}
-apply Dependency "satellite-host" to Host {
- parent_host_name = host.zone
-
- assign where host.zone != "" && "satellite-host" in host.templates
-}
+#apply Dependency "satellite-host" to Host {
+# parent_host_name = host.zone
+#
+# assign where host.zone != "" && "satellite-host" in host.templates
+#}
endpoints = [ "ns1.uhu-banane.de" ]
}
+object Endpoint "ns2.uhu-banane.de" {
+ host = "ns2.uhu-banane.de"
+ port = "5665"
+}
+
object Endpoint "ns3.uhu-banane.de" {
host = "ns3.uhu-banane.de"
port = "5665"
port = "5665"
}
+object Zone "ns2.uhu-banane.de" {
+ endpoints = [ "ns2.uhu-banane.de" ]
+ parent = "master"
+}
+
object Zone "ns3.uhu-banane.de" {
endpoints = [ "ns3.uhu-banane.de" ]
parent = "master"
+object Host "ns2.uhu-banane.de" {
+ check_command = "hostalive" //check is executed on the master
+ address = "162.254.24.33"
+
+ vars.os = "Linux"
+ vars.os_family = "Debian"
+ # All about DNS server
+ vars.is_ns = true
+ vars.check_dns_domain = "uhu-banane.de"
+
+ /* Define http vhost attributes for service apply rules in `services.conf`. */
+ vars.http_vhosts["http"] = {
+ http_uri = "/"
+ }
+
+ vars.ping_wrta = 200
+ vars.ping_crta = 300
+
+ /* Define disks and attributes for service apply rules in `services.conf`. */
+ vars.disks["disk"] = {
+ /* No parameters. */
+ }
+ vars.disks["disk /"] = {
+ disk_partitions = "/"
+ }
+ vars.disks["disk /home"] = {
+ disk_partitions = "/home"
+ }
+ vars.disks["disk /tmp"] = {
+ disk_partitions = "/tmp"
+ }
+ vars.disks["disk /var"] = {
+ disk_partitions = "/var"
+ }
+
+ /* Define notification mail attributes for notification apply rules in `notifications.conf`. */
+ vars.notification["mail"] = {
+ /* The UserGroup `icingaadmins` is defined in `users.conf`. */
+ groups = [ "icingaadmins" ]
+ }
+ vars.client_endpoint = name //follows the convention that host name == endpoint name
+}
+
object Host "ns3.uhu-banane.de" {
check_command = "hostalive" //check is executed on the master
address = "185.102.95.107"
vars.client_endpoint = name //follows the convention that host name == endpoint name
}
+object Host "sarah.uhu-banane.de" {
+ check_command = "hostalive" //check is executed on the master
+ address = "185.48.118.130"
+
+ vars.os = "Linux"
+ vars.os_family = "Debian"
+ # All about DNS server
+ vars.is_ns = false
+
+ vars.is_mta = true
+
+ vars.mailq_warning = 100
+ vars.mailq_critical = 300
+
+ vars.smtp_address = "mail.uhu-banane.net"
+ vars.smtp_port = 25
+ vars.smtp_helo_fqdn = "icinga2.uhu-banane.de"
+ vars.smtp_starttls = true
+
+ vars.is_imap_server = true
+
+ vars.imap_address = "mail.uhu-banane.net"
+ vars.imap_port = 993
+ vars.imap_ssl = true
+ vars.imap_ipv4 = true
+
+ /* Define http vhost attributes for service apply rules in `services.conf`. */
+ vars.http_vhosts["http"] = {
+ http_uri = "/"
+ }
+
+ /* Define disks and attributes for service apply rules in `services.conf`. */
+ vars.disks["disk"] = {
+ /* No parameters. */
+ }
+ vars.disks["disk /"] = {
+ disk_partitions = "/"
+ }
+ vars.disks["disk /home"] = {
+ disk_partitions = "/home"
+ }
+ vars.disks["disk /tmp"] = {
+ disk_partitions = "/tmp"
+ }
+ vars.disks["disk /var"] = {
+ disk_partitions = "/var"
+ }
+
+ vars.disks["disk /opt"] = {
+ disk_partitions = "/opt"
+ }
+
+ vars.disks["disk /var/backup"] = {
