Archiwa kategorii: Administracja serwerami

Monit na Debianie z ISPConfig 3

Oczywiście polecam utworzyć odrębne pliki w /etc/monit/monitrc.d w celu bezbolesnej aktualizacji pakietu monit.

# Amavis
#check process amavisd with pidfile /var/run/amavis/amavisd.pid
# group mail
# start program = "/etc/init.d/amavis start"
# stop program = "/etc/init.d/amavis stop"
# if failed port 10024 protocol smtp then restart
# if 5 restarts within 5 cycles then timeout

check process amavisd with pidfile /var/run/amavis/amavisd.pid
group mail
start program = "/etc/init.d/amavis start"
stop program = "/etc/init.d/amavis stop"
if failed port 10024 protocol smtp then restart
if 5 restarts within 5 cycles then timeout
depends on amavisd_bin
depends on amavisd_rc

check file amavisd_bin with path /usr/sbin/amavisd-new
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor

check file amavisd_rc with path /etc/init.d/amavis
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor

# Apache2
check process apache with pidfile /var/run/apache2.pid
group www
start program = "/etc/init.d/apache2 start"
stop program = "/etc/init.d/apache2 stop"
if failed port 80 protocol http then restart
if cpu is greater than 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 1500 MB for 5 cycles then restart
if children > 512 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout

# Clamd
check process clamd with pidfile /var/run/clamav/clamd.pid
group virus
start program = "/etc/init.d/clamav-daemon start"
stop program = "/etc/init.d/clamav-daemon stop"
if failed unixsocket /var/run/clamav/clamd.ctl then restart
if 5 restarts within 5 cycles then timeout
depends on clamavd_bin
depends on clamavd_rc

check file clamavd_bin with path /usr/sbin/clamd
group virus
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor

check file clamavd_rc with path /etc/init.d/clamav-daemon
group virus
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor

# Courier_authdaemon
check process authdaemon with pidfile /var/run/courier/authdaemon/pid
group services
start program = "/etc/init.d/courier-authdaemon start"
stop program = "/etc/init.d/courier-authdaemon stop"
if 5 restarts within 5 cycles then timeout

# Cron
check process cron with pidfile /var/run/crond.pid
start program = "/etc/init.d/cron start"
stop program = "/etc/init.d/cron stop"
group system
depends cron_init, cron_bin

check file cron_init with path /etc/init.d/cron
group system

check file cron_bin with path /usr/sbin/cron
group system

# fail2ban
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
group services
start program = "/etc/init.d/fail2ban start"
stop program = "/etc/init.d/fail2ban stop"
if 5 restarts within 5 cycles then timeout

# Courier_imapd
check process imap with pidfile /var/run/courier/imapd.pid
group mail
start program = "/etc/init.d/courier-imap start"
stop program = "/etc/init.d/courier-imap stop"
if failed port 143 then restart
if 5 restarts within 5 cycles then timeout

# Courier_immapd-ssl
check process imapd-ssl with pidfile /var/run/courier/imapd-ssl.pid
group mail
start program = "/etc/init.d/courier-imap-ssl start"
stop program = "/etc/init.d/courier-imap-ssl stop"
if failed port 143 then restart
if 5 restarts within 5 cycles then timeout

# Munin-node
check process munin-node with pidfile /var/run/munin/munin-node.pid
group services
start program = "/etc/init.d/munin-node start"
stop program = "/etc/init.d/munin-node stop"
if 5 restarts within 5 cycles then timeout

#MyDNS
check process named with pidfile /var/run/mydns.pid
start program = "/etc/init.d/mydns start"
stop program = "/etc/init.d/mydns stop"
if failed host 127.0.0.1 port 53 then alert
if 5 restarts within 5 cycles then timeout

# MySQL
check process mysql with pidfile /var/run/mysqld/mysqld.pid
group database
start program = "/etc/init.d/mysql start"
stop program = "/etc/init.d/mysql stop"
if failed host 127.0.0.1 port 3306 protocol mysql then restart
if 5 restarts within 5 cycles then timeout

