gistfile1.txt

yum install -y nagios nagios-plugins httpd mod_ssl mod_authz_ldap git \
               perl-MD5 perl-YAML perl-NetAddr-IP nagiostat net-snmp-utils


-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

scp root@newton:/opt/local/openssl/certificate_authority/eftdomain.net//mid_ca/mid-openssl.cnf /root/openssl.cnf
HOST=$(hostname -f)
openssl genrsa -out /etc/pki/tls/private/${HOST}.key 1024
openssl req -new -key /etc/pki/tls/private/${HOST}.key \
            -out /root/${HOST}.csr -config /root/openssl.cnf
scp /root/${HOST}.csr root@newton:/opt/local/openssl/certificate_authority/eftdomain.net/mid_ca/


##ship the csr to newton:
# cd /opt/local/openssl/certificate_authority/eftdomain.net/mid_ca
# openssl ca -config mid-openssl.cnf \
#             -policy policy_anything \
#             -out ../copernicus.eftdomain.net/copernicus.eftdomain.net.crt \
#             -infiles ../copernicus.eftdomain.net/copernicus.eftdomain.net.csr
#

scp root@newton:/opt/local/openssl/certificate_authority/eftdomain.net/${HOST}/${HOST}.crt /etc/pki/tls/certs/${HOST}.crt
mv /etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs/localhost.crt-dist
(cd /etc/pki/tls/certs/; ln -s ${HOST}.crt localhost.crt)

mv /etc/pki/tls/private/localhost.key /etc/pki/tls/private/localhost.key-dist
(cd /etc/pki/tls/private/; ln -s ${HOST}.key localhost.key)
chmod 600 /etc/pki/tls/certs/*

cp /etc/httpd/conf.d/adauth.cf into place
edit /etc/httpd/conf.d/nagios.cf to Include conf.d/adauth.cf (in 2 places)

edit /etc/nagios/cgi.cfg and add jameswhite to nagiosadmin stuff
comment-in said lines...

mkfifo -m 0660 /var/log/nagios/rw/nagios.cmd
chown -R nagios:apache /var/log/nagios/rw

/etc/nagios/nagios.cfg
check_external_commands=1