[Nagiosplug-help] Need help using check_mysql

[Andreas Ericsson]

Zembower, Kevin wrote:
> Tom, thanks so much for writing. I think you're on to something.
> 
> I just set up check_mysql for another system, expecting to have the same
> problem, and was amazed when it worked right away. The other MySQL is
> 4.1.20, and doesn't contain any remarks on 'skip networking' in
> /etc/my.cnf; in fact, it's surprisingly short. The original system I'm
> having trouble with using MySQL 5.0.32 and has these lines in
> /etc/mysql/my.cnf:
> # Instead of skip-networking the default is now to listen only on
> # localhost which is more compatible and is not less secure.
> bind-address            = 127.0.0.1
> 
> Just as soon as I figure out what to change this to (0.0.0.0? 10.
> 253.192.205? Comment out entirely?), I'll change it and let you all know
> if this makes a difference. I expect that it would.
> 

0.0.0.0 will make it accept connections directed to any available addresses
on the host. 10.235.192.205 will make it bind only to that address. Note
that MySQL is clever enough not to implement any source-address filtering,
so it will allow connections from anywhere in both cases.


You can add a firewall rule to filter access to the port it runs on, using
a command-line such as the one shown below. I'm assuming you have a default
policy of DROP on your INPUT iptables table and your Nagios server has an
ip-address in $admin_network:

iptables -I INPUT -p tcp --dport 3306 -s $admin_network -j ACCEPT

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231