diff --git a/pandora_server/conf/pandora_server_sec.conf.template b/pandora_server/conf/pandora_server_sec.conf.template new file mode 100644 index 0000000000..90d71af5fd --- /dev/null +++ b/pandora_server/conf/pandora_server_sec.conf.template @@ -0,0 +1,738 @@ +############################################################################# +# Pandora FMS Server Parameters +# Pandora FMS, the Flexible Monitoring System. +# Version 7.0NG.769 +# Licensed under GPL license v2, +# (c) 2003-2021 Artica Soluciones Tecnologicas +# http://www.pandorafms.com +# Please change it for your setup needs +############################################################################# + +# Servername: Name of this server +# if not given, it takes hostname. It's preferable to setup one +# because machine name could change by some reason. + +servername greystone_sec + +# incomingdir: Defines directory where incoming data packets are stored +# You could set directory relative to base path or absolute, starting with / + +incomingdir /var/spool/pandora/data_in + +# log_file: Main logfile for pandora_server +# You could set file relative to base path or absolute, starting with / + +log_file /var/log/pandora/pandora_server.log + +# Log file for Pandora FMS SNMP console. Its generated by NetSNMP Trap daemon +# If you change it, please update the file /etc/logrotate.d/pandora_server accordingly. + +snmp_logfile /var/log/pandora/pandora_snmptrap.log + +# Error logfile: aux logfile for pandora_server errors (in Daemon mode) +# You could set file relative to base path or absolute, starting with / + +errorlog_file /var/log/pandora/pandora_server.error + +# daemon: Runs in daemon mode (background) if 1, if 0 runs in foreground +# this could be also configured on commandline with -D option + +# daemon 1 + +# dbengine: mysql +dbengine mysql + +# Database credentials. A VERY important configuration. +# This must be the same credentials used by your Pandora FMS Console +# but could be different if your console is not running in the same +# host than the server. Check your console setup in /include/config.php + +# dbname: Database name (pandora by default) + +dbname pandora + +# dbuser: Database user name (pandora by default) + +dbuser pandora + +# dbpass: Database password + +dbpass pandora + +# dbhost: Database hostname or IP address + +dbhost 127.0.0.1 + +# dbport: Database port number +# Default value depends on the dbengine (mysql: 3306) +#dbport 3306 + +# dbssl: Enable (1) or disable (0) SSL for the database connection. + +dbssl 0 + +# dbsslcafile: Path to a file in PEM format that contains a list of trusted SSL certificate authorities. + +# dbsslcafile + +# dbsslcapath: Path to a directory that contains trusted SSL certificate authority certificates in PEM format. + +# dbsslcapath + +# verbosity: level of detail on errors/messages (0 default, 1 verbose, 2 debug.... 10 noisy) +# -v in command line (verbose) or -d (debug). Set this to 10 when try to locate problems and +# set to 1 or 3 on production enviroments. + +verbosity 3 + +# Master Server priority. The running server with the highest master value will +# be the master. Ties are broken at random. If set to 0, this server will +# never become master. +master 0 + +# Activate Pandora SNMP console (depending on snmptrapd) + +snmpconsole 0 + +# snmpconsole_threads: number of SNMP console threads for processing SNMP traps. + +snmpconsole_threads 1 + +# If set to 1, traps from the same source will never be processed in parallel. 0 by default. +#snmpconsole_lock 0 + +# Time between consecutive reads of the SNMP log file in seconds. Defaults to server_threshold. +#snmpconsole_threshold 5 + +# Attempt to translate variable bindings when processing SNMP traps. 