# -*- coding: utf-8; mode: python -*-

import sre

info["owner"] = "root"
info["group"] = "root"
info["perms"] = 0644

header()

if has("apache"):
    @# Apache2
    @check process apache2 with pidfile /var/run/apache2.pid
    @    start program = "/etc/init.d/apache2 start"
    @    stop  program = "/etc/init.d/apache2 stop"
    if has("http-server"):
        @    if failed host localhost port 80 protocol http timeout 30 seconds then restart
    if has("intranet-server"):
        @    if failed host intranet.crans.org port 443 type tcpssl protocol http timeout 30 seconds then restart
    if has("https-server"):
        @    if failed host localhost port 443 type tcpssl protocol http timeout 30 seconds then restart
    @    if cpu is greater than 60% for 2 cycles then alert
    @    if cpu > 80% for 5 cycles then restart
    @    if totalmem > 500.0 MB for 5 cycles then restart
    @    if children > 250 then restart
    @    if loadavg(5min) greater than 10 for 8 cycles then restart
    @    if 3 restarts within 5 cycles then timeout
    @

@# at
@check process at with pidfile /var/run/atd.pid
@    start program = "/etc/init.d/atd start"
@    stop  program = "/etc/init.d/atd stop"
@    if 5 restarts within 5 cycles then timeout
@

if has("cherrypy"):
    @# intranet (CherryPy)
    @check process intranet with pidfile /var/run/intranet.pid
    @    start program = "/etc/init.d/intranet start"
    @    stop  program = "/etc/init.d/intranet stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("backuppc-server"):
    @# backuppc
    @check process backuppc with pidfile /var/run/backuppc/BackupPC.pid
    @    start program = "/etc/init.d/backuppc start"
    @    stop  program = "/etc/init.d/backuppc stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("bind"):
    @# Bind 9
    @check process bind with pidfile /var/run/bind/run/named.pid
    @    start program = "/etc/init.d/bind9 start"
    @    stop  program = "/etc/init.d/bind9 stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("cups"):
    @# cups
    @check process cups with pidfile /var/run/cups/cupsd.pid
    @    start program = "/etc/init.d/cupsys start"
    @    stop  program = "/etc/init.d/cupsys stop"
    @    if 5 restarts within 5 cycles then timeout
    @

@# cron
@check process cron with pidfile /var/run/crond.pid
@    start program = "/etc/init.d/cron start"
@    stop  program = "/etc/init.d/cron stop"
@    if 5 restarts within 5 cycles then timeout
@

if has("firewall"):
    @# netacct
    @check process netacct with pidfile /var/run/nacctd.pid
    @    start program = "/etc/init.d/net-acct start"
    @    stop  program = "/etc/init.d/net-acct stop"
    @    if 5 restarts within 5 cycles then timeout
    @
    @# filtrage netacct
    @check process filtrage_netacct with pidfile /var/run/filtrage_netacct.pid
    @    start program = "/etc/init.d/filtrage_netacct start"
    @    stop  program = "/etc/init.d/filtrage_netacct stop"
    @    if 5 restarts within 5 cycles then timeout
    @
    @# filtrage firewall
    @check process filtrage_firewall with pidfile /var/run/filtrage_firewall.pid
    @    start program = "/etc/init.d/filtrage_firewall start"
    @    stop  program = "/etc/init.d/filtrage_firewall stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("dhcp-detect"):
    @# dhcp-detect
    @check process dhcp-detect with pidfile /var/run/dhcp-detect.pid
    @    start program = "/etc/init.d/dhcp-detect start"
    @    stop  program = "/etc/init.d/dhcp-detect stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("freeradius"):
    @# freeradius
    @check process freeradius with pidfile /var/run/freeradius/freeradius.pid
    @    start program = "/etc/init.d/freeradius start"
    @    stop  program = "/etc/init.d/freeradius stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("inn"):
    @# inn
    @check process inn with pidfile /var/run/news/innd.pid
    @    start program = "/etc/init.d/inn2 start"
    @    stop  program = "/etc/init.d/inn2 stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("mailman"):
    @# mailman
    @check process mailman with pidfile /var/run/mailman/mailman.pid
    @    start program = "/etc/init.d/mailman start"
    @    stop  program = "/etc/init.d/mailman stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("monit-ovh"):
    @# monit-ovh
    @check process monit-ovh with pidfile /var/run/monit-ovh.pid
    @    start program = "/etc/init.d/monit-ovh start"
    @    stop  program = "/etc/init.d/monit-ovh stop"
    @    if 5 restarts within 5 cycles then timeout
    @

