mosshe.tar.gz: mosshe/mosshe.example

"Fossies" - the Fresh Open Source Software Archive

Member "mosshe/mosshe.example" (13 Feb 2019, 11937 Bytes) of package /linux/privat/old/mosshe.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

1 #!/bin/bash 2 3 # set -x 4 5 #========================================================= 6 #========================================================= 7 # our configuration 8 #========================================================= 9 #========================================================= 10 11 # MYNAME=allka.wyae.de 12 MYNAME=$(/bin/hostname) 13 MYDOM=$(/bin/hostname -d) 14 MYGROUP="Server" # Leave unset to lookup via DNS TXT 15 16 WEBURL="https://www.wyae.de/mosshe/notok.html" 17 DATADIR=/usr/local/lib/mosshe 18 WWWDIR=/usr/local/lib/mosshe/www 19 ## WWWDIR=/var/www/mosshe 20 TEMPDIR=/tmp 21 22 NETWAIT=5 # seconds timeout for network service check 23 24 25 #========================================================= 26 # Startup 27 #========================================================= 28 . $DATADIR/functions.mosshe 29 30 MossheSelfCheck root@wyae.de # send alert to - if MoSShE has a problem 31 32 33 #========================================================= 34 # local checks 35 #========================================================= 36 . $DATADIR/functions.localchecks 37 38 HDCheck /dev/sda1 20000 10000 # system disk: 20GB / 10GB - warn / alert (MByte) 39 HDCheckGB /dev/sda1 20 10 # system disk: 20GB / 10GB - warn / alert (GByte) 40 HDfreeGB / 20 10 # root file system: 20GB / 10GB - warn / alert (GByte) 41 HDfreeMB /boot 400 100 # boot file system: 400MB / 100 MB - warn / alert (MByte) 42 43 # http://www.computerworld.com/article/2846009/the-5-smart-stats-that-actually-predict-hard-drive-failure.html 44 # https://www.backblaze.com/blog-smart-stats-2014-8.html 45 HDhardwareSmart /dev/sda "Raw_Read_Error_Rate" 5 5000 46 HDhardwareSmart /dev/sda "Seek_Error_Rate" 1 10 47 HDhardwareSmart /dev/sda "Reallocated_Sector_Ct" 50 500 48 HDhardwareSmart /dev/sda "Offline_Uncorrectable" 1 5 49 50 51 LoadCheck 1 3 # load: warn / alert 52 LoadCheckPercent 100 300 # load: warn / alert 53 MemCheck 30 100 # free mem: warn, min (MByte) 54 #SwapCheck 30 100 # page swaps / second : warn / alert 55 56 ProcessCheck 120 200 # processes: warn / alert 57 ZombieCheck 3 10 # zombies: warn / alert 58 ShellCheck 0 3 # shells: max.root, max.user 59 60 NetworkErrorsCheck eth0 1 5 # percentage of errors on interface 61 NetworkTrafficCheck eth0 50000 80000 # kbit/s average 62 NetworkBandwidth eth0 500 900 # be careful not to exceed 1TB bandwidth 63 NetworkConnections 450 7000 # number of concurrent connections 64 65 66 # check "sensors" output for matching strings on your hardware 67 # (second parameter MUST NOT contain space characters) 68 HardwareSensorBetween "fan1" "CPU Fan description" 100 3000 69 HardwareSensor "temp1" "probably harddrive temperature" 45 60 70 71 72 ApcUpsValueTooHigh LOADPCT 39 80 # pulling too much juice from UPS? 73 ApcUpsValueTooLow BCHARGE 30 90 # battery up to snuff? 74 ApcUpsValueTooLow TIMELEFT 2 5 # enough minutes left to run? 75 ApcUpsStatus STATUS ONLINE # status ok? 76 77 78 # check ClamAV-Daemon which likes to crash 79 FileCheck /var/run/clamav/clamd.ctl 80 ProcCheck /usr/sbin/clamd 81 82 # fieles growing too old or large 83 FileTooOld /var/log/syslog 90 # file older than 90 minutes 84 # FileTooOld /var/log/backup.log 1500 # file older than 90 minutes 85 # 86 FileTooBig /var/log/auth 500 # file bigger than 9.000 KBytes (= 9 MB) 87 FileTooBig /var/log/syslog 9000 # file bigger than 9.000 KBytes (= 9 MB) 88 89 90 # LogEntryCheck HTTPbruteforce ' 401 ' '/var/log/apache/*access.log' 100 200 # make sure we don't get HTTP bruteforced 91 # LogEntryCheck HTTPbruteforce ' 401 ' '/var/log/lighttpd/*access.log' 700 1000 # make sure we don't get HTTP bruteforced 92 LogEntryCheck ImapBruteforce 'authdaemond: pam_unix(imap:auth): authentication failure' /var/log/auth.log 10 50 # we don't like IMAP/Webmail bruteforcing either 93 LogEntryCheck Pop3Bruteforce 'authdaemond: pam_unix(pop3:auth): authentication failure' /var/log/auth.log 10 50 # we don't like IMAP/Webmail bruteforcing either 94 LogEntryCheck VsFtpdBruteforce 'pam_unix(vsftpd:auth): authentication failure' /var/log/auth.log 50 100 # we don't like FTP bruteforcing either 95 96 LogEntryCheck TooManySU 