1 enabled, 0 disabled. 0 by default. (ENTERPRISE ONLY). + +translate_variable_bindings 0 + +# Attempt to translate enterprise strings when processing SNMP traps. 1 enabled, 0 disabled. 1 by default. (ENTERPRISE ONLY). + +translate_enterprise_strings 0 + +# snmptrapd will ignore authenticationFailure traps if set to 1. + +snmp_ignore_authfailure 1 + +# snmptrapd will read the PDU source address instead of the agent-addr field is set to 1. + +snmp_pdu_address 0 + +# Path to the snmp_trapd binary. If set to manual, the server will not attemp to start snmp_trapd. + +#snmp_trapd manual + +# SNMP Trap forwarding. Go to https://pandorafms.com/manual/ for more information. +#snmp_forward_trap 1 +#snmp_forward_ip 192.168.1.145 +#snmp_forward_version 1 +#snmp_forward_secName +#snmp_forward_engineid +#snmp_forward_authProtocol +#snmp_forward_authPassword +#snmp_forward_privProtocol +#snmp_forward_privPassword +#snmp_forward_secLevel +#snmp_forward_community + +# Activate (1) Pandora Network Server + +networkserver 0 + +# Activate (1) Pandora Data Server + +dataserver 0 + +# Enable (1) or disable (0) the Data Server smart queue, which gives priority +# to new data coming from agents at the expense of buffered XML files. +dataserver_smart_queue 1 + +# Activate (1) Pandora FMS Discovery server + +discoveryserver 0 + +# Discovery SAP (PANDORA FMS ENTERPRISE ONLY) +# java /usr/bin/java + +# Discovery SAP utils (PANDORA FMS ENTERPRISE ONLY) +# sap_utils /usr/share/pandora_server/util/recon_scripts/SAP + +# Discovery Microsoft SQL ODBC driver (PANDORA FMS ENTERPRISE ONLY) +# mssql_driver ODBC Driver 17 for SQL Server + +# pluginserver : 1 or 0. Set to 1 to activate plugin server with this setup + +pluginserver 0 + +# Pandora FMS Plugin exec tool filepath (by default at /usr/bin) + +plugin_exec /usr/bin/timeout + +# predictionserver : 1 or 0. Set to 1 to activate prediction server with this setup +# DISABLED BY DEFAULT + +predictionserver 0 + +# wmiserver : 1 or 0. Set to 1 to activate WMI server with this setup +# DISABLED BY DEFAULT + +wmiserver 0 + +# Network timeout (in seconds) for timeout in network connections for Network agents + +network_timeout 4 + +# Network timeout (in seconds) for timeout in remote execution commands (PANDORA FMS ENTERPRISE ONLY). + +rcmd_timeout 10 + +# Pandora FMS remote execution commands timeout tool filepath (by default at /usr/bin) + +rcmd_timeout_bin /usr/bin/timeout + +# Remote execution modules, ssh_launcher extra option (PANDORA FMS ENTERPRISE ONLY). +ssh_launcher /usr/share/pandora_server/util/ssh_launcher.sh + +# Server keepalive (in seconds) + +server_keepalive 45 + +# Log server thread status to disk (always set to 0, except when debugging). + +thread_log 0 + +# Server Threshold: defines number of seconds of main loop (in sec) + +server_threshold 5 + +# Network threads: Do not set too high (~40). Each threads make a network module check. + +network_threads 4 + +# icmp_checks x : defines number of pings for each icmp_proc module type. at least one of +# that ping should be 1 to report 1. Setting this to 1 will make all icmp montioring faster but +# with more probability of failure. + +icmp_checks 1 + +# Number of ICMP packets to send per request. +icmp_packets 2 + +# tcp specific options : +# tcp_checks: number of tcp retries if first attempt fails. +# tcp_timeout: specific timeout for tcp connections + +tcp_checks 1 +tcp_timeout 10 + +# snmp specific options : +# snmp_checks: number of snmp request retries if first attempt fails. +# snmp_timeout: specific timeout for snmp request. + +snmp_checks 1 +snmp_timeout 4 + +# snmp_proc_deadresponse 1 (default): Return DOWN if cannot contact +# or receive NULL from a SNMP PROC module. + +snmp_proc_deadresponse 