From 8f3823d3770b469d5ae62f434863a83eed4c2ac6 Mon Sep 17 00:00:00 2001 From: "Dr. Yves Kreis" Date: Thu, 7 Sep 2023 00:53:01 +0300 Subject: [PATCH 1/2] monit --- lib/os/class.ISPConfigDebianOS.inc.php | 311 ++++++++++++++----------- 1 file changed, 169 insertions(+), 142 deletions(-) diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php index 309971d..2210020 100644 --- a/lib/os/class.ISPConfigDebianOS.inc.php +++ b/lib/os/class.ISPConfigDebianOS.inc.php @@ -5,6 +5,8 @@ * @author croydon */ class ISPConfigDebianOS extends ISPConfigBaseOS { + protected $sshPort = '22'; + public function getPackageVersion($package) { $cmd = 'dpkg --list ' . $package . ' 2>&1'; $result = $this->exec($cmd); @@ -492,10 +494,8 @@ Alias /phpmyadmin /usr/share/phpmyadmin ISPConfigLog::info('Configuring Monit.', true); // Set up main config - $replacements = array( - 'set daemon 120' => 'set daemon 60' - ); - $this->replaceContents('/etc/monit/monitrc', $replacements, true); + $conf='set daemon 60'; + file_put_contents('/etc/monit/conf.d/config', $conf); // Set up config files for each service that shall be monitored $servicesInstalled = array( @@ -539,11 +539,10 @@ Alias /phpmyadmin /usr/share/phpmyadmin } if (ISPConfig::shallInstall('mail')) { - array_push($servicesInstalled, "postfix", "dovecot", "rspamd"); - } - - if(!ISPConfig::wantsAmavis()) { - array_push($servicesInstalled, "redis-server"); + array_push($servicesInstalled, "postfix", "dovecot"); + if(!ISPConfig::wantsAmavis()) { + array_push($servicesInstalled, "rspamd", "redis-server"); + } } $services = array_unique($servicesInstalled); @@ -557,18 +556,13 @@ Alias /phpmyadmin /usr/share/phpmyadmin $conf='check process apache with pidfile /var/run/apache2/apache2.pid group apache start program = "/usr/bin/systemctl start apache2" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop apache2" + stop program = "/usr/bin/systemctl stop apache2" if failed port 80 protocol http then restart if failed port 443 then restart if 5 restarts within 5 cycles then timeout depend apache_bin - depend apache_rc - + check file apache_bin with path /usr/sbin/apache2 - group apache - include /etc/monit/templates/rootbin - -check file apache_rc with path /etc/init.d/apache2 group apache include /etc/monit/templates/rootbin'; } @@ -577,68 +571,51 @@ check file apache_rc with path /etc/init.d/apache2 $conf='check process nginx with pidfile /var/run/nginx.pid group nginx start program = "/usr/bin/systemctl start nginx" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop nginx" + stop program = "/usr/bin/systemctl stop nginx" if failed port 80 protocol http then restart if failed port 443 then restart if 5 restarts within 5 cycles then timeout depend nginx_bin - depend nginx_rc check file nginx_bin with path /usr/sbin/nginx - group nginx - include /etc/monit/templates/rootbin - -check file nginx_rc with path /etc/init.d/nginx group nginx include /etc/monit/templates/rootbin'; } - + if ($service == 'mariadb') { if (file_exists('/etc/init.d/mariadb') && file_exists('/usr/sbin/mariadbd')) { $conf='check process mariadb with pidfile /var/run/mysqld/mysqld.pid - group mysql + group mariadb start program = "/usr/bin/systemctl start mariadb" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop mariadb" + stop program = "/usr/bin/systemctl stop mariadb" if failed host 127.0.0.1 port 3306 protocol mysql then restart if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart if 5 restarts within 5 cycles then timeout - - depend mysql_bin - depend mysql_rc - -check file mysql_bin with path /usr/sbin/mariadbd - group mysql - include /etc/monit/templates/rootbin - -check file mysql_rc with path /etc/init.d/mariadb - group mysql + depend mariadb_bin + +check file mariadb_bin with path /usr/sbin/mariadbd + group mariadb include /etc/monit/templates/rootbin'; } elseif (file_exists('/etc/init.d/mysql') && file_exists('/usr/sbin/mysqld')) { $conf='check process mariadb with pidfile /var/run/mysqld/mysqld.pid group mysql start program = "/usr/bin/systemctl start mariadb" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop mariadb" + stop program = "/usr/bin/systemctl stop mariadb" if failed host 127.0.0.1 port 3306 protocol mysql then restart - if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 2 cycles then restart + if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart if 5 restarts within 5 cycles then timeout - depend mysql_bin - depend mysql_rc - + check file mysql_bin with path /usr/sbin/mysqld - group mysql - include /etc/monit/templates/rootbin - -check file mysql_rc with path /etc/init.d/mysql group mysql include /etc/monit/templates/rootbin'; } else { $conf='check process mariadb with pidfile /var/run/mysqld/mysqld.pid - group mysql + group mariadb start program = "/usr/bin/systemctl start mariadb" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop mariadb" + stop program = "/usr/bin/systemctl stop mariadb" if failed host 127.0.0.1 port 3306 protocol mysql then restart - if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 2 cycles then restart + if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart if 5 restarts within 5 cycles then timeout'; } } @@ -648,66 +625,81 @@ check file mysql_rc with path /etc/init.d/mysql if ($service == $phpfpm) { $conf='check process ' . $phpfpm . ' with pidfile /var/run/php/' . $phpfpm . '.pid group php-fpm - start program = "/usr/bin/systemctl start ' . $phpfpm .'" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop ' . $phpfpm . '" + start program = "/usr/bin/systemctl start ' . $phpfpm . '" with timeout 60 seconds + stop program = "/usr/bin/systemctl stop ' . $phpfpm . '" if failed unixsocket /var/run/php/' . $phpfpm . '.sock then restart - if 5 restarts within 5 cycles then timeout'; + if 5 restarts within 5 cycles then timeout + depend ' . $phpfpm . '_bin + +check file ' . $phpfpm . '_bin with path /usr/sbin/php-fpm' . $curver . ' + group php-fpm + include /etc/monit/templates/rootbin'; } } if ($service == 'memcached') { $conf='check process memcached with pidfile /var/run/memcached/memcached.pid group memcached - start program = "/usr/bin/systemctl start memcached" - stop program = "/usr/bin/systemctl stop memcached" + start program = "/usr/bin/systemctl start memcached" with timeout 60 seconds + stop program = "/usr/bin/systemctl stop memcached" if failed host 127.0.0.1 port 11211 protocol memcache then restart if 5 restarts within 5 cycles then timeout - depend memcache_bin - depend memcache_rc - + check file memcache_bin with path /usr/bin/memcached - group memcached - include /etc/monit/templates/rootbin - -check file memcache_rc with path /etc/init.d/memcached group memcached include /etc/monit/templates/rootbin'; } - + if ($service == 'pure-ftpd-mysql') { $conf='check process pure-ftpd-mysql with pidfile /var/run/pure-ftpd/pure-ftpd.pid + group pure-ftpd start program = "/usr/bin/systemctl start pure-ftpd-mysql" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop pure-ftpd-mysql" + stop program = "/usr/bin/systemctl stop pure-ftpd-mysql" if failed port 21 protocol ftp then restart - if 5 restarts within 5 cycles then timeout'; + if 5 restarts within 5 cycles then timeout + depend pure-ftpd_bin + +check file pure-ftpd_bin with path /usr/sbin/pure-ftpd-mysql + group pure-ftpd + include /etc/monit/templates/rootbin'; } if ($service == 'fail2ban') { $conf='check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid + group fail2ban start program = "/usr/bin/systemctl start fail2ban" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop fail2ban" - if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart - if 5 restarts within 