News | About | Get Frugalware | Packages | Documentation | Discussion Forums | Bug Tracker | Wiki | Community | Development

Monit

From FrugalWiki

Jump to: navigation, search

Example /etc/monitrc file

# Base system
check process sshd with pidfile "/var/run/sshd.pid"
        group ssh
        start = "/sbin/service sshd start"
        stop = "/sbin/service sshd stop"
        if failed port 22 and protocol ssh then restart
        depends on sshd_rc
        depends on sshd_bin

check file sshd_config with path "/etc/ssh/sshd_config"
        group ssh
        if changed checksum then alert

check directory ssh_config.d with path "/etc/ssh"
        group ssh
        if changed timestamp then alert

check file sshd_rc with path "/etc/rc.d/rc.sshd"
        group ssh
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file sshd_bin with path "/usr/sbin/sshd"
        group ssh
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check directory sbin with path "/sbin"
        if changed timestamp then alert

check directory usr-sbin with path "/usr/sbin"
        if changed timestamp then alert

check directory bin with path "/bin"
        if changed timestamp then alert

check directory usr-bin with path "/usr/bin"
        if changed timestamp then alert

check device disk1 with path /dev/md0
        start = "/bin/mount /dev/md0"
#       stop = "/bin/umount /dev/md0"
        if space usage > 90% then alert
#       if space usage > 99% then stop
        if inode usage > 90% then alert
#       if inode usage > 99% then stop

#check file monitrc with path "/etc/monit/monitrc"
#       if failed checksum then exec "/usr/sbin/monit reload"

# HTTP
check process httpd with pidfile "/var/run/httpd.pid"
        group web
        start = "/etc/rc.d/rc.httpd start"
        stop = "/etc/rc.d/rc.httpd stop"
        if failed port 80 and protocol http and request "/index.html" then restart
        if cpu usage > 60% for 5 cycles then alert
        if cpu usage > 98% for 10 cycles then restart
        if 2 restarts within 3 cycles then timeout
        depends on httpd_rc
        depends on httpd_bin

check file httpd.conf with path "/etc/httpd/conf/httpd.conf"
        group web
        if changed checksum then exec "/usr/sbin/apachectl graceful"

check directory httpd.conf.d with path "/etc/httpd/conf/modules.d"
        group web
        if changed timestamp then exec "/usr/sbin/apachectl graceful"

check file httpd_rc with path "/etc/rc.d/rc.httpd"
        group web
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file httpd_bin with path "/usr/sbin/httpd"
        group web
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file httpd-ssl.conf with path "/etc/httpd/conf/ssl.conf"
        group web
        if changed checksum then alert

# MySQL
check process mysqld with pidfile "/var/lib/mysql/secure.pid"
        group sql
        start program = "/etc/rc.d/rc.mysqld start"
        stop program = "/etc/rc.d/rc.mysqld stop"
        if cpu usage is greater than 60 percent for 2 cycles then alert
        if cpu usage > 98% for 5 cycles then restart
        if 2 restarts within 3 cycles then timeout
        if failed unixsocket /tmp/mysql.sock then restart
        if 5 restarts within 5 cycles then timeout
        depends on mysql_bin
        depends on mysql_rc

check file mysql_bin with path "/usr/sbin/mysqld"
        group sql
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file mysql_rc with path "/etc/rc.d/rc.mysqld"
        group sql
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file mysql.conf with path "/etc/my.cnf"
        group sql
        if changed checksum then alert

# Clamav
check process clamd with pidfile /var/run/clamav/clamd.pid
        group clamav
        start program = "/etc/rc.d/rc.clamav start"
        stop  program = "/etc/rc.d/rc.clamav stop"
        if failed unixsocket /tmp/clamd then restart
        if 5 restarts within 5 cycles then timeout
        depends on clamd_bin
        depends on clamav_rc

check process freshclam with pidfile "/var/run/clamav/freshclam.pid"
        group clamav
        start program = "/etc/rc.d/rc.clamav start"
        stop  program = "/etc/rc.d/rc.clamav stop"
        if 5 restarts within 5 cycles then timeout
        depends on freshclam_bin
        depends on clamav_rc

check file clamd_bin with path /usr/sbin/clamd
        group clamav
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file clamav_rc with path /etc/rc.d/rc.clamav
        group clamav
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file freshclam_bin with path /usr/bin/freshclam
        group clamav
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file clamd.conf with path "/etc/clamd.conf"
        group clamav
        if changed checksum then alert

check file freshclam.conf with path "/etc/freshclam.conf"
        group clamav
        if changed checksum then alert