1 + +# plugin_threads: Specify number of plugin server threads for processing plugin calls + +plugin_threads 1 + +# plugin_timeout: Specify number of seconds calling plugin exec waiting for response +# after this time, call is aborted and result is "unknown". + +plugin_timeout 12 + +# wmi_timeout : specific timeout for wmi request. + +wmi_timeout 7 + +# wmi_threads: Specify number of WMI server threads for processing WMI remote calls + +wmi_threads 1 + +# WMI client binary (wmic by default). + +#wmi_client pandorawmic + +# recon_threads. Each thread will scan a different scantask. + +recon_threads 1 + +# dataserver_threads: Number of threads for data server (XML processing threads) + +dataserver_threads 1 + +# mta_address: External Mailer (MTA) IP Address to be used by Pandora FMS internal email capabilities +# If not set, the MTA configuration specified in the Pandora FMS Console will be used. + +#mta_address localhost + +# mta_port, this is the mail server port (default 25) + +#mta_port 25 + +# mta_user MTA User (if needed for auth, FQD or simple user, depending on your server) + +#mta_user myuser@mydomain.com + +# mta_pass MTA Pass (if needed for auth) + +#mta_pass mypassword + +# mta_auth MTA Auth system (if needed, it supports LOGIN, PLAIN, CRAM-MD5, DIGEST-MD) + +#mta_auth LOGIN + +# mta_from Email address that sends the mail, by default is pandora@localhost +# probably you need to change it to avoid problems with your antispam + +#mta_from Pandora FMS + +# SMTP encryption protocol (none, ssl, starttls) + +#mta_encryption none + +# Set 1 if want eMail deliver alert in separate mail (default). +# Set 0 if want eMail deliver shared mail by all destination. +mail_in_separate 1 + + +# xprobe2: Optional package to detect OS types using advanced TCP/IP +# fingerprinting tecniques, much more accurates than stadard nmap. +# If not provided, nmap is used insted xprobe2 + +xprobe2 /usr/bin/xprobe2 + +# nmap: If provided, is used to detect OS type with recon server using +# advanded OS fingerprint technique. Xprobe2 gives more accurate results +# Nmap is also used to do TCP port scanning in detected host. + +nmap /usr/bin/nmap + +# Default path is /usr/sbin/fping for installation default in distro Centos , if you are installing in other distribution, +# you install fping in /usr/bin/fping and change the path in this line. +# Path to the fping binary. Used by the Enterprise ICMP Server. +fping /usr/sbin/fping +# fping /usr/bin/fping + +# A value that specifies how aggressive nmap should be from 1 to 5. 1 means slower but more reliable, 5 means faster but less reliable. 2 by default. +nmap_timing_template 2 + +# Like nmap_timing_template, but applies to Satellite Server and Recon Server network scans. 3 by default. +recon_timing_template 3 + +# snmpget: Needed to do SNMP checks. By default is on /usr/bin/snmpget + +snmpget /usr/bin/snmpget + +# Location of the braa binary needed by the Enterprise SNMP Server +# /usr/bin/braa by default (PANDORA FMS ENTERPRISE ONLY). + +braa /usr/bin/braa + +# Number of retries before braa hands a module over to the Network Server (PANDORA FMS ENTERPRISE ONLY). + +braa_retries 3 + +# Location of the pandorafsnmp binary needed by the Enterprise SNMP Server. +# /usr/bin/pandorafsnmp by default (PANDORA FMS ENTERPRISE ONLY). + +fsnmp /usr/bin/pandorafsnmp + +# Default group id for new agents created with Pandora FMS Data Server +# If this token is enabled and Agent is setup with a fixed group, server settings will override agent settings +# If this token is disabled and group is not provided in the agent, or provided group doesn't exist, agent data +# will be dropped. We use the Group ID #10 (Unknown) for a "valid" default value, please change