SoCruel.NU

The domain that loves BSD

Home About Me
FreeBSD Security Miscellaneous
Archive Contact

Check for FreeBSD updates with Nagios

One of the main important tasks of a FreeBSD system administrator is keeping the FreeBSD systems up to date. SoCruel.NU uses Nagios to monitor its FreeBSD systems (see also the How to manage a FreeBSD infrastructure blog post).

Nagios has some very good FreeBSD specific plugins to keep me up to date on the vulnerability and update status of my FreeBSD Operating Systems.

Requirements

The following requirements have to be in place to be able to implement what is described in this post:

  • an up to date FreeBSD version 10.x or 11
  • have Nagios installed and configured
  • a connection to the internet with access to a public caching name server or
  • a connection to a local caching name server which has access to a public root or caching name server
  • a connection to the internet with HTTP and HTTPS ports open to the internet
  • basic knowledge of setting up Nagios

Check the FreeBSD version

A guy from Sweden called Fredrik Lennmark has developed a very nice Nagios plugin called check_freebsd_version. This plugin checks whether there are updates available for the installed version of FreeBSD.

SoCruel.NU uses this plugin to check the versions of all its monitored FreeBSD systems. This is the first step to keep the FreeBSD platform up to date.

At SoCruel.NU NRPE is used on its Nagios endpoints. So first we have to configure it to be able to use the check_freebsd_version plugin. To do this add the following line to your /usr/local/etc/nrpe.cfg file:

command[check_freebsd_version]=/usr/local/libexec/nagios/check_freebsd_version -f

Please make also sure that you have installed the check_freebsd_version plugin on the monitored system. SoCruel.NU uses SaltStack for this. But this is out of the scope of this blog post.

Next is to let Nagios know that we want to this. We do this by defining a command like

# 'check_freebsd_version' command definition
define command{
        command_name    check_freebsd_version
        command_line    $USER1$/check_nrpe2 -H $HOSTADDRESS$ -u -c check_freebsd_version
        }

in your Nagios commands.cfg file.

The last step is to use this in your monitored server Nagios configuration file (I have a configuration file per monitored item):

define service{
        use                             generic-service
        host_name                       YOUR SERVER NAME HERE
        service_description             OTHER: FREEBSD VERSION
        max_check_attempts              3
        normal_check_interval           60
        retry_check_interval            15
        contact_groups                  freebsd-admins
        check_command                   check_freebsd_version
        }

Resources

Some (other) resources about this subject:

Updated: August 17, 2018