Mittwoch, 17. April 2013

Linux Mint Debian - monit installieren und config einrichten

Monit 5.4 installieren


Da ich mich ein wenig mit monit beschäftigt habe möchte ich mit euch meine /etc/monit/monitrc Config Datei teilen und euch zeigen wie man monit auf Debian installiert. Mit monit lassen sich unix systeme überwachen und automatisierte Abläufe im Falle eines Fehlers generieren. Ist alles sehr einfach und mit dem Webserver auch ansprechend Präsentiert im Browser.

monit service manager - monit 5.4

Monit installieren


monit installiert man so:
 sudo apt-get install monit  

Danach /etc/monit/monitrc bearbeiten. Mit vi oder pico
 sudo pico /etc/monit/monitrc  
 sudo vi /etc/monit/monitrc  
aufrufen und editieren.

Beachtet das ihr ein Emailsystem eingerichtet haben müsst um die Alerts zu verschicken.

Monit einrichten

 Eigentlich sind nur die folgenden Einstellungen wichtig:
 set daemon 180                           # Monit überprüft alle 180 Sekunden  
 set mailserver localhost                 # Welchen Mailserver soll monit für die Alerts benutzen  
 set mail-format { from: user@domain.tld }# Welcher Absender haben die Emails von monit  
 set alert user@domain.tld                # An welche Adresse gehen die Alerts von monit  
Den Rest kann nach eingenem Geschmack angepasst werden. Die Programme die man überwachen will müssen natürlich vorher installiert werden ;)

Ich habe folgende Überwachungen eingerichtet:
  • localhost - misst CPU, RAM und Swap
  • CUPS - Druckserver
  • Exim4 - Mailserver
  • OpenVPN - VPN Server
  • CLAM - Anti Virus
  • SSH - Secure Shell Server, Netzwerkprotokoll für verschlüsselte Verbindungen
  • Fail2ban - SSH Sicherheitstool
  • Denyhosts - SSH Sicherheitstool
  • Samba - Samba Server, Datei- und Druckerserver
  • Cron - Cron-Daemon dient der zeitbasierten Ausführung von Prozessen
  • Minidlna - Multimediaserver
  • Webseite überwachen
Schaut einfach in der config nach wie ich das gemacht habe.