as your own decision. + +autocreate_group 10 + +# Works like autocreate_group, except the name of the group is specified (instead of its id). Do not set both. +#autocreate_group_name Unknown + +# If set to 1, new agents will be added to the group specified by autocreate_group (the group specified by the agent will be used as fallback). +# If set to 0, new agents will be added to the group specified by the agent (the group specified by autocreate_group will be used as fallback). + +autocreate_group_force 0 + +# Set to 1 if want to autocreate agents with Pandora FMS Data Server, +# set to 0 to disable (for security purposes, for example). + +autocreate 1 + +# max_log_size: Specify max size of Pandora FMS server log file (1MB by default). If +# log file grows above this limit, is renamed to "pandora_server.log.0". + +max_log_size 1048576 + +# max_log_generation: Specify max generation count (between 1 and 9) of Pandora FMS server log files. +max_log_generation 1 + +# max_queue_files (5000 by default) +# When server have more than max_queue_files in incoming directory, skips the read +# the directory to avoid filesystem overhead. + +max_queue_files 5000 + +# If set to 0, the timestamp attribute in XML data files will be ignored and the system time will be used instead. + +# use_xml_timestamp 1 + +# Pandora FMS will autorestart itself each XXX seconds, use this if you experience problems with +# shutting down threads, or other stability problems. + +# auto_restart 86400 + +# Pandora FMS will restart after restart_delay seconds on critical errors. + +restart 1 +restart_delay 60 + +# More information about GIS Setup in /usr/share/pandora_server/util/gis.README +# Flag to activate GIS (positional information for agents and maps) +# by default it is desactivated + +#activate_gis 0 + +# Radius of error in meters to consider two gis locations as the same location. + +#location_error 50 + +# Recon reverse geolocation file. This is the database with the reverse +# geolocation information using MaxMind GPL GeoLiteCity.dat format). +# Comment it to disable the IP geolocation on agent creation. + +#recon_reverse_geolocation_file /usr/local/share/GeoIP/GeoIPCity.dat + +# Radius (in meters) of the circle in where the agents will be place randomly +# when finded by a recon task. Center of the circle is guessed +# by geolocating the IP. + +#recon_location_scatter_radius 1000 + +# Pandora Server self-monitoring (embedded agent) (by default enabled) + +self_monitoring 1 + +# Self monitoring interval (in seconds). +self_monitoring_interval 300 + +# Update parent from the agent xml + +update_parent 1 + +# +# +# This enable realtime reverse geocoding using Google Maps public api. +# This requires internet access, and could have performance penalties processing GIS +# information due the connetion needed to resolve all GIS input. +# NOTE: If you dont pay the service to google, they will ban your IP in a few days. + +# google_maps_description 1 + +# This enable realtime reverse geocoding using Openstreet Maps public api. +# This requires internet access, and could have performance penalties processing GIS +# information due the connetion needed to resolve all GIS input. +# You can alter the code to use a local (your own) openstreet maps server. + +# openstreetmaps_description 1 + +# Enable (1) or disable (0) Pandora FMS Web Server/Goliat. + +webserver 0 + +# Number of threads for the Web Server/Goliat. + +web_threads 1 + +# Default timeout (in seconds) for web modules. + +web_timeout 60 + +# Uncomment to perform web checks with LWP instead of CURL. +#web_engine lwp + +# Enable (1) or disable (0) Pandora FMS Inventory Server. + +inventoryserver 0 + +# Number of threads for the Inventory