# OpenNTPD
check process openntpd with pidfile "/var/run/ntpd.pid"
        group ntp
        start = "/sbin/service ntpd start"
        stop = "/sbin/service ntpd stop"
        if failed host 127.0.0.1 port 123 type udp then alert
        if 5 restarts within 5 cycles then timeout
        depends on openntpd_bin
        depends on openntpd_rc

check file openntpd_bin with path "/usr/sbin/ntpd"
        group ntp
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file openntpd_rc with path "/etc/rc.d/rc.ntpd"
        group ntp
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file openntpd.conf with path "/etc/ntpd.conf"
        group ntp
        if changed checksum then alert

# Syslog
check process syslogd with pidfile "/var/run/syslogd.pid"
        group syslog
        start program = "/etc/rc.d/rc.syslog start"
        stop program = "/etc/rc.d/rc.syslog stop"
        if 5 restarts within 5 cycles then timeout
        depends on syslogd_rc
        depends on syslogd_bin

check file syslogd_rc with path "/etc/rc.d/rc.syslog"
        group syslog
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file syslogd_bin with path "/usr/sbin/syslogd"
        group syslog
        if failed checksum then unmonitor
        if failed permission 500 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

# Cron
check process crond with pidfile /var/run/crond.pid
        group cron
        start program = "/etc/rc.d/rc.crond start"
        stop  program = "/etc/rc.d/rc.crond stop"
        if 5 restarts within 5 cycles then timeout
        depends on crond_rc
        depends on crond_bin

check file crond_rc with path /etc/rc.d/rc.crond
        group cron
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file crond_bin with path "/usr/sbin/crond"
        group cron
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid wheel then unmonitor

# Bind
check process bind with pidfile /var/run/named.pid
        group bind
        start program = "/etc/rc.d/rc.bind start"
        stop  program = "/etc/rc.d/rc.bind stop"
        if 5 restarts within 5 cycles then timeout
        depends on bind_rc
        depends on bind_bin

check file bind_rc with path /etc/rc.d/rc.bind
        group bind
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file bind_bin with path "/usr/sbin/named"
        group bind
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file bind.conf with path "/etc/named.conf"
        group bind
        if changed checksum then alert

# Munin
check process munin with pidfile "/var/run/munin/munin-node.pid"
        group munin
        start = "/etc/rc.d/rc.munin-node start"
        stop = "/etc/rc.d/rc.munin-node stop"
        if failed port 4949 then restart
        depends on munin_rc
        depends on munin_bin

check file munin-node.conf with path "/etc/munin/munin-node.conf"
        group munin
        if changed checksum then alert

check file munin.conf with path "/etc/munin/munin.conf"
        group munin
        if changed checksum then alert

check directory munin-plugin-conf.d with path "/etc/munin/plugin-conf.d"
        group munin
        if changed timestamp then alert

check directory munin-plugins with path "/etc/munin/plugins"
        group munin
        if changed timestamp then alert

check file munin_rc with path "/etc/rc.d/rc.munin-node"
        group munin
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file munin_bin with path "/usr/sbin/munin-node"
        group munin
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

# SMTP
check process postfix with pidfile "/var/spool/postfix/pid/master.pid"
        group mail
        start program = "/etc/rc.d/rc.postfix start"
        stop  program = "/etc/rc.d/rc.postfix stop"
        if cpu usage > 98% for 5 cycles then restart
        if 2 restarts within 3 cycles then timeout
        if failed port 25 protocol smtp then restart
        if 5 restarts within 5 cycles then timeout
        depends on mysqld
        depends on postgrey
        depends on amavis
        depends on postfix_rc
        depends on postfix_bin

check file postfix_bin with path "/usr/sbin/postfix"
        group mail
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file postfix_rc with path "/etc/rc.d/rc.postfix"
        group mail
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check directory postfix.conf with path "/etc/postfix"
        group mail
        if changed timestamp then alert

# Pure-FTPD
check process pure-ftpd with pidfile "/var/run/pure-ftpd.pid"
        group ftp
        start program = "/etc/rc.d/rc.pure-ftpd start"
        stop program  = "/etc/rc.d/rc.pure-ftpd stop"
        if failed port 21 protocol ftp then restart
        if 5 restarts within 5 cycles then timeout
        depends on mysqld
        depends on pure-ftpd_bin
        depends on pure-ftpd_rc

check file pure-ftpd_bin with path "/usr/sbin/pure-ftpd"
        group ftp
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file pure-ftpd_rc with path "/etc/rc.d/rc.pure-ftpd"
        group ftp
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file pure-ftpd.conf with path "/etc/pure-ftpd.conf"
        group ftp
        if changed checksum then alert

check file pureftpd-mysql.conf with path "/etc/pureftpd-mysql.conf"
        group ftp
        if changed checksum then alert

