the machine we cannot run maintenance ,istall updates . but we cannot connect to DataBase.

Here we have to create 2 policies

1. Custom Policies(GetMetricStatitics)

Cloudwatch (Monitoring system of AWS)

2. RDSDescribe

(Two policies need to be for every new user and customer, we had it in ZEB also we need to create the same in scorpion)

After the policies created we are going to IAM (management Console) in AWS

This is not the regular user , we cannot use the username and password , it is called as an API.

IAM---USER—Security Credentials.

Here we find the Access Key ID – generated when you create user we cannot change this.

NOTE : if you lose or forget your secret key you cannot retrieve it instead create a new access key and make the old key inactive.

Now we have RDS monitoring using Nagios created on AWS.

Go back to nagios machine.

root@nagios: /usr/local/etc/nagios/objects $ vi /etc/boto.cfg

(boto -this library looks for configuration files in the following location and in the following order : /etc/boto.cfg)

It has PROFILE NAME, ACCESS KEY ID and SECURE KEY data in it.

Why this has been done the reason for that is the plugin itself doesn’t have any option to provide username and password.




Check_rds -n zeb eu-west-1 -i zeb-db -m status

-n –profile name

-r –region

-i –identity

-m—status

If we run the arugments of that particular command we get

$ /usr/local/libexec/nagios/pmp-check-aws-rds.py -n zeb eu-west-1 -i zeb-db -m status

(we get the version of MYSQL and the status)

We integrate all nagios user ,IAM and Policies with RDS.

We have to create pragramatic user in RDS , we have to give the 2 policies to enable it to monitoring.

It doesn’t access the database at all the only thing it access is cloud watch which is monitoring system of AWS.

We can see what Cloud watch does , if you click monitoring on database.

We are asking cloud watch to give us the information.

Same Process is Applicable for Scorpion.

If we go Scorpion on AWS Console.

We can see the commands run on nagios machine for scorpion.

/usr/local/etc/nagios/objects $ vi services.cfg


We can check the command for scorpion as well

Check_rds -n scorpion -r us-east-2 -i scorpion -m status.

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Zeb_viode_sftp_permissions_check_and_fix&oldid=237