Server. + +inventory_threads 1 + +# Enable (1) or disable (0) Pandora FMS Export Server (PANDORA FMS ENTERPRISE ONLY). + +exportserver 0 + +# Number of threads for the Export Server (PANDORA FMS ENTERPRISE ONLY). + +export_threads 1 + +# Enable (1) or disable (0) Pandora FMS Event Server (PANDORA FMS ENTERPRISE ONLY). + +eventserver 0 + +# Enable (1) or disable (0) Pandora FMS Correlation Server (PANDORA FMS ENTERPRISE ONLY). + +correlationserver 0 + +# Time in seconds to re-evaluate correlation alerts pool (PANDORA FMS ENTERPRISE ONLY). + +correlation_threshold 30 + +# Correlated alerts, event window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY). + +event_window 3600 + +# Correlated Alerts, log window in seconds (3600 by default) (PANDORA FMS ENTERPRISE ONLY). + +log_window 3600 + +# Pre-load windows on start with available information. (PANDORA FMS ENTERPRISE ONLY). +#preload_windows 0 + +# Correlated Alerts, group cache ttl (in seconds). Set to 0 to disable. (PANDORA FMS ENTERPRISE ONLY). +#event_server_cache_ttl 10 + +# Log retrieving, items per request. (High values could make elasticsearch crash) +#elastic_query_size 10 + +# If set to 1, an alert will not be fired if the last event it generated is in 'in-process' status. + +event_inhibit_alerts 0 + +# Enable (1) or disable (0) Pandora FMS Enterprise ICMP Server (PANDORA FMS ENTERPRISE ONLY). +# You need nmap 5.20 or higher in order to use this ! + +icmpserver 0 + +# Number of threads for the Enterprise ICMP Server (PANDORA FMS ENTERPRISE ONLY). + +icmp_threads 4 + +# Enable (1) or disable (0) Pandora FMS Enterprise SNMP Server (PANDORA FMS ENTERPRISE ONLY). +# Check braa tool is running and operative. + +snmpserver 0 + +# Number of threads for the Enterprise SNMP Server (PANDORA FMS ENTERPRISE ONLY). + +snmp_threads 4 + +# Block size for block producer/consumer servers, that is, the number of modules +# per block (15 by default) (PANDORA FMS ENTERPRISE ONLY). + +block_size 20 + +# If set to 1, process XML data files in a stack instead of a queue. 0 by default. +# WARNING: Incremental modules will not work properly if dataserver_lifo is set to 1!!! + +dataserver_lifo 0 + +# If set to 1, the policy manager is enabled and the server is listening the policy queue. +# 0 by default (PANDORA FMS ENTERPRISE ONLY) + +policy_manager 1 + +# If set to 1, new events validate older event for the same module. This will +# affect the performance of the server. This was the "normal behaviour" on previous (4.x) versions. +# disable only if you really know what you are doing !!. + +event_auto_validation 1 + +# If defined, events generated by Pandora FMS will be written to the specified text file. +#event_file /var/log/pandora/pandora_events.txt + +# Set the maximum number of traps that will be processed from a single source in a +# configured time interval. +snmp_storm_protection 25 + +# Time interval for snmp_storm protection (in seconds). +snmp_storm_timeout 10 + +# Silenced time period in seconds, when trap storm is detected +snmp_storm_silence_period 300 + +# Default texts for some events. The macros _module_ and _data_ are supported. +#text_going_down_normal Module '_module_' is going to NORMAL (_data_) +#text_going_up_critical Module '_module_' is going to CRITICAL (_data_) +#text_going_up_warning Module '_module_' is going to WARNING (_data_) +#text_going_down_warning Module '_module_' is going to WARNING (_data_) +#text_going_unknown Module '_module_' is going to UNKNOWN + +# Events older that the specified time (in seconds) will be auto-validated. Set to 0 to disable this feature. +event_expiry_time 0 + +# Only events more recent than the specified time window (in seconds) will be auto-validated. This value must +# be greater