# amavisd-new
check process amavis with pidfile "/var/run/amavisd.pid"
        group amavis
        start program = "/etc/rc.d/rc.amavisd-new start"
        stop  program = "/etc/rc.d/rc.amavisd-new stop"
        if failed port 10024 protocol smtp then restart
#       if 5 restarts within 5 cycles then timeout
        depends on amavis_rc
        depends on amavis_bin
        depends on clamd

check file amavis_bin with path "/usr/sbin/amavisd"
        group amavis
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file amavis_rc with path "/etc/rc.d/rc.amavisd-new"
        group amavis
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check directory amavis.conf with path "/etc/amavis"
        group amavis
        if changed timestamp then alert

# DenyHosts
check process denyhosts with pidfile /var/run/denyhosts.pid
        group denyhosts
        start program = "/etc/rc.d/rc.denyhosts start"
        stop  program = "/etc/rc.d/rc.denyhosts stop"
        depends on denyhosts_rc
        depends on denyhosts_bin

check file denyhosts_rc with path /etc/rc.d/rc.denyhosts
        group denyhosts
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file denyhosts_bin with path "/usr/bin/denyhosts.py"
        group denyhosts
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file denyhosts.conf with path "/etc/denyhosts.cfg"
        group denyhosts
        if changed checksum then alert

# Courier
# Courier-authlib
check process courier-authlib with pidfile /var/run/courier/pid
        group courier
        start program = "/etc/rc.d/rc.courier-authlib start"
        stop  program = "/etc/rc.d/rc.courier-authlib stop"
        depends on mysqld
        depends on courier-authlib_rc
        depends on courier-authlib_bin

check file courier-authlib_rc with path /etc/rc.d/rc.courier-authlib
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-authlib_bin with path "/usr/libexec/courier-authlib/authdaemond"
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-authdaemon.conf with path "/etc/courier/authdaemonrc"
        group courier
        if changed checksum then alert

check file courier-authmysql.conf with path "/etc/courier/authmysqlrc"
        group courier
        if changed checksum then alert

# Courier-imapd
check process courier-imapd with pidfile /var/run/courier/imapd.pid
        group courier
        start program = "/etc/rc.d/rc.courier-imapd start"
        stop  program = "/etc/rc.d/rc.courier-imapd stop"
        depends on courier-imapd_rc
        depends on courier-imapd_bin
        depends on courier-authlib

check file courier-imapd_rc with path /etc/rc.d/rc.courier-imapd
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-imapd_bin with path "/usr/bin/imapd"
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-imapd.conf with path "/etc/courier/imapd"
        group courier
        if changed checksum then alert

# Courier-imapd-ssl
check process courier-imapd-ssl with pidfile /var/run/courier/imapd-ssl.pid
        group courier
        start program = "/etc/rc.d/rc.courier-imapd-ssl start"
        stop  program = "/etc/rc.d/rc.courier-imapd-ssl stop"
        depends on courier-imapd-ssl_rc
        depends on courier-imapd_bin
        depends on courier-authlib

check file courier-imapd-ssl_rc with path /etc/rc.d/rc.courier-imapd-ssl
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-imapd-ssl.conf with path "/etc/courier/imapd-ssl"
        group courier
        if changed checksum then alert

# Courier-pop3d
check process courier-pop3d with pidfile /var/run/courier/pop3d.pid
        group courier
        start program = "/etc/rc.d/rc.courier-pop3d start"
        stop  program = "/etc/rc.d/rc.courier-pop3d stop"
        depends on courier-pop3d_rc
        depends on courier-pop3d_bin
        depends on courier-authlib

check file courier-pop3d_rc with path /etc/rc.d/rc.courier-pop3d
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-pop3d_bin with path "/usr/bin/pop3d"
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-pop3d.conf with path "/etc/courier/pop3d"
        group courier
        if changed checksum then alert

# Courier-pop3d-ssl
check process courier-pop3d-ssl with pidfile /var/run/courier/pop3d-ssl.pid
        group courier
        start program = "/etc/rc.d/rc.courier-pop3d-ssl start"
        stop  program = "/etc/rc.d/rc.courier-pop3d-ssl stop"
        depends on courier-pop3d-ssl_rc
        depends on courier-pop3d_bin
        depends on courier-authlib

check file courier-pop3d-ssl_rc with path /etc/rc.d/rc.courier-pop3d-ssl
        group courier
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file courier-pop3d-ssl.conf with path "/etc/courier/pop3d-ssl"
        group courier
        if changed checksum then alert

# Postgrey
check process postgrey with pidfile /var/run/postgrey.pid
        group postgrey
        start program = "/etc/rc.d/rc.postgrey start"
        stop  program = "/etc/rc.d/rc.postgrey stop"
        depends on postgrey_rc
        depends on postgrey_bin

check file postgrey_rc with path /etc/rc.d/rc.postgrey
        group postgrey
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor

check file postgrey_bin with path "/usr/sbin/postgrey"
        group postgrey
        if failed checksum then unmonitor
        if failed permission 755 then unmonitor
        if failed uid root then unmonitor
        if failed gid root then unmonitor
Personal tools
Namespaces
Variants
Actions