5 cycles then timeout + stop program = "/usr/bin/systemctl stop fail2ban" + if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart + if 5 restarts within 5 cycles then timeout check file fail2ban_log with path /var/log/fail2ban.log + group fail2ban if match "ERROR|WARNING" then alert'; } - if ($service == 'sshd') { $conf='check process sshd with pidfile /var/run/sshd.pid group sshd - start program = "/etc/init.d/ssh start" - stop program = "/etc/init.d/ssh stop" - if failed host localhost port 22 with proto ssh then restart + start program = "/usr/bin/systemctl start ssh" with timeout 60 seconds + stop program = "/usr/bin/systemctl stop ssh" + if failed host localhost port ' . $this->sshPort . ' with proto ssh then restart if 5 restarts with 5 cycles then timeout depend on sshd_bin depend on sftp_bin - depend on sshd_rc - depend on sshd_rsa_key - depend on sshd_dsa_key - +'; + if (!ISPConfig::wantsSecureShellHardened()) { + $conf.=' depend on sshd_rsa_key +'; + if (file_exists('/etc/ssh/ssh_host_dsa_key')) { + $conf.=' depend on sshd_dsa_key +'; + } + $conf.=' depend on sshd_ecdsa_key +'; + } + $conf.=' depend on sshd_ed25519_key + check file sshd_bin with path /usr/sbin/sshd group sshd include /etc/monit/templates/rootbin @@ -715,39 +707,45 @@ check file sshd_bin with path /usr/sbin/sshd check file sftp_bin with path /usr/lib/openssh/sftp-server group sshd include /etc/monit/templates/rootbin - -check file sshd_rsa_key with path /etc/ssh/ssh_host_rsa_key + +'; + if (!ISPConfig::wantsSecureShellHardened()) { + $conf.='check file sshd_rsa_key with path /etc/ssh/ssh_host_rsa_key group sshd include /etc/monit/templates/rootstrict -check file sshd_dsa_key with path /etc/ssh/ssh_host_dsa_key +'; + if (file_exists('/etc/ssh/ssh_host_dsa_key')) { + $conf.='check file sshd_dsa_key with path /etc/ssh/ssh_host_dsa_key group sshd include /etc/monit/templates/rootstrict - -check file sshd_rc with path /etc/ssh/sshd_config + +'; + } + $conf.='check file sshd_ecdsa_key with path /etc/ssh/ssh_host_ecdsa_key group sshd - include /etc/monit/templates/rootrc'; + include /etc/monit/templates/rootstrict + +'; + } + $conf.='check file sshd_ed25519_key with path /etc/ssh/ssh_host_ed25519_key + group sshd + include /etc/monit/templates/rootstrict'; } if ($service == 'crond') { $conf='check process crond with pidfile /var/run/crond.pid - group system group crond start program = "/usr/bin/systemctl start cron" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop cron" + stop program = "/usr/bin/systemctl stop cron" if 5 restarts with 5 cycles then timeout depend cron_bin - depend cron_rc depend cron_spool - + check file cron_bin with path /usr/sbin/cron group crond include /etc/monit/templates/rootbin - -check file cron_rc with path "/etc/init.d/cron" - group crond - include /etc/monit/templates/rootbin - + check directory cron_spool with path /var/spool/cron/crontabs group crond if failed permission 1730 then unmonitor @@ -757,110 +755,136 @@ check directory cron_spool with path /var/spool/cron/crontabs if ($service == 'named') { $conf='check process named with pidfile /var/run/named/named.pid + group named start program = "/usr/bin/systemctl start named" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop named" - if failed port 53 use type udp protocol dns then restart - if 5 restarts within 5 cycles then timeout'; + stop program = "/usr/bin/systemctl stop named" + if failed host localhost port 53 type udp protocol dns then restart + if 5 restarts within 5 cycles then timeout + depend named_bin + depend named_rndc + +check file named_bin with path /usr/sbin/named + group named + include /etc/monit/templates/rootbin + +check file named_rndc with path /etc/bind/rndc.key + group named + if failed checksum then unmonitor + if failed permission 640 then unmonitor + if failed