than event_expiry_time. +#event_expiry_window 86400 + +# If set to 1, SNMP modules run by the Network Server will be claimed back by +# the SNMP Enterprise Server when pandora_db is run. +claim_back_snmp_modules 1 + +# If set to 1 asynchronous modules that do not receive data for twice their +# interval will become normal. Set to 0 to disable. +async_recovery 1 + +# Console API credentials. +# Required for some features like the module graphs macros. + +# console_api_url: Api URL (http://localhost/pandora_console/include/api.php by default) +# console_api_url http://localhost/pandora_console/include/api.php + +# console_api_pass: Api pass +# console_api_pass 1234 + +# Passphrase used to generate the key for password encryption (PANDORA FMS ENTERPRISE ONLY). +#encryption_passphrase passphrase + +# Enable (1) or disable (0) events related to the unknown module status. +unknown_events 1 + +# Time interval (as a multiple of the module interval) before a module becomes unknown. Twice the module's interval by default. +#unknown_interval 2 + +# Number of unknown modules that will be processed per iteration. +unknown_block_size 1000 + +# Maximum executing time of an alert (in seconds) +global_alert_timeout 15 + +# If set to 1 allows PandoraFMS Server to be configured via the web console (PANDORA FMS ENTERPRISE ONLY). +remote_config 0 + +# Remote address to send the configuration file (PANDORA FMS ENTERPRISE ONLY). +remote_config_address localhost + +# Remote port to send the configuration file (PANDORA FMS ENTERPRISE ONLY). +#remote_config_port 41121 + +# Extra options for the Tentacle client to send the configuration file (PANDORA FMS ENTERPRISE ONLY). +#remote_config_opts + +# Module status change events will not be generated and module alerts will not +# be executed for the specified number of seconds since the server starts up. +warmup_event_interval 0 + +# Modules will not become unknown (so no unknown events will be generated) and +# keepalive modules will not be updated for the specified number of seconds +# since the server starts up. +warmup_unknown_interval 300 + +# Directory were additional enc files for the XML parser are located. +enc_dir /usr/share/pandora_server/enc/ + +# The number of times dynamic_min and dynamic_max will be recalculated per dynamic_interval. +# Go to https://pandorafms.com/manual/ for more information. +dynamic_updates 5 +#dynamic_warning +#dynamic_constant + +# Periodically update unknown modules (1), instead of only once (0). Periodic +# updates may affect server performance. +unknown_updates 0 + +# Enable (1) or disable (0) the Pandora FMS WUX Server (PANDORA FMS ENTERPRISE ONLY). +wuxserver 0 + +# Host of the Selenium Grid Server. +#wux_host localhost + +# Port of the Selenium Grid Server. +#wux_port 4444 + +# Maximum timeout to connect to a target web site, also for communications with a Selenium Grid server. +#wux_webagent_timeout 15 + +# Force closing previous sessions on remote wux_host, only for Selenium Grid server 3. +#clean_wux_sessions 1 + +# Enable (1) or disable (0) the Pandora FMS Syslog Server (PANDORA FMS ENTERPRISE ONLY) disabled by default. +syslogserver 0 + +# Full path to syslog's output file (PANDORA FMS ENTERPRISE ONLY). +syslog_file /var/log/messages + +# Number of threads for the Syslog Server (PANDORA FMS ENTERPRISE ONLY). +syslog_threads 2 + +# Maximum number of lines queued by the Syslog Server's producer on each run (PANDORA FMS ENTERPRISE ONLY). +syslog_max 65535 + +# Sync Server +#syncserver + +# Port tentacle server +#sync_port 41121 + +# Sync certificate path of the authenticating CA +#sync_ca /home/cacert.pem + +# Sync server certificate path +#sync_cert /home/tentaclecert.pem + +# Sync server certificate private