Meine monit config


 Meine Config sieht so aus:
 ###############################################################################  
 ## Monit control file  
 ###############################################################################  
 ##  
 ## Comments begin with a '#' and extend through the end of the line. Keywords  
 ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.  
 ##  
 ## Below you will find examples of some frequently used statements. For   
 ## information about the control file and a complete list of statements and   
 ## options, please have a look in the Monit manual.  
 ##  
 ##  
 ###############################################################################  
 ## Global section  
 ###############################################################################  
 ##  
 ## Start Monit in the background (run as a daemon):  
 #  
  set daemon 120      # check services at 2-minute intervals  
 #  with start delay 240  # optional: delay the first check by 4-minutes (by   
 #              # default Monit check immediately after Monit start)  
 #  
 #  
 ## Set syslog logging with the 'daemon' facility. If the FACILITY option is  
 ## omitted, Monit will use 'user' facility by default. If you want to log to   
 ## a standalone log file instead, specify the full path to the log file  
 #  
 # set logfile syslog facility log_daemon              
  set logfile /var/log/monit.log  
 #  
 #  
 ## Set the location of the Monit id file which stores the unique id for the  
 ## Monit instance. The id is generated and stored on first Monit start. By   
 ## default the file is placed in $HOME/.monit.id.  
 #  
 # set idfile /var/.monit.id  
  set idfile /var/lib/monit/id  
 #  
 ## Set the location of the Monit state file which saves monitoring states  
 ## on each cycle. By default the file is placed in $HOME/.monit.state. If  
 ## the state file is stored on a persistent filesystem, Monit will recover  
 ## the monitoring state across reboots. If it is on temporary filesystem, the  
 ## state will be lost on reboot which may be convenient in some situations.  
 #  
  set statefile /var/lib/monit/state  
 #  
 ## Set the list of mail servers for alert delivery. Multiple servers may be   
 ## specified using a comma separator. If the first mail server fails, Monit   
 # will use the second mail server in the list and so on. By default Monit uses   
 # port 25 - it is possible to override this with the PORT option.  
 #  
  set mailserver localhost        # primary mailserver  
 #        backup.bar.baz port 10025, # backup mailserver on port 10025  
 #        localhost          # fallback relay  
 #  
 #  
 ## By default Monit will drop alert events if no mail servers are available.   
 ## If you want to keep the alerts for later delivery retry, you can use the   
 ## EVENTQUEUE statement. The base directory where undelivered alerts will be   
 ## stored is specified by the BASEDIR option. You can limit the maximal queue  
 ## size using the SLOTS option (if omitted, the queue is limited by space   
 ## available in the back end filesystem).  
 #  
  set eventqueue  
    basedir /var/lib/monit/events # set the base directory where events will be stored  
    slots 100           # optionally limit the queue size  
 #  
 #  
 ## Send status and events to M/Monit (for more informations about M/Monit   
 ## see http://mmonit.com/). By default Monit registers credentials with   
 ## M/Monit so M/Monit can smoothly communicate back to Monit and you don't  
 ## have to register Monit credentials manually in M/Monit. It is possible to  
 ## disable credential registration using the commented out option below.   
 ## Though, if safety is a concern we recommend instead using https when  
 ## communicating with M/Monit and send credentials encrypted.  
 #  
 # set mmonit http://monit:monit@192.168.1.10:8080/collector  
 #   # and register without credentials   # Don't register credentials  
 #  
 #  
 ## Monit by default uses the following format for alerts if the the mail-format  
 ## statement is missing::  
 ## --8<--  
 ## set mail-format {  
 ##   from: monit@$HOST  
 ##  subject: monit alert -- $EVENT $SERVICE  
 ##  message: $EVENT Service $SERVICE  
 ##         Date:    $DATE  
 ##         Action:   $ACTION  
 ##         Host:    $HOST  
 ##         Description: $DESCRIPTION  
 ##  
 ##      Your faithful employee,  
 ##      Monit  
 ## }  
 ## --8<--  
 ##  
 ## You can override this message format or parts of it, such as subject  
 ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.  
 ## are expanded at runtime. For example, to override the sender, use:  
 #  
  set mail-format { from: monit@domain.com }  
 #  
 #  
 ## You can set alert recipients whom will receive alerts if/when a   
 ## service defined in this file has errors. Alerts may be restricted on   
 ## events by using a filter as in the second example below.   
 #  
  set alert email@adress.com            # receive all alerts  
  set alert email@adress.com only on { timeout } # receive just service-  
 #                        # timeout alert  
 #  
 #  
 ## Monit has an embedded web server which can be used to view status of   
 ## services monitored and manage services from a web interface. See the  
 ## Monit Wiki if you want to enable SSL for the web server.   
 #  
  set httpd port 2342 and  
   use address localhost # only accept connection from localhost  
   allow localhost    # allow localhost to connect to the server and  