+ disk_partitions = "/var/backup"
+ }
+
+ /* Define notification mail attributes for notification apply rules in `notifications.conf`. */
+ vars.notification["mail"] = {
+ /* The UserGroup `icingaadmins` is defined in `users.conf`. */
+ groups = [ "icingaadmins" ]
+ }
+ vars.client_endpoint = name //follows the convention that host name == endpoint name
+}
+
assign where host.vars.client_endpoint
}
+apply Service "mailq" {
+ import "generic-service"
+
+ check_command = "mailq"
+
+ //specify where the check is executed
+ command_endpoint = host.vars.client_endpoint
+
+ assign where host.vars.client_endpoint && host.vars.is_mta
+}
+
+apply Service "smtp" {
+ import "generic-service"
+ check_command = "smtp"
+ assign where host.vars.is_mta
+}
+
+apply Service "imap" {
+ import "generic-service"
+ check_command = "imap"
+ assign where host.vars.is_imap_server
+}
+
-# Generated by iptables-save v1.6.0 on Thu Jul 20 10:19:41 2017
+# Generated by iptables-save v1.6.0 on Fri Oct 13 16:05:18 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [71:11710]
+:OUTPUT ACCEPT [124:37795]
:f2b-apache - [0:0]
+:f2b-apache-modsecurity - [0:0]
+:f2b-apache-nohome - [0:0]
+:f2b-apache-noscript - [0:0]
+:f2b-apache-overflows - [0:0]
+:f2b-postfix - [0:0]
+:f2b-ssh - [0:0]
+:f2b-sshd - [0:0]
+:icinga2 - [0:0]
:rejects - [0:0]
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
+-A INPUT -p tcp -m multiport --dports 25,465,587 -j f2b-postfix
+-A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-sshd
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-nohome
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-overflows
+-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache-noscript
-A INPUT -p tcp -m multiport --dports 80,443 -j f2b-apache
-A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5665 -j icinga2
-A INPUT -j rejects
-A INPUT -p tcp -m multiport --dports 445 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-port-unreachable
+-A f2b-apache -j RETURN
+-A f2b-apache-modsecurity -j RETURN
+-A f2b-apache-nohome -j RETURN
+-A f2b-apache-noscript -j RETURN
+-A f2b-apache-overflows -j RETURN
+-A f2b-postfix -j RETURN
+-A f2b-ssh -s 58.242.83.8/32 -j REJECT --reject-with icmp-port-unreachable
+-A f2b-ssh -j RETURN
+-A f2b-sshd -j RETURN
+-A icinga2 -s 185.102.95.107/32 -j ACCEPT
+-A icinga2 -s 162.254.24.33/32 -j ACCEPT
+-A icinga2 -s 185.48.118.128/32 -j ACCEPT
+-A icinga2 -s 185.48.118.130/32 -j ACCEPT
+-A icinga2 -j REJECT --reject-with icmp-port-unreachable
-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable
-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable
COMMIT
-# Completed on Thu Jul 20 10:19:41 2017
+# Completed on Fri Oct 13 16:05:18 2017
-# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:19:41 2017
+# Generated by ip6tables-save v1.6.0 on Fri Oct 13 16:05:18 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [49648:18025916]
+:OUTPUT ACCEPT [114899:30256543]
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A FORWARD -j NFLOG --nflog-prefix "IPv6 FORWARD Reject " --nflog-threshold 1
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
COMMIT
-# Completed on Thu Jul 20 10:19:41 2017
+# Completed on Fri Oct 13 16:05:18 2017
projects / config / ns1 / etc.git / commitdiff