# Courier_pop3d
check process pop3 with pidfile /var/run/courier/pop3d.pid
group mail
start program = "/etc/init.d/courier-pop start"
stop program = "/etc/init.d/courier-pop stop"
if failed port 110 then restart
if 5 restarts within 5 cycles then timeout

# Courier_pop3-ssl
check process pop3-ssl with pidfile /var/run/courier/pop3d-ssl.pid
group mail
start program = "/etc/init.d/courier-pop-ssl start"
stop program = "/etc/init.d/courier-pop-ssl stop"
if failed port 995 then restart
if 5 restarts within 5 cycles then timeout

#postfix
check process postfix with pidfile /var/spool/postfix/pid/master.pid
group mail
start program = "/etc/init.d/postfix start"
stop program = "/etc/init.d/postfix stop"
if failed port 25 protocol smtp then restart
if 5 restarts within 5 cycles then timeout
depends on postfix_rc

check file postfix_rc with path /etc/init.d/postfix
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor

#PureFTPd
check process pure-ftpd with pidfile /var/run/pure-ftpd/pure-ftpd.pid
start program "/etc/init.d/pure-ftpd-mysql start"
stop program "/etc/init.d/pure-ftpd-mysql stop"
if failed host 127.0.0.1 port 21 then restart
if 5 restarts within 5 cycles then timeout

# SSHd
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/ssh start"
stop program "/etc/init.d/ssh stop"
#if failed port 22 protocol ssh then restart
if failed port 22 then restart
if 5 restarts within 5 cycles then timeout

# Spamassassin
check process spamd with pidfile /var/run/spamd.pid
group mail
start program = "/etc/init.d/spamassassin start"
stop program = "/etc/init.d/spamassassin stop"
if 5 restarts within 5 cycles then timeout
if cpu usage > 99% for 5 cycles then alert
if mem usage > 99% for 5 cycles then alert

check file spamd_bin with path /usr/sbin/spamd
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor

check file spamd_rc with path /etc/init.d/spamassassin
group mail
if failed checksum then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor

# Rsyslogd
check process syslogd with pidfile /var/run/rsyslogd.pid
start program = "/etc/init.d/rsyslog start"
stop program = "/etc/init.d/rsyslog stop"
if 5 restarts within 5 cycles then timeout
check file syslogd_file with path /var/log/syslog

Źródło: http://www.howtoforge.com/forums/archive/index.php/t-43177.html

Zabbix active agent – monitorowanie zasobów serwera będącego wewnątrz sieci lokalnej, bez przekierowywania portów

Aby skonfigurować agenta zabbixa do samoczynnego wysyłania danych o zasobach należy stworzyć odpowiednie „templates” na serwerze zabbix. W tym celu należy:

  1. zalogować się do frontendu serwera
  2. configuration->templates
  3. Kliknąć „Template App Zabbix Agent”
  4. kliknąć przycisk „Full Clone”
  5. W nazwie dopisać np. ” Active”
  6. Zapisać
  7. iść do „Items” dla nowo stworzonego template
  8. zaznaczyć wszystkie elementy
  9. na samym dole wybrać „mass update”
  10. W „type” zmienić z „Zabbix agent” na „Zabbix agent (active)” i kliknąć „Update”

Analogicznie postępujemy przy „Template OS Linux” / „Template OS Windows” i innych wymaganych szablonach, z tą różnicą, że jeszcze w „Linked templates” zmieniamy „Template App Zabbix Agent” na chwilę wcześniej utworzoną wersję szablonu „Template App Zabbix Agent Active”.

Następnie należy dodać hosta z odpowiednimi szablonami „…Active” i skonfigurować agenta:

Server=
StartAgents=0
ServerActive=adres ip naszego serwera zabbix
Hostname=zgodne z konfiguracją hosta na serwerze zabbix