Version 17 (modified by mickem, 6 months ago)

--

TracNav

    1. Automatic Push Scripts
      1. Setup
      2. Daily Install
      3. Install_NSClient.cmd
      4. Computer Specific INI Files
    2. Pushing WMI information via client VBS script
      1. 1. nagios_vbs-antivirusuptodate2.vbs
      2. 2. NSC.ini
      3. 3. windows-clients.cfg
      4. 4. NSCA on NAGIOS server

Feel free to add your own real-world configurations and such here.

For instance if you have a check to see if a specific application is working, let others know how you did it...

Automatic Push Scripts

I'm running a smallish enviroment where I have deployed NSClient to roughly 40 servers. I've found that pushing changes to all the servers is very very painful. To resolve this I've created a couple of cmd files which automate this process. In our enviroment this process is scheduled to run at 1am.

Additional logic could be added to this system so that NSClient is only reinstalled when changes to source files are detected.

Note: This solution opens several vulenerabilites and should only be employed on trusted networks. Use at your own risk.

Setup

  • On your file server create a share called \Daily_Install

Child folder setup: 

\Daily_Install
\Daily_Install\NSClient_Latest
\Daily_Install\NSClient_Latest\Modules
  • Create a dedicated user who only has access to this location via the share, and folders security permissions
  • Create and install the scripts below

Daily Install

Create this script and have it scheduled to run at a particular time. Use a system account which is limited to access the source files... this should reduce the hack-ability.

You'll need to assign a specific user and password to run this script. 

 @echo off
 echo map drive
 net use i: \\fileserver\Daily_Install /persistent:no
 I:
 echo.
 echo Install NSClient++
 call "i:\NSClient_Latest\Install_NSClient.cmd"
 c:
 echo.
 echo Unmap drive
 net use i: /DELETE

Install_NSClient.cmd

Create this script and place into \NSClient_Latest 

 @echo off
 cd \NSClient_Latest
 if not exist %WINDIR%\system32\NSClient_Latest\NSClient++.exe goto skip01
 echo removing old version
 %WINDIR%\system32\NSClient_Latest\NSClient++ /uninstall
 rmdir /s /q %WINDIR%\system32\NSClient_Latest
 :skip01
 echo.
 echo installing latest version
 mkdir %WINDIR%\system32\NSClient_Latest
 %WINDIR%\system32\NSClient_Latest\modules
 copy "*" "%WINDIR%\system32\NSClient_Latest"
 copy "modules" "%WINDIR%\system32\NSClient_Latest\modules"
 if exist %COMPUTERNAME%.ini copy "%COMPUTERNAME%.ini" "%WINDIR%\system32\NSClient_Latest\NSC.ini"
 %WINDIR%\system32\NSClient_Latest\NSClient++ /install
 %WINDIR%\system32\NSClient_Latest\NSClient++ /start
 cd \

Computer Specific INI Files

If you want to setup a special INI file for a computer, then copy the NSC.ini and call it <machine name>.ini, then include this file in the \Daily_Install\NSClient_Latest dir.

The install script will apply this special INI file to the specific machine at run-time.

Pushing WMI information via client VBS script

From: san
Date: 20100310
Objective: Push WMI information from client to NAGIOS server (nsca running on NAGIOS server).
The push is required as the Windows client is not always connected/up. Thought as a workaround
for WMI/namespace problem (http://nsclient.org/nscp/ticket/197) - obviously, this can be expanded
to suit your demands.

Requires:
1. VBS script on client
2. Changes to NSC.ini on client
3. Changes to NAGIOS server
4. NSCA server on receiving NAGIOS server

1. nagios_vbs-antivirusuptodate2.vbs

Create this script and place into "PATHTONSCA++\scripts" on the client. 

Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
strComputer = "."

' Build and execute WMI query
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\SecurityCenter")
Set colItems = objWMIService.ExecQuery("SELECT * FROM antivirusProduct", "WQL", _
    wbemFlagReturnImmediately + wbemFlagForwardOnly)

' Check single items from query
For Each objItem In colItems
	If objItem.OnAccessScanningEnabled = True Then myOnAccessScanningEnabled = "true"
	If objItem.productUptoDate = True Then myProductUpToDate = "true"
Next 

If myOnAccessScanningEnabled = "true" AND myProductUptoDate = "true" Then
	WScript.Echo "OK: OnAccessScanningEnabled - "& myOnAccessScanningEnabled &", ProductUptoDate - "& myProductUptoDate
	myExit = 0 'OK
ElseIf myOnAccessScanningEnabled = "" OR myProductUptoDate = "" Then
	WScript.Echo "WARNING: OnAccessScanningEnabled - "& myOnAccessScanningEnabled  & _
		", ProductUptoDate - "& myProductUptoDate
	myExit = 1 'WARNING
Else 
	WScript.Echo "ERROR: OnAccessScanningEnabled - "& myOnAccessScanningEnabled  & _
		", productUptoDate - "& myProductUptoDate
	myExit = 2 'ERROR
End If
wscript.quit(myExit)

2. NSC.ini

Add the following to their respective sections on your Windows client. 

[modules]
CheckExternalScripts.dll
...
[External Scripts]
allow_nasty_meta_chars=1
script_win-antivirus = c:\WINDOWS\SYSTEM32\cscript.exe //T:10 //NoLogo scripts\nagios_vbs-antivirusuptodate2.vbs
...
[NSCA Commands]
check_win-antivirus = script_win-antivirus ShowAll
...

3. windows-clients.cfg

On the NAGIOS server, e.g. in /etc/nagios3/conf.d/. 

...
define service{
        use generic-service
        host_name WINDOWSCLIENTHOSTNAMEHERE
        service_description check_win-antivirus
        passive_checks_enabled 1
        active_checks_enabled 0
        check_freshness 0
        freshness_threshold 0
        check_command check_dummy
}
...

4. NSCA on NAGIOS server

E.g. for installation on/in Debian. 

$> apt-get update && apt-get install nsca