'Successful su for ' /var/log/auth.log 50 100 # too many SU changes 97 LogEntryCheck SuFailed 'FAILED su for' /var/log/auth.log 5 10 # SU should not fail too often 98 99 LogEntryCheck SSHlogin 'Accepted publickey for ' /var/log/auth.log 100 200 # suspiciously many SSH logins 100 LogEntryCheck SSHbruteforce ' Illegal user ' /var/log/auth.log 3 5 # we don't like SSH bruteforcing 101 102 LogEntryCheck OtherBruteforce 'authentication failure' /var/log/auth.log 50 100 # we don't like other (PAM-based) bruteforcing either 103 LogEntryCheck SASLusage 'sasl_username' /var/log/mail.log 400 600 # we don't like SMTP-Auth bruteforcing either 104 105 106 107 # basic IDS functionality: check for changes 108 109 # CheckFileChanges KnownFile OriginalFile 110 CheckFileChanges resolv.conf /etc/resolv.conf 111 CheckFileChanges passwd /etc/passwd 112 CheckFileChanges shadow /etc/shadow 113 CheckFileChanges authorized_keys /root/.ssh/authorized_keys 114 115 # CheckConfigChanges KnownOutputFile "command +parameters" 116 # CheckConfigChanges routing.txt "netstat -nr" 117 # CheckConfigChanges listeners.txt "netstat -tulpen" 118 119 120 #========================================================= 121 # network checks 122 #========================================================= 123 . $DATADIR/functions.netchecks 124 125 MYGROUP="Services" 126 127 PingTime router.wyae.de 3 50 150 # IP, NumberOfPings, max roundtrip ms WARN, ALERT 128 PingLoss router.wyae.de 3 70 99 # IP, NumberOfPings, max% Loss WARN, ALERT 129 PingLoss laka.wyae.de 3 70 99 # IP, NumberOfPings, max% Loss WARN, ALERT 130 # PingPartner europe.wyae.de 2 60 250 # IP, NumberOfPings, max% Loss, max roundtrip ms 131 TCPing www.wyae.de 80 # Server, Port 132 133 HTTPheader http://www.wyae.de/mosshecheck.txt # just the URL - checks return code, works for HTTP and HTTPS 134 135 # HTTPheadermatch 302 http://www.bloodties.de/ # expected RTN code, URL 136 137 138 # URL, expected response - HTTP only 139 # HTTPcontentmatch http://www.bloodties.de/bloodties/news/index.cfm "Copyright © 2008 by www.BloodTies.de" 140 141 # FTPcheck allka.wyae.de # server name 142 143 IMAPcheck allka-local # server name 144 145 SMTPcheck allka.wyae.de # server name 146 147 #SAMBAcheck filesv03 # server name 148 149 150 HTTPheader http://www.mutabe.de/ # just the URL - checks return code, works for HTTP and HTTPS 151 #POP3check europe.wyae.de # server name 152 #SMTPcheck europe.wyae.de # server name 153 154 155 156 ################################################################# 157 MYGROUP="RBL" 158 159 # Mailserver, RBL-Domain 160 RBLcheckIP 88.198.144.125 whois.rfc-ignorant.org 161 162 RBLcheckFQDN allka.wyae.de cbl.abuseat.org 163 RBLcheckFQDN allka.wyae.de virbl.dnsbl.bit.nl 164 RBLcheckFQDN allka.wyae.de dnsbl.inps.de 165 RBLcheckFQDN allka.wyae.de ix.dnsbl.manitu.net 166 RBLcheckFQDN allka.wyae.de no-more-funn.moensted.dk 167 RBLcheckFQDN allka.wyae.de combined.njabl.org 168 RBLcheckFQDN allka.wyae.de dnsbl.njabl.org 169 RBLcheckFQDN allka.wyae.de dnsbl.sorbs.net 170 RBLcheckFQDN allka.wyae.de bl.spamcannibal.org 171 RBLcheckFQDN allka.wyae.de bl.spamcop.net 172 RBLcheckFQDN allka.wyae.de sbl.spamhaus.org 173 RBLcheckFQDN allka.wyae.de xbl.spamhaus.org 174 RBLcheckFQDN allka.wyae.de pbl.spamhaus.org 175 RBLcheckFQDN allka.wyae.de dnsbl-1.uceprotect.net 176 RBLcheckFQDN allka.wyae.de dsn.rfc-ignorant.org 177 RBLcheckFQDN allka.wyae.de postmaster.rfc-ignorant.org 178 RBLcheckFQDN allka.wyae.de bogusmx.rfc-ignorant.org 179 180 181 ################################################################# 182 MYGROUP="DNS" 183 184 185 # DNS-Server, FQDN-to-resolve, Query-type 186 DNSquery allka.wyae.de allka.wyae.de a 187 188 189 # DNS-Server, FQDN-to-resolve, Query-type, result/match 190 DNSmatch allka-local www.wyae.de a 88.198.144.125 191 DNSmatch 8.8.8.8 www.wyae.de a 88.198.144.125 192 193 194 #========================================================= 195 # MySQL checks 196 #========================================================= 197 . $DATADIR/functions.mysql 198 199 MySQLThreads 30 90 200 MySQLQueries 10 50 201 202 203 204 #========================================================= 205 # Mail checks - per last 5 minutes 206 #========================================================= 207 . $DATADIR/functions.postfix 208 . $DATADIR/functions.dovecot 209 210 MailqCheck 10 40 211 212 PostfixOutTLS 10 