One of my current projects in work is to set up a Nagios install to monitor our network. We have been monitoring with the free version of BigBrother for a while now but BB isn’t as good so we’re switching to Nagios. I had plenty of problems getting Nagios running on RHEL 4 because in work we try to do as much as possible using only RPMs. I’m working on simple how-to for setting up Nagios on RHEL4 which I’ll publish here soon but the base install does not give you DHCP monitoring. I tried to look for RHEL rpms that provide check_dhcp but I couldn’t find any. There were lots for Fedora but they don’t work on RHEL (I tried FC4 and 5 rpms). I tried to manually build the latest version of the Nagios plugins which do contain a check_dhcp binary but there is a problem with that binary that results in it always showing your DHCP server as down. I know the problem is with the binary because if I watch the logs on the DHCP server I see it issuing an offer and tcpdump on my Nagios server shows the offer arriving, yet the plugin still insists that the service is down. The solution is to use this Perl script. However, if you follow the instructions on that page it won’t work on RHEL. I spent an entire day beating this script into submission but in the end I got it working.

[tags]Nagios, RedHat Enterprise Linux, RHEL, RHEL4, DHCP[/tags]

The first thing to do is to download the script and copy it to /usr/lib/nagios/plugins. There’s no point in following the instructions on the site for setting the permissions on the script. It will not work right even if you use setuid like the instructions say. Instead, set its permissions to be the same as everything else in there, owned by root:root with permissions 755. The chances are you won’t have all the Perl libraries that this script needs but they are all in CPAN so they are easy to install. To ensure you have everything you should run the script as root in the following way (replace HOST with the IP of your DHCP server and INT with the interface to use e.g. eth0):

/usr/lib/nagios/plugins/check_dhcp.pl -H HOST -i INT

Once you have the script working in this way you are ready to move on to the next step. In order to get around the problems with running the script with setuid we have to take two steps, firstly we have to create a wrapper script, and secondly we have to make a very restricted entry in the sudoers file.

To create the wrapper script save the code below in a file called /usr/lib/nagios/plugins/check_dhcp.sh and make sure it is owned by root:root and has permissions 755.

#!/bin/bash

/usr/bin/sudo /usr/lib/nagios/plugins/check_dhcp.pl -H $1 -i eth0

Note: I’ve hard-coded in the interface I want the script to use to contact the DHCP server, you may wish to edit the script so it takes two arguments and allows you to specify and interface each time you call the script.

Next you need to make the following entry in /etc/sudoers to allow the nagios user to call ONLY the Perl script as root without a password:

nagios  ALL=NOPASSWD: /usr/lib/nagios/plugins/check_dhcp.pl *

Once that is done you need to set up a command in your nagios config to use the wrapped plugin as follows:

define command{
  command_name    check_dhcp
  command_line /usr/lib/nagios/plugins/check_dhcp.sh $HOSTADDRESS
}

And that’s it, you can now use the check_dhcp command in your service definitions.