uid bind then unmonitor + if failed gid bind then unmonitor'; } - + if ($service == 'postfix') { $conf='check process postfix with pidfile /var/spool/postfix/pid/master.pid - group mail group postfix start program = "/usr/bin/systemctl start postfix" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop postfix" + stop program = "/usr/bin/systemctl stop postfix" if failed host localhost port 25 with protocol smtp for 2 times within 2 cycles then restart if 5 restarts with 5 cycles then timeout depend master_bin - depend postfix_rc depend postdrop_bin depend postqueue_bin depend master_cf depend main_cf - + check file master_bin with path /usr/lib/postfix/sbin/master group postfix include /etc/monit/templates/rootbin - + check file postdrop_bin with path /usr/sbin/postdrop group postfix if failed checksum then unmonitor if failed permission 2555 then unmonitor if failed uid root then unmonitor if failed gid postdrop then unmonitor - + check file postqueue_bin with path /usr/sbin/postqueue group postfix if failed checksum then unmonitor if failed permission 2555 then unmonitor if failed uid root then unmonitor if failed gid postdrop then unmonitor - + check file master_cf with path /etc/postfix/master.cf group postfix include /etc/monit/templates/rootrc - + check file main_cf with path /etc/postfix/main.cf group postfix - include /etc/monit/templates/rootrc - -check file postfix_rc with path /etc/init.d/postfix - group postfix - include /etc/monit/templates/rootbin'; + include /etc/monit/templates/rootrc'; + } if ($service == 'dovecot') { $conf='check process dovecot with pidfile /var/run/dovecot/master.pid - group mail + group dovecot start program = "/usr/bin/systemctl start dovecot" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop dovecot" + stop program = "/usr/bin/systemctl stop dovecot" #if failed host mail.yourdomain.tld port 993 type tcpssl sslauto protocol imap then restart - if failed port 143 protocol imap then restart - if 5 restarts within 5 cycles then timeout'; + if failed host localhost port 143 protocol imap then restart + if 5 restarts within 5 cycles then timeout + depend dovecot_bin + +check file dovecot_bin with path /usr/sbin/dovecot + group dovecot + include /etc/monit/templates/rootbin'; } - + if ($service == 'rspamd') { $conf='check process rspamd matching \'rspamd: main process\' start program = "/usr/bin/systemctl start rspamd" with timeout 60 seconds - stop program = "/usr/bin/systemctl start rspamd" - + stop program = "/usr/bin/systemctl stop rspamd" if cpu is greater than 40% then alert if cpu > 60% for 4 cycles then alert if memory > 80% for 4 cycles then alert - if totalmem > 1024 MB for 4 cycles then alert'; + if totalmem > 1024 MB for 4 cycles then alert + depend rspamd_bin + +check file rspamd_bin with path /usr/bin/rspamd + group rspamd + include /etc/monit/templates/rootbin'; } if ($service == 'redis-server') { - $conf='check process redis-server with pidfile "/var/run/redis/redis-server.pid" - start program = "/usr/bin/systemctl start redis-server" - stop program = "/usr/bin/systemctl stop redis-server" - if failed host 127.0.0.1 port 6379 protocol redis then restart - if 5 restarts within 5 cycles then timeout'; + $conf='check process redis-server with pidfile /var/run/redis/redis-server.pid + group redis-server + start program = "/usr/bin/systemctl start redis-server" with timeout 60 seconds + stop program = "/usr/bin/systemctl stop redis-server" + if failed host 127.0.0.1 port 6379 protocol redis then restart + if 5 restarts within 5 cycles then timeout + depend redis-server_bin + +check file redis-server_bin with path /usr/bin/redis-server + group redis-server + include /etc/monit/templates/rootbin'; } - + if ($service == 'filesystem') { $conf='check filesystem rootfs with path / + group server if space usage > 