50 213 PostfixInTLS 10 50 214 PostfixInConnections 10 50 215 PostfixNoqueue 10 50 216 PostfixSent 10 50 217 218 DovecotStored 10 50 219 DovecotSieved 10 50 220 DovecotLoginFailed 10 50 221 222 223 224 #========================================================= 225 # Import agent data from other servers 226 #========================================================= 227 228 #------ pull 229 230 # ImportAgent http://www.test.test/mosshe/index.csv 231 # ImportAgentCurl http://username:password@example.com/mosshe/index.csv 232 # ImportAgentWget http://username:password@example.com/mosshe/index.csv 233 234 235 #------ passive checks 236 237 # sending 238 # cp $WWDIR/index.csv /mnt/nfsmount/mosshe/zeus.example.com.csv # via file system mount 239 # scp $WWDIR/index.csv mosshe@central.example.com:zeus.example.com.csv # via password-free ssh key 240 # ftp-upload --host central.example.com --user mossheusr --password mosshepw --passive --no-ls --dir /incoming --as zeus.example.com.csv $WWDIR/index.csv # via ftp-upload 241 242 243 # reading 244 # MYGROUP="Externals" 245 # ReapPassiveChecks zeus.example.com 10 /home/ftp/zeus.example.com.csv # servername, max.age (minutes), file location 246 # ReapPassiveChecks hera.example.com 10 /home/ssh/hera.example.com.csv # servername, max.age (minutes), file location 247 248 249 #------ Linux VServer checks 250 251 # CheckVserverDown VORLAGE 252 253 # CheckVserverUp NameOfVSERVER 254 # ReapPassiveChecks NameOfVSERVER 10 /var/vserver/NameOfVSERVER/var/www/mosshe/index.csv # servername, max.age (minutes), file location 255 256 257 258 #========================================================= 259 # Finalize and send alert if necessary 260 #========================================================= 261 FinalizeLog # always needed (provide any parameter to rm -f $WWWDIR/*.html) 262 263 SortGroups # optional group-list & per-group-listing 264 265 SortServers # yes, we want e per-server listing (optional) 266 267 # RRD processing of logs - without graphs, just plain data 268 #ProcessRRD 269 270 271 #--------------------------------------------- 272 # send alerts 273 274 # AlertMailOnChange root@wyae.de # send alert to - if status changes 275 276 # AlertMailAlways root@example.test # send alert to - repeated, if status not OK 277 278 # send alert if status changes for the system given (here: www.example.com) 279 # AlertMailOnChangeFor www.example.com admin@example.com "Ticket 123456: server outages" 280 281 SyslogOnChange local0 # syslog changes to syslog with FACILITY (default: local0) 282 283 284 285 #--------------------------------------------- 286 # do logging 287 288 # LogTo /var/log/mosshe/mosshe.log # continuously log to filename 289 # LogToDaily /var/log/mosshe/mosshe_log # continuously log to filename, date is appended automatically 290 # LogToMonthly /var/log/mosshe/mosshe_log # continuously log to filename, month is appended automatically 291 292 LogToWeekly /var/log/mosshe/mosshe_log # continuously log to filename, week is appended automatically 293 294 295 # evaluate single services for availability 296 #SLA_Eval crystal.wyae.de HTTPheadermatch_200 297 298 # graph data 299 # 800 pixel = 800 x 5min = 66.6h = 2d 18.6h 300 # 1 week = 168h @ 5 min = 2016 datapoints 301 PlotDataFiles 2016 302 303 # mosshe_averagegraph 304 # average 12 @ 5min = 1h 305 # every hour @800pixel = 33.25d = 1 month 306 # every hour over 1 week = 12 weeks = 3 months - here doubled = 6 months 307 PlotAvgDataFiles 12 4032 308 309 310 311 312 ############################################################################# 313 # MoSSHe: remote server monitoring environment 314 # 315 # Copyright (C) 2003- Volker Tanger 316 # 317 # This program is free software; you can redistribute it and/or 318 # modify it under the terms of the GNU General Public License 319 # as published by the Free Software Foundation; either version 2 320 # of the License, or (at your option) any later version. 321 # 322 # For bug reports and suggestions or if you just want to talk to me please 323 # contact me at volker.tanger@wyae.de 324 # 325 # Updates will be available at http://www.wyae.de/software/mosshe/ 326 # please check there for updates prior to submitting patches! 327 # 328 # For list of changes please refer to the HISTORY file. Thanks. 329 ############################################################################# 330