From 5d4e4f6e838eaa8489e33b88e95d53495c17f286 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Sat, 6 Jan 2018 06:39:16 +0100 Subject: [PATCH] daily autocommit --- .etckeeper | 3 ++ fail2ban/jail.conf | 2 +- icinga2/zones.d/master/cron.conf | 19 +++++++++ icinga2/zones.d/master/hosts.conf | 1 + icinga2/zones.d/master/mail.conf | 63 ++++++++++++++++++++++++++++ icinga2/zones.d/master/salt.conf | 38 +++++++++++++++++ icinga2/zones.d/master/services.conf | 62 --------------------------- 7 files changed, 125 insertions(+), 63 deletions(-) create mode 100644 icinga2/zones.d/master/cron.conf create mode 100644 icinga2/zones.d/master/mail.conf create mode 100644 icinga2/zones.d/master/salt.conf diff --git a/.etckeeper b/.etckeeper index 67f7df2..a72dd51 100755 --- a/.etckeeper +++ b/.etckeeper @@ -874,7 +874,10 @@ maybe chmod 0644 'icinga2/zones.conf.orig' maybe chmod 0755 'icinga2/zones.d' maybe chmod 0644 'icinga2/zones.d/README' maybe chmod 0755 'icinga2/zones.d/master' +maybe chmod 0644 'icinga2/zones.d/master/cron.conf' maybe chmod 0644 'icinga2/zones.d/master/hosts.conf' +maybe chmod 0644 'icinga2/zones.d/master/mail.conf' +maybe chmod 0644 'icinga2/zones.d/master/salt.conf' maybe chmod 0644 'icinga2/zones.d/master/services.conf' maybe chmod 0755 'init' maybe chmod 0755 'init.d' diff --git a/fail2ban/jail.conf b/fail2ban/jail.conf index 235d832..e2b0743 100644 --- a/fail2ban/jail.conf +++ b/fail2ban/jail.conf @@ -47,7 +47,7 @@ before = paths-debian.conf # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space (and/or comma) separator. -ignoreip = 127.0.0.1/8 +ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 185.48.118.128 162.254.24.33 185.102.95.107 185.48.118.130 # External command that will take an tagged arguments to ignore, e.g. , # and return true if the IP is to be ignored. False otherwise. diff --git a/icinga2/zones.d/master/cron.conf b/icinga2/zones.d/master/cron.conf new file mode 100644 index 0000000..0f7b459 --- /dev/null +++ b/icinga2/zones.d/master/cron.conf @@ -0,0 +1,19 @@ +apply Service "proc cron" { + import "generic-service" + + if ( host.vars.client_endpoint ) { + // specify where the check is executed + command_endpoint = host.vars.client_endpoint + } + + check_command = "procs" + vars.procs_argument = "/usr/sbin/cron" + vars.procs_ppid = 1 + vars.procs_warning = "1:1" + vars.procs_critical = "1:2" + vars.procs_user = "root" + + assign where host.address + +} + diff --git a/icinga2/zones.d/master/hosts.conf b/icinga2/zones.d/master/hosts.conf index f552d8d..db80665 100644 --- a/icinga2/zones.d/master/hosts.conf +++ b/icinga2/zones.d/master/hosts.conf @@ -59,6 +59,7 @@ object Host "ns3.uhu-banane.de" { vars.mailq_warning = 3 vars.mailq_critical = 10 + vars.is_salt_master = true /* Define http vhost attributes for service apply rules in `services.conf`. */ vars.http_vhosts["http"] = { diff --git a/icinga2/zones.d/master/mail.conf b/icinga2/zones.d/master/mail.conf new file mode 100644 index 0000000..b0a4a3d --- /dev/null +++ b/icinga2/zones.d/master/mail.conf @@ -0,0 +1,63 @@ + +apply Service "mailq" { + import "generic-service" + + check_command = "mailq" + + if ( host.vars.client_endpoint ) { + // specify where the check is executed + command_endpoint = host.vars.client_endpoint + } + + vars.mailq_warning = 100 + vars.mailq_critical = 300 + + assign where host.vars.is_mta && ! host.vars.is_mail_sattelite +} + +apply Service "mailq" { + import "generic-service" + + check_command = "mailq" + + if ( host.vars.client_endpoint ) { + // specify where the check is executed + command_endpoint = host.vars.client_endpoint + } + + vars.mailq_warning = 3 + vars.mailq_critical = 10 + + assign where host.vars.is_mail_sattelite +} + +apply Service "proc postfix" { + import "generic-service" + + if ( host.vars.client_endpoint ) { + // specify where the check is executed + command_endpoint = host.vars.client_endpoint + } + + check_command = "procs" + vars.procs_argument = "/usr/lib/postfix/sbin/master" + vars.procs_ppid = 1 + vars.procs_warning = "1:1" + vars.procs_critical = "1:2" + vars.procs_user = "root" + + assign where host.vars.is_mta || host.vars.is_mail_sattelite +} + +apply Service "smtp" { + import "generic-service" + check_command = "smtp" + assign where host.vars.is_mta && ! host.vars.is_mail_sattelite +} + +apply Service "imap" { + import "generic-service" + check_command = "imap" + assign where host.vars.is_imap_server +} + diff --git a/icinga2/zones.d/master/salt.conf b/icinga2/zones.d/master/salt.conf new file mode 100644 index 0000000..9695c1b --- /dev/null +++ b/icinga2/zones.d/master/salt.conf @@ -0,0 +1,38 @@ + +apply Service "proc salt-minion" { + import "generic-service" + + if ( host.vars.client_endpoint ) { + // specify where the check is executed + command_endpoint = host.vars.client_endpoint + } + + check_command = "procs" + vars.procs_argument = "/usr/bin/salt-minion" + vars.procs_ppid = 1 + vars.procs_warning = "1:1" + vars.procs_critical = "1:2" + vars.procs_user = "root" + + assign where host.address + +} + +apply Service "proc salt-master" { + import "generic-service" + + if ( host.vars.client_endpoint ) { + // specify where the check is executed + command_endpoint = host.vars.client_endpoint + } + + check_command = "procs" + vars.procs_argument = "/usr/bin/salt-master" + vars.procs_ppid = 1 + vars.procs_warning = "1:1" + vars.procs_critical = "1:2" + vars.procs_user = "root" + + assign where host.vars.is_salt_master +} + diff --git a/icinga2/zones.d/master/services.conf b/icinga2/zones.d/master/services.conf index 636e5ff..07d4bcd 100644 --- a/icinga2/zones.d/master/services.conf +++ b/icinga2/zones.d/master/services.conf @@ -79,65 +79,3 @@ apply Service "users" { assign where host.vars.client_endpoint } -apply Service "mailq" { - import "generic-service" - - check_command = "mailq" - - if ( host.vars.client_endpoint ) { - // specify where the check is executed - command_endpoint = host.vars.client_endpoint - } - - vars.mailq_warning = 100 - vars.mailq_critical = 300 - - assign where host.vars.is_mta && ! host.vars.is_mail_sattelite -} - -apply Service "mailq" { - import "generic-service" - - check_command = "mailq" - - if ( host.vars.client_endpoint ) { - // specify where the check is executed - command_endpoint = host.vars.client_endpoint - } - - vars.mailq_warning = 3 - vars.mailq_critical = 10 - - assign where host.vars.is_mail_sattelite -} - -apply Service "proc postfix" { - import "generic-service" - - if ( host.vars.client_endpoint ) { - // specify where the check is executed - command_endpoint = host.vars.client_endpoint - } - - check_command = "procs" - vars.procs_argument = "/usr/lib/postfix/sbin/master" - vars.procs_ppid = 1 - vars.procs_warning = "1:1" - vars.procs_critical = "1:2" - vars.procs_user = "root" - - assign where host.vars.is_mta || host.vars.is_mail_sattelite -} - -apply Service "smtp" { - import "generic-service" - check_command = "smtp" - assign where host.vars.is_mta && ! host.vars.is_mail_sattelite -} - -apply Service "imap" { - import "generic-service" - check_command = "imap" - assign where host.vars.is_imap_server -} - -- 2.39.5