@# munin-node
@check process munin-node with pidfile /var/run/munin/munin-node.pid
@    start program = "/etc/init.d/munin-node start"
@    stop  program = "/etc/init.d/munin-node stop"
@    if 5 restarts within 5 cycles then timeout
@

if has("mysql"):
    @# mysql
    @check process mysql with pidfile /var/run/mysqld/mysqld.pid
    @  start program = "/etc/init.d/mysql start"
    @  stop  program = "/etc/init.d/mysql stop"
    @  if 5 restarts within 5 cycles then timeout
    @

@# nscd
@check process nscd with pidfile /var/run/nscd/nscd.pid
@  start program = "/etc/init.d/nscd start"
@  stop  program = "/etc/init.d/nscd stop"
@  if 5 restarts within 5 cycles then timeout
@  if failed unixsocket /var/run/nscd/socket then restart
@

if has("openvpn-ovh"):
    @# openvpn ovh
    @check process openvpn with pidfile /var/run/openvpn.ovh.pid
    @    start program = "/etc/init.d/openvpn start ovh"
    @    stop  program = "/etc/init.d/openvpn stop ovh"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("openvpn-komaz"):
    @# openvpn komaz
    @check process openvpn-komaz with pidfile /var/run/openvpn.komaz.pid
    @    start program = "/etc/init.d/openvpn start komaz"
    @    stop  program = "/etc/init.d/openvpn stop komaz"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("openvpn-freebox"):
    @# openvpn freebox
    @check process openvpn-freebox with pidfile /var/run/openvpn.freebox.pid
    @    start program = "/etc/init.d/openvpn start freebox"
    @    stop  program = "/etc/init.d/openvpn stop freebox"
    @    depends on openvpn-komaz
    @    if 5 restarts within 5 cycles then timeout
    @

@# postfix
@check process postfix with pidfile /var/spool/postfix/pid/master.pid
@    start program = "/etc/init.d/postfix start"
@    stop  program = "/etc/init.d/postfix stop"
@    if failed port 25 protocol smtp timeout 30 seconds then restart
@    if 5 restarts within 5 cycles then timeout
@

if has("pgsql-sqlgrey") or has("pgsql"):
    @# postgresql
    @check process postgresql with pidfile /var/lib/postgres/data/postmaster.pid
    @    start program = "/etc/init.d/postgresql-7.4 start"
    @    stop  program = "/etc/init.d/postgresql-7.4 stop"
    @    if failed port 5432 timeout 30 seconds then restart
    @    if 5 restarts within 5 cycles then timeout
    @

if has("privoxy"):
    @# privoxy
    @check process privoxy with pidfile /var/run/privoxy.pid
    @    start program = "/etc/init.d/privoxy start"
    @    stop  program = "/etc/init.d/privoxy stop"
    @    if failed host localhost port 8117 timeout 30 seconds then restart
    @    if 5 restarts within 5 cycles then timeout
    @

if has("proftpd"):
    @# proftpd
    @check process proftpd with pidfile /var/run/proftpd.pid
    @    start program = "/etc/init.d/proftpd start"
    @    stop  program = "/etc/init.d/proftpd stop"
    @    if failed port 21 protocol ftp timeout 30 seconds then restart
    @    if 5 restarts within 5 cycles then timeout
    @

if has("rsync"):
    @# rsync
    @check process rsync with pidfile /var/run/rsync.pid
    @    start program = "/etc/init.d/rsync start"
    @    stop  program = "/etc/init.d/rsync stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("slapd"):
    @# slapd
    @check process slapd with pidfile /var/run/slapd/slapd.pid
    @    start program = "/etc/init.d/slapd start"
    @    stop  program = "/etc/init.d/slapd stop"
    @    if failed host localhost port 389 protocol ldap3 timeout 30 seconds then restart
    @    if 5 restarts within 5 cycles then timeout
    @