90% then alert if inode usage > 80% then alert'; } - + if ($service == 'resources') { $conf='check system $HOST + group server if loadavg (5min) > 3 then alert - if loadavg (15min) > 1 then alert - if memory usage > 80% for 4 cycles then alert - if swap usage > 20% for 6 cycles then alert - # Test the user part of CPU usage - if cpu usage (user) > 80% for 6 cycles then alert - # Test the system part of CPU usage - if cpu usage (system) > 20% for 6 cycles then alert - # Test the i/o wait part of CPU usage - if cpu usage (wait) > 80% for 4 cycles then alert - # Test CPU usage including user, system and wait. Note that - # multi-core systems can generate 100% per core - # so total CPU usage can be more than 100% - if cpu usage > 200% for 4 cycles then alert'; + if loadavg (15min) > 1 then alert + if memory usage > 80% for 4 cycles then alert + if swap usage > 20% for 6 cycles then alert + # Test the user part of CPU usage + if cpu usage (user) > 80% for 6 cycles then alert + # Test the system part of CPU usage + if cpu usage (system) > 20% for 6 cycles then alert + # Test the i/o wait part of CPU usage + if cpu usage (wait) > 80% for 4 cycles then alert + # Test CPU usage including user, system and wait. Note that + # multi-core systems can generate 100% per core + # so total CPU usage can be more than 100% + if cpu usage > 200% for 4 cycles then alert'; } file_put_contents($confAvailableDir . $service, $conf); @@ -872,7 +896,8 @@ check file postfix_rc with path /etc/init.d/postfix $conf = '#set mailserver localhost #set mailserver smtp.example.com port 587 #username "user@example.com" password "welcome" - + #using tls + #set alert admin@example.com #set mail-format { @@ -916,7 +941,7 @@ set alert ' . $monitEmail . ' } file_put_contents($confAvailableDir . $service, $conf); $services[] = $service; - + // Configure main config with UI and admin + pass $service = "webui"; $monitpw = ''; @@ -925,15 +950,16 @@ set alert ' . $monitEmail . ' #SSL ENABLE #PEMFILE /usr/local/ispconfig/interface/ssl/ispserver.pem allow admin:' . $monitpw; - file_put_contents($confAvailableDir . $service, $conf); $services[] = $service; foreach ($services as $confFile) { - $cmd = 'ln -s ' . $confAvailableDir . $confFile . ' ' . $confEnabledDir; - $result = $this->exec($cmd); - if($result === false) { - throw new ISPConfigOSException('Command ' . $cmd . ' failed.'); + if(!is_link($confEnabledDir . $confFile) && !is_file($confEnabledDir . $confFile)) { + $cmd = 'ln -s ' . $confAvailableDir . $confFile . ' ' . $confEnabledDir; + $result = $this->exec($cmd); + if($result === false) { + throw new ISPConfigOSException('Command ' . $cmd . ' failed.'); + } } } @@ -977,6 +1003,7 @@ set alert ' . $monitEmail . ' '8081' // ISPConfig apps vhost ); if (!in_array($sshOption, $invalidOptions)) { + $this->sshPort = $sshOption; $secureShellCustomConfig .= ' Port ' . $sshOption; ISPConfigLog::info('Configuring custom port for the SSH daemon. After install, you can login through SSH on port ' . $sshOption); @@ -1897,13 +1924,13 @@ mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"'; $this->fixDbconfigCommon(); + $this->configureSecureShell(); + $monit_password = ''; if(ISPConfig::wantsMonit()) { $monit_password = $this->installMonit(); } - $this->configureSecureShell(); - if(ISPConfig::wantsUnattendedUpgrades()) { $this->installUnattendedUpgrades(); } -- GitLab From 0ff8f2f15b9284534b0b7a06fd6aec88f4971706 Mon Sep 17 00:00:00 2001 From: "Dr. Yves Kreis" Date: Sat, 9 Sep 2023 22:38:48 +0300 Subject: [PATCH 2/2] Remove double space. --- lib/os/class.ISPConfigDebianOS.inc.php | 36 +++++++++++++------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php index 2210020..8fc7ccc 100644 --- a/lib/os/class.ISPConfigDebianOS.inc.php +++ b/lib/os/class.ISPConfigDebianOS.inc.php @@ -556,7 +556,7 @@ Alias /phpmyadmin /usr/share/phpmyadmin $conf='check process apache with pidfile /var/run/apache2/apache2.pid group apache start program = "/usr/bin/systemctl start apache2" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop apache2" + stop program = "/usr/bin/systemctl stop apache2" if failed port 80 protocol http then restart if failed port 443 then restart if 5 restarts within 5 cycles then timeout @@ -571,7 +571,7 @@ check file apache_bin with path /usr/sbin/apache2 $conf='check process nginx with pidfile /var/run/nginx.pid group nginx start program = "/usr/bin/systemctl start nginx" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop nginx" + stop program = "/usr/bin/systemctl stop nginx" if failed port 80 protocol http then restart if failed port 443 then restart if 5 restarts within 5 cycles then timeout @@ -587,7 +587,7 @@ check file nginx_bin with path /usr/sbin/nginx $conf='check process mariadb with pidfile /var/run/mysqld/mysqld.pid group mariadb start program = "/usr/bin/systemctl start mariadb" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop mariadb" + stop program = "/usr/bin/systemctl stop mariadb" if failed host 127.0.0.1 port 3306 protocol mysql then restart if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart if 5 restarts within 5 cycles then timeout @@ -600,7 +600,7 @@ check file mariadb_bin with path /usr/sbin/mariadbd $conf='check process mariadb with pidfile /var/run/mysqld/mysqld.pid group mysql start program = "/usr/bin/systemctl start mariadb" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop mariadb" + stop program = "/usr/bin/systemctl stop mariadb" if failed host 127.0.0.1 port 3306 protocol mysql then restart if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart if 5 restarts within 5 cycles then timeout @@ -613,7 +613,7 @@ check file mysql_bin with path /usr/sbin/mysqld $conf='check process mariadb with pidfile /var/run/mysqld/mysqld.pid group mariadb start program = "/usr/bin/systemctl start mariadb" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop mariadb" + stop program = "/usr/bin/systemctl stop mariadb" if failed host 127.0.0.1 port 3306 protocol mysql then restart if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart if 5 restarts within 5 cycles then timeout'; @@ -626,7 +626,7 @@ check file mysql_bin with path /usr/sbin/mysqld $conf='check process ' . $phpfpm . ' with pidfile /var/run/php/' . $phpfpm . '.pid group php-fpm start program = "/usr/bin/systemctl start ' . $phpfpm . '" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop ' . $phpfpm . '" + stop program = "/usr/bin/systemctl stop ' . $phpfpm . '" if failed unixsocket /var/run/php/' . $phpfpm . '.sock then restart if 5 restarts within 5 cycles then timeout depend ' . $phpfpm . '_bin @@ -641,7 +641,7 @@ check file ' . $phpfpm . '_bin with path /usr/sbin/php-fpm' . $curver . ' $conf='check process memcached with pidfile /var/run/memcached/memcached.pid group memcached start program = "/usr/bin/systemctl start memcached" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop memcached" + stop program = "/usr/bin/systemctl stop memcached" if failed host 127.0.0.1 port 11211 protocol memcache then restart if 5 restarts within 5 cycles then timeout depend memcache_bin @@ -655,7 +655,7 @@ check file memcache_bin with path /usr/bin/memcached $conf='check process pure-ftpd-mysql with pidfile /var/run/pure-ftpd/pure-ftpd.pid group pure-ftpd start program = "/usr/bin/systemctl start pure-ftpd-mysql" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop pure-ftpd-mysql" + stop program = "/usr/bin/systemctl stop pure-ftpd-mysql" if failed port 21 protocol ftp then restart if 5 restarts within 5 cycles then timeout depend pure-ftpd_bin @@ -669,7 +669,7 @@ check file pure-ftpd_bin with path /usr/sbin/pure-ftpd-mysql $conf='check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid group fail2ban start program = "/usr/bin/systemctl start fail2ban" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop fail2ban" + stop program = "/usr/bin/systemctl stop fail2ban" if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart if 5 restarts within 5 cycles then timeout @@ -682,7 +682,7 @@ check file fail2ban_log with path /var/log/fail2ban.log $conf='check process sshd with pidfile /var/run/sshd.pid group sshd start program = "/usr/bin/systemctl start ssh" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop ssh" + stop program = "/usr/bin/systemctl stop ssh" if failed host localhost port ' . $this->sshPort . ' with proto ssh then restart if 5 restarts with 5 cycles then timeout depend on sshd_bin @@ -737,7 +737,7 @@ check file sftp_bin with path /usr/lib/openssh/sftp-server $conf='check process crond with pidfile /var/run/crond.pid group crond start program = "/usr/bin/systemctl start cron" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop cron" + stop program = "/usr/bin/systemctl stop cron" if 5 restarts with 5 cycles then timeout depend cron_bin depend cron_spool @@ -757,7 +757,7 @@ check directory cron_spool with path /var/spool/cron/crontabs $conf='check process named with pidfile /var/run/named/named.pid group named start program = "/usr/bin/systemctl start named" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop named" + stop program = "/usr/bin/systemctl stop named" if failed host localhost port 53 type udp protocol dns then restart if 5 restarts within 5 cycles then timeout depend named_bin @@ -779,7 +779,7 @@ check file named_rndc with path /etc/bind/rndc.key $conf='check process postfix with pidfile /var/spool/postfix/pid/master.pid group postfix start program = "/usr/bin/systemctl start postfix" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop postfix" + stop program = "/usr/bin/systemctl stop postfix" if failed host localhost port 25 with protocol smtp for 2 times within 2 cycles then restart if 5 restarts with 5 cycles then timeout depend master_bin @@ -820,7 +820,7 @@ check file main_cf with path /etc/postfix/main.cf $conf='check process dovecot with pidfile /var/run/dovecot/master.pid group dovecot start program = "/usr/bin/systemctl start dovecot" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop dovecot" + stop program = "/usr/bin/systemctl stop dovecot" #if failed host mail.yourdomain.tld port 993 type tcpssl sslauto protocol imap then restart if failed host localhost port 143 protocol imap then restart if 5 restarts within 5 cycles then timeout @@ -835,7 +835,7 @@ check file dovecot_bin with path /usr/sbin/dovecot $conf='check process rspamd matching \'rspamd: main process\' start program = "/usr/bin/systemctl start rspamd" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop rspamd" + stop program = "/usr/bin/systemctl stop rspamd" if cpu is greater than 40% then alert if cpu > 60% for 4 cycles then alert if memory > 80% for 4 cycles then alert @@ -851,7 +851,7 @@ check file rspamd_bin with path /usr/bin/rspamd $conf='check process redis-server with pidfile /var/run/redis/redis-server.pid group redis-server start program = "/usr/bin/systemctl start redis-server" with timeout 60 seconds - stop program = "/usr/bin/systemctl stop redis-server" + stop program = "/usr/bin/systemctl stop redis-server" if failed host 127.0.0.1 port 6379 protocol redis then restart if 5 restarts within 5 cycles then timeout depend redis-server_bin @@ -909,7 +909,7 @@ check file redis-server_bin with path /usr/bin/redis-server #Action: $ACTION #Host: $HOST #Description: $DESCRIPTION -# +# #Your faithful employee, #Monit #}'; @@ -931,7 +931,7 @@ set alert ' . $monitEmail . ' #Action: $ACTION #Host: $HOST #Description: $DESCRIPTION -# +# #Your faithful employee, #Monit #}'; -- GitLab