 #  allow admin:monit   # require user 'admin' with password 'monit'  
 #  allow @monit      # allow users of group 'monit' to connect (rw)  
 #  allow @users readonly # allow users of group 'users' to connect readonly  
 #  
 ###############################################################################  
 ## Services  
 ###############################################################################  
 ##  
 ## Check general system resources such as load average, cpu and memory  
 ## usage. Each test specifies a resource, conditions and the action to be  
 ## performed should a test fail.  
 #  
  check system localhost  
   if loadavg (1min) > 4 then alert  
   if loadavg (5min) > 2 then alert  
   if memory usage > 75% then alert  
   if swap usage > 25% then alert  
   if cpu usage (user) > 70% then alert  
   if cpu usage (system) > 30% then alert  
   if cpu usage (wait) > 20% then alert  
 #  
 #    
 ## Check if a file exists, checksum, permissions, uid and gid. In addition  
 ## to alert recipients in the global section, customized alert can be sent to   
 ## additional recipients by specifying a local alert handler. The service may   
 ## be grouped using the GROUP option. More than one group can be specified by  
 ## repeating the 'group name' statement.  
 #    
 # check file apache_bin with path /usr/local/apache/bin/httpd  
 #  if failed checksum and   
 #    expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor  
 #  if failed permission 755 then unmonitor  
 #  if failed uid root then unmonitor  
 #  if failed gid root then unmonitor  
 #  alert security@foo.bar on {  
 #      checksum, permission, uid, gid, unmonitor  
 #    } with the mail-format { subject: Alarm! }  
 #  group server  
 #  
 #    
 ## Check that a process is running, in this case Apache, and that it respond  
 ## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,  
 ## and number of children. If the process is not running, Monit will restart   
 ## it by default. In case the service is restarted very often and the   
 ## problem remains, it is possible to disable monitoring using the TIMEOUT  
 ## statement. This service depends on another service (apache_bin) which  
 ## is defined above.  
 #    
 # check process apache with pidfile /usr/local/apache/logs/httpd.pid  
 #  start program = "/etc/init.d/httpd start" with timeout 60 seconds  
 #  stop program = "/etc/init.d/httpd stop"  
 #  if cpu > 60% for 2 cycles then alert  
 #  if cpu > 80% for 5 cycles then restart  
 #  if totalmem > 200.0 MB for 5 cycles then restart  
 #  if children > 250 then restart  
 #  if loadavg(5min) greater than 10 for 8 cycles then stop  
 #  if failed host www.tildeslash.com port 80 protocol http   
 #    and request "/somefile.html"  
 #    then restart  
 #  if failed port 443 type tcpssl protocol http  
 #    with timeout 15 seconds  
 #    then restart  
 #  if 3 restarts within 5 cycles then timeout  
 #  depends on apache_bin  
 #  group server  
 #    
 #    
 # CUPSD  
  check process cupsd with pidfile /var/run/cups/cupsd.pid  
    group lpadmin  
    start program = "/etc/init.d/cups start"  
    stop program = "/etc/init.d/cups stop"  
    if failed unixsocket /var/run/cups/cups.sock then restart  
    if 5 restarts within 5 cycles then timeout  
    depends on cupsd_bin  
    depends on cupsd_rc  
  check file cupsd_bin with path /usr/sbin/cupsd  
    group lpadmin  
    if failed checksum then unmonitor  
    if failed permission 755 then unmonitor  
    if failed uid root then unmonitor  
    if failed gid root then unmonitor  
  check file cupsd_rc with path /etc/init.d/cups  
    group lpadmin  
    if failed checksum then unmonitor  
    if failed permission 755 then unmonitor  
    if failed uid root then unmonitor  
    if failed gid root then unmonitor  
 #
 # exim mail daemon  
 #
 check process exim4  
     pidfile /var/run/exim4/exim.pid  
     group mail  
     start program = "/etc/init.d/exim4 start"  
     stop program = "/etc/init.d/exim4 stop"  
     if failed port 25 proto smtp then restart  
     if 5 restarts within 5 cycles then timeout  
     depends on clamd  
 #
 # openvpn
 #
 check process openvpn with pidfile /var/run/openvpn.server.pid  
      group system      
      start program = "/etc/init.d/openvpn start"  
     stop program = "/etc/init.d/openvpn stop"  
     if failed host 192.168.1.4 port 1194 type udp then restart  
     group net  
     depends openvpn_init  
     depends openvpn_bin  
  if 5 restarts within 5 cycles then timeout  
 check file openvpn_init with path /etc/init.d/openvpn  
     group net  
 check file openvpn_bin with path /usr/sbin/openvpn  
     group net  
 #
 # clamav
 #
 check process clamd with pidfile /var/run/clamav/clamd.pid  
  group virus  
  start program = "/etc/init.d/clamav-daemon start"  
  stop program = "/etc/init.d/clamav-daemon stop"  
  if 5 restarts within 5 cycles then timeout  
  depends on clamavd_bin  
  depends on clamavd_rc  
 check process freshclam with pidfile /var/run/clamav/freshclam.pid  
  group virus  
  start program = "/etc/init.d/clamav-freshclam start"  
  stop program = "/etc/init.d/clamav-freshclam stop"  
  if 5 restarts within 5 cycles then timeout  
  depends on clamd  
  depends on clamavd_bin  
  depends on clamavd_rc  
 check file clamavd_bin with path /usr/sbin/clamd  
  group virus  
  if failed checksum then unmonitor  
  if failed permission 755 then unmonitor  
  if failed uid root then unmonitor  
  if failed gid root then unmonitor  
 check file clamavd_rc with path /etc/init.d/clamav-daemon  
  group virus  
  if failed checksum then unmonitor  
  if failed permission 755 then unmonitor  
  if failed uid root then unmonitor  