key path +#sync_key /home/tentaclekey.pem + +# Sync number of attempts +#sync_retries 3 + +# Sync timeout +#sync_timeout 10 + +# Address +# sync_address + +# Network manager configuration server (PANDORA FMS ENTERPRISE ONLY). +#ncmserver 0 + +# Threads for NCM server (PANDORA FMS ENTERPRISE ONLY). +ncmserver_threads 1 + +# NCM utility to avoid Net::SSH::Expect issues in multi-threaded environments. +ncm_ssh_utility /usr/share/pandora_server/util/ncm_ssh_extension + +# Pandora FMS Daemon Watchdog execution interval in seconds (PANDORA FMS ENTERPRISE ONLY). +ha_interval 30 + +# Pandora FMS Daemon Watchdog monitoring interval in seconds. Must be a multiple of ha_interval (PANDORA FMS ENTERPRISE ONLY). +ha_monitoring_interval 60 + +# Enable (1) or disable (0) Pandora FMS Alert Server. +alertserver 0 + +# Pandora FMS Alert Server threads. +alertserver_threads 4 + +# Generate an hourly warning event if alert execution is being delayed more than alertserver_warn seconds. +alertserver_warn 180 + +# If set to 1, alerts are queued for the Pandora FMS Alert Server.If alertserver is set to 1, alerts are always queued. +alertserver_queue 0 + +# Pandora FMS HA MySQL cluster splitbrain auto-recovery (PANDORA FMS ENTERPRISE ONLY) +# IMPORTANT! Please understand and configure all settings from pandora_console/index.php?sec=gservers&sec2=enterprise/godmode/servers/HA_cluster&tab=setup +# before enable this feature. +#splitbrain_autofix 0 + +# Pandora FMS HA MySQL cluster splitbrain auto-recovery settings (PANDORA FMS ENTERPRISE ONLY) +# Maximum number of retries +#ha_max_splitbrain_retries 2 +# Maximum number of retries to verify resync status. +#ha_max_resync_wait_retries 3 +# Maximum number of seconds waiting while verifying resync status. +#ha_resync_sleep 10 + +# Enable (1) or disable (0) the Tentacle Server watchdog (enabled by default). + +tentacle_service_watchdog 1 + +# Enable (1) or disable (0) the parameter of mysql ssl certification (mysql_ssl_verify_server_cert) (enabled by default). + +verify_mysql_ssl_cert 1 diff --git a/pandora_server/pandora_server_installer b/pandora_server/pandora_server_installer index 6479a6943a..d4ff0a428d 100755 --- a/pandora_server/pandora_server_installer +++ b/pandora_server/pandora_server_installer @@ -26,6 +26,7 @@ PANDORA_SERVER=/etc/init.d/pandora_server TENTACLE_SERVER=/etc/init.d/tentacle_serverd PANDORA_CFG_FILE=$PANDORA_CFG_DIR/pandora_server.conf PANDORA_CFG_FILE_DIST=conf/pandora_server.conf.new +PANDORA_CFG_FILE_DIST_SEC=conf/pandora_server_sec.conf.template PANDORA_INIT_SCRIPT=util/pandora_server TENTACLE_CFG_DIR=/etc/tentacle TENTACLE_CFG_FILE=$TENTACLE_CFG_DIR/tentacle_server.conf @@ -348,6 +349,12 @@ install () { chmod 770 $DESTDIR$PANDORA_CFG_FILE fi + echo "Creating sec setup directory in $PANDORA_CFG_DIR/conf.d" + mkdir -p $DESTDIR$PANDORA_CFG_DIR/conf.d 2> /dev/null + echo cp $PANDORA_CFG_FILE_DIST_SEC $DESTDIR$PANDORA_CFG_DIR/conf.d/ + cp $PANDORA_CFG_FILE_DIST_SEC $DESTDIR$PANDORA_CFG_DIR/conf.d/ + + echo "Installing Pandora Server manual" [ -d $DESTDIR$MANDIR ] || mkdir -p $DESTDIR$MANDIR cp man/man1/pandora_server.1.gz $DESTDIR$MANDIR diff --git a/pandora_server/util/pandora_ha.pl b/pandora_server/util/pandora_ha.pl index 9e44812908..378f864afa 100755 --- a/pandora_server/util/pandora_ha.pl +++ b/pandora_server/util/pandora_ha.pl @@ -192,7 +192,7 @@ sub ha_keep_pandora_running($$) { if ($OSNAME eq "freebsd") { $control_command = "status_server"; } - my $pid = `$Pandora_Service $control_command | awk '{print \$NF*1}' | tr -d '\.'`; + my $pid = `$Pandora_Service $control_command | grep -v /conf.d/ | awk '{print \$NF*1}' | tr -d '\.'`; if ( ($pid > 0) && ($component_last_contact > 0)) { # service running but not all components