if has("spamassassin"):
    @# spamd
    @check process spamd with pidfile /var/run/spamd.pid
    @    start program = "/etc/init.d/spamassassin start"
    @    stop  program = "/etc/init.d/spamassassin stop"
    @    if 5 restarts within 5 cycles then timeout
    @

if has("sqlgrey"):
    @# sqlgrey
    @check process sqlgrey with pidfile /var/run/sqlgrey.pid
    @    start program = "/etc/init.d/sqlgrey start"
    @    stop  program = "/etc/init.d/sqlgrey stop"
    @    if 5 restarts within 5 cycles then timeout
    @

@# ssh
@check process ssh with pidfile /var/run/sshd.pid
@    start program = "/etc/init.d/ssh start"
@    stop  program = "/etc/init.d/ssh stop"
@    if failed port 22 protocol ssh timeout 30 seconds then restart
@    if children > 200 then restart
@    if 5 restarts within 5 cycles then timeout
@

@# syslog-ng
@check process syslog-ng with pidfile /var/run/syslog-ng.pid
@    start program = "/etc/init.d/syslog-ng start"
@    stop  program = "/etc/init.d/syslog-ng stop"
@    if 5 restarts within 5 cycles then timeout
@    depend on file/var/log/syslog
@
@check file file/var/log/syslog with path /var/log/syslog
@    if timestamp > 15 minutes then alert
@

if has("vsftpd"):
    @# vsftpd
    @check process vsftpd with pidfile /var/run/vsftpd/vsftpd.pid
    @    start program = "/etc/init.d/vsftpd start"
    @    stop  program = "/etc/init.d/vsftpd stop"
    @    if failed host 138.231.136.10 port 21 protocol ftp timeout 30 seconds then restart
    @    if 5 restarts within 5 cycles then timeout
    @

if has("vsftpd-federez"):
    @# vsftpd-federez
    @check process vsftpd-federez with pidfile /var/run/vsftpd/vsftpd-federez.pid
    @    start program = "/etc/init.d/vsftpd-federez start"
    @    stop  program = "/etc/init.d/vsftpd-federez stop"
    @    if failed host 138.231.136.129 port 21 protocol ftp timeout 30 seconds then restart
    @    if 5 restarts within 5 cycles then timeout
    @

# on ne monitore pas les disques de canard
if hostname in ['canard'] :
    done()

for line in metadata.probes["fstab.local"].splitlines():
    # on supprime les espaces
    line = line.strip()

    # on saute les lignes inintérassantes
    if not line :
        continue
    if line[0] == "#" :
        continue

    # on découpe la ligne
    [fs, mntpoint, type, options, dump, pass_] = sre.split('[ \t]*',line)
    options = options.split(",")

    # on saute si c'est une partition non montée au démarrage
    if "noauto" in options:
        continue

    # on saute si c'est une partition bind
    if "bind" in options:
        continue

    # on saute les système pas intéressants
    if type in ['swap','proc','tmpfs','sysfs', 'nfs']:
        continue

    # on ajoute les lignes de configuration générale
    comment("partition %s" % mntpoint)
    print 'check device fs%s with path %s' % (line[1], line[0])

    print '  if failed permission 660 then alert'
    print '  if failed uid root then alert'
    print '  if failed gid disk then alert'

    # place sur les disques
    alert_level = {
        ('sila','/var/spool/squid1') : None,
        ('sila','/var/spool/squid2') : None,
        ('egon','/pubftp') : 95,
        ('sila','/var/log/squid') : 92,
        ('sila','/pubftp') : 92
        }.get((hostname, mntpoint), -1)
    if alert_level == -1:
        if mntpoint in ('/usr', '/var/lib/mailman', '/localhome'):
            alert_level = 90
        else:
            alert_level = 80

    if alert_level:
        print '  if space usage > %d%% then alert' % alert_level

    # inodes pour les disques
    if type != 'reiserfs' :
        print '  if inode usage > 80% then alert'

    print '  mode passive'
    print