  if failed gid root then unmonitor  
 #
 # fail2ban
 #
 check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid  
     start program = "/etc/init.d/fail2ban start"  
     stop program = "/etc/init.d/fail2ban stop"  
     if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart  
     if 5 restarts within 5 cycles then timeout  
 #
 # minidlna
 #
 check process minidlna with pidfile /var/run/minidlna/minidlna.pid  
       start program "/etc/init.d/minidlna start"  
   stop program "/etc/init.d/minidlna stop"  
   if 5 restarts within 5 cycles then timeout  
  check process sshd with pidfile /var/run/sshd.pid         
   start program "/etc/init.d/ssh start"           
   stop program "/etc/init.d/ssh stop"             
   if failed port 22 protocol ssh then restart          
   if 5 restarts within 5 cycles then timeout          
 #
 # samba
 #
 check process smbd with pidfile /var/run/samba/smbd.pid  
   group samba  
   start program = "/etc/init.d/samba start"  
   stop program = "/etc/init.d/samba stop"  
   if failed host 192.168.1.4 port 139 type TCP then restart  
   if 5 restarts within 5 cycles then timeout  
   depends on smbd_bin  
  check file smbd_bin with path /usr/sbin/smbd  
   group samba  
   if failed checksum then unmonitor  
   if failed permission 755 then unmonitor  
   if failed uid root then unmonitor  
   if failed gid root then unmonitor  
 #
 # syslog
 #
  check file syslogd_file with path /var/log/syslog  
   if timestamp > 65 minutes then alert  
 #
 # cron
 #
 check process cron with pidfile /var/run/crond.pid  
   group system  
   start program = "/etc/init.d/cron start"  
   stop program = "/etc/init.d/cron stop"  
   if 5 restarts within 5 cycles then timeout  
   depends on cron_rc  
  check file cron_rc with path /etc/init.d/cron  
   group system  
   if failed checksum then unmonitor  
   if failed permission 755 then unmonitor  
   if failed uid root then unmonitor  
   if failed gid root then unmonitor  
 #
 # check website
 #
 check host the-tech-blog-blogger.blogspot.com with address the-tech-blog-blogger.blogspot.com  
 if failed url http://the-tech-blog-blogger.blogspot.ch/  
 timeout 30 seconds for 3 cycles then alert  
 #
 # denyhosts
 #
 check process denyhosts with pidfile /var/run/denyhosts.pid  
   start program = "/etc/init.d/denyhosts start"  
   stop program = "/etc/init.d/denyhosts stop"  
   if cpu > 90% for 2 cycles then alert  
 check file denyhosts.conf  
   with path /etc/denyhosts.conf  
   if changed checksum then alert  
 ## Check filesystem permissions, uid, gid, space and inode usage. Other services,  
 ## such as databases, may depend on this resource and an automatically graceful  
 ## stop may be cascaded to them before the filesystem will become full and data  
 ## lost.  
 #  
 # check filesystem datafs with path /dev/sdb1  
 #  start program = "/bin/mount /data"  
 #  stop program = "/bin/umount /data"  
 #  if failed permission 660 then unmonitor  
 #  if failed uid root then unmonitor  
 #  if failed gid disk then unmonitor  
 #  if space usage > 80% for 5 times within 15 cycles then alert  
 #  if space usage > 99% then stop  
 #  if inode usage > 30000 then alert  
 #  if inode usage > 99% then stop  
 #  group server  
 #  
 #  
 ## Check a file's timestamp. In this example, we test if a file is older   
 ## than 15 minutes and assume something is wrong if its not updated. Also,  
 ## if the file size exceed a given limit, execute a script  
 #  
 # check file database with path /data/mydatabase.db  
 #  if failed permission 700 then alert  
 #  if failed uid data then alert  
 #  if failed gid data then alert  
 #  if timestamp > 15 minutes then alert  
 #  if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba  
 #  
 #  
 ## Check directory permission, uid and gid. An event is triggered if the   
 ## directory does not belong to the user with uid 0 and gid 0. In addition,   
 ## the permissions have to match the octal description of 755 (see chmod(1)).  
 #  
 # check directory bin with path /bin  
 #  if failed permission 755 then unmonitor  
 #  if failed uid 0 then unmonitor  
 #  if failed gid 0 then unmonitor  
 #  
 #  
 ## Check a remote host availability by issuing a ping test and check the   
 ## content of a response from a web server. Up to three pings are sent and   
 ## connection to a port and an application level network check is performed.  
 #  
 # check host myserver with address 192.168.1.1  
 #  if failed icmp type echo count 3 with timeout 3 seconds then alert  
 #  if failed port 3306 protocol mysql with timeout 15 seconds then alert  
 #  if failed url http://user:password@www.foo.bar:8080/?querystring  
 #    and content == 'action="j_security_check"'  
 #    then alert  
 #  
 #  
 ###############################################################################  
 ## Includes  
 ###############################################################################  
 ##  
 ## It is possible to include additional configuration parts from other files or  
 ## directories.  
 #  
   include /etc/monit/conf.d/*  
 #  

Danach kann die Überwachungsseite mit http://localhost:2342 aufgerufen werden.
Wer die Seite auch aus dem LAN oder WAN ansehen will, muss die Config anpassen.
Und zwar nach diesem Eintrag:
 set httpd port 2342 and   
   use address localhost # only accept connection from localhost   
   allow localhost  # allow localhost to connect to the server and   

Weitere Einstellungsbeispiele findet ihr auch hier:
http://mmonit.com/wiki/Monit/ConfigurationExamples

Viel spass beim monit einrichten!

1 Kommentar: