diff --git a/monit/generate.py b/monit/generate.py deleted file mode 100755 index 48014199..00000000 --- a/monit/generate.py +++ /dev/null @@ -1,573 +0,0 @@ -#! /usr/bin/env python -# -*- coding:iso-8859-15 -*- - -import sre -import sys, os, time -import commands - -# on récupère le hostname -host = commands.getoutput("hostname").split('.')[0] - -# est ce que c'est un systeme bsd -if host in ['ragnarok'] : - bsd = True -else : - bsd = False - -# fonctions utiles -################## - -def file_monitrc(hostname = host) : - """ - Retourne la configuration de la machine - """ - config = "" - timeout = "timeout 30 seconds" - - # headers - if True : - config += '# Configuration de monit sur %s générée par /usr/scripts/monit/generate.py\n' % hostname - config += '\n' - - config += 'set daemon 60\n' - config += '\n' - - config += 'set mailserver localhost, smtp.crans.org\n' - config += '\n' - - if bsd : - config += 'set alert chove@crans.org { uid gid size timeout resource checksum timestamp connection permission }\n' # changed - else : - config += 'set alert roots@crans.org { uid gid size nonexist data icmp invalid exec timeout resource checksum timestamp connection permission }\n' # changed - config += '\n' - - config += 'set httpd port 2812\n' - config += ' use address %s.adm.crans.org\n' % hostname - config += ' use address localhost\n' - config += ' allow proxy.adm.crans.org\n' - config += ' allow localhost\n' - config += ' allow crans:crans read-only\n' - config += '\n' - - config += 'set mail-format {\n' - config += 'from: roots@crans.org\n' - config += 'subject: Monit %s - $SERVICE : $EVENT\n' % hostname - config += 'message: Monit $ACTION $SERVICE at $DATE on $HOST.\n' - config += '-- \n' - config += 'Monit\n' - config += '}\n' - config += '\n' - - # disques - if True : - - fstab = open("/etc/fstab") - - for line in fstab.readlines() : - # on supprime les espaces - line = line.strip().replace('\t',' ') - - # on saute les lignes inintérassantes - if not line : - continue - if line[0] == "#" : - continue - - # on découpe la ligne - line = sre.split(' *',line) - - # on saute si c'est une partition non montée au démarrage - if "noauto" in line[3].split(",") : - continue - - # on saute si c'est une partition bind - if "bind" in line[3].split(",") : - continue - - # on saute les système pas intéressants - if line[2] in ['swap','proc','tmpfs'] : - continue - - # on saute le nfs - if ':' in line[0] : - continue - - # on ajoute les lignes de configuration générale - config += '# partition %s\n' % line[1] - config += 'check device fs%s with path %s\n' % (line[1], line[0]) - - if '/dev/mapper/' in line[0] : - config += ' if failed permission 600 then alert\n' - config += ' if failed uid root then alert\n' - config += ' if failed gid root then alert\n' - else : - # droits - if bsd : - config += ' if failed permission 640 then alert\n' - else : - config += ' if failed permission 660 then alert\n' - - # proprio - config += ' if failed uid root then alert\n' - - # groupe - if bsd : - config += ' if failed gid operator then alert\n' - else : - config += ' if failed gid disk then alert\n' - - # place sur les disques - if (hostname,line[1]) in [('sila','/var/spool/squid1'),('sila','/var/spool/squid2')] : - pass - elif (hostname,line[1]) in [('egon','/pubftp')] : - config += ' if space usage > 95% then alert\n' - elif (hostname,line[1]) in [('sila','/var/log/squid'),('sila','/pubftp')] : - config += ' if space usage > 90% then alert\n' - else : - config += ' if space usage > 80% then alert\n' - - # inodes pour les disques - if line[2] != 'reiserfs' : - config += ' if inode usage > 80% then alert\n' - - config += ' mode passive\n' - config += '\n' - - # apache SSL - if hostname in ['egon'] : - config += '# apache-ssl\n' - config += 'check process apache-ssl with pidfile /var/run/apache-ssl.pid\n' - config += ' start program = "/etc/init.d/apache-ssl start"\n' - config += ' stop program = "/etc/init.d/apache-ssl stop"\n' - config += ' if failed host localhost port 80 protocol http %s then restart\n' % timeout - #config += ' if failed host %s port 80 protocol http then restart\n' % hostname - #config += ' if failed host localhost port 443 type tcpssl protocol http then restart\n' - #config += ' if failed host %s port 80 protocol http then restart\n' % hostname - config += ' if cpu is greater than 60% for 2 cycles then alert\n' - config += ' if cpu > 80% for 5 cycles then restart\n' - #config += ' if totalmem > 200.0 MB for 5 cycles then restart\n' - config += ' if children > 250 then restart\n' - config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n' - config += ' if 3 restarts within 5 cycles then timeout\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # apache 2 - if hostname in ['zamok','pegase'] : - config += '# apache2\n' - config += 'check process apache2 with pidfile /var/run/apache2.pid\n' - config += ' start program = "/etc/init.d/apache2 start"\n' - config += ' stop program = "/etc/init.d/apache2 stop"\n' - if hostname == 'pegase' : - config += ' if failed host localhost port 443 type tcpssl protocol http %s then restart\n' % timeout - else : - config += ' if failed host localhost port 80 protocol http %s then restart\n' % timeout - config += ' if failed host localhost port 443 type tcpssl protocol http %s then restart\n' % timeout - config += ' if cpu is greater than 60% for 2 cycles then alert\n' - config += ' if cpu > 80% for 5 cycles then restart\n' - #config += ' if totalmem > 500.0 MB for 5 cycles then restart\n' - config += ' if children > 250 then restart\n' - config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n' - config += ' if 3 restarts within 5 cycles then timeout\n' - config += '\n' - - # apache sur ragnarok - if hostname in ['ragnarok'] : - config += '# apache\n' - config += 'check process httpd with pidfile /var/www/logs/httpd.pid\n' - config += ' start program = "/bin/systrace -U -A /usr/sbin/httpd -DSSL"\n' - config += ' stop program = "/usr/sbin/apachectl stop"\n' - #config += ' if failed host localhost port 80 protocol http %s then restart\n' % timeout - #config += ' if failed host localhost port 443 type tcpssl protocol http %s then restart\n' % timeout - config += ' if cpu is greater than 60% for 2 cycles then alert\n' - config += ' if cpu > 80% for 5 cycles then restart\n' - config += ' if children > 100 then restart\n' - config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n' - config += ' if 3 restarts within 5 cycles then timeout\n' - config += '\n' - - # at - if not bsd : - config += '# at\n' - config += 'check process at with pidfile /var/run/atd.pid\n' - config += ' start program = "/etc/init.d/atd start"\n' - config += ' stop program = "/etc/init.d/atd stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # backuppc - if hostname in ['pegase'] : - config += '# backuppc\n' - config += 'check process backuppc with pidfile /var/lib/backuppc/log/BackupPC.pid\n' - config += ' start program = "/etc/init.d/backuppc start"\n' - config += ' stop program = "/etc/init.d/backuppc stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # bind - if hostname in ['ragnarok'] and False : - config += '# bind\n' - config += 'check process bind with pidfile /var/run/named.pid\n' - config += ' start program = "???"\n' - config += ' stop program = "/bin/kill `cat /var/run/named.pid`"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - if hostname in ['rouge','sila','ultra-adsl'] : - config += '# bind\n' - config += 'check process bind with pidfile /var/run/bind/run/named.pid\n' - config += ' start program = "/etc/init.d/bind9 start"\n' - config += ' stop program = "/etc/init.d/bind9 stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # cups - if hostname in ['zamok'] : - config += '# cups\n' - config += 'check process cups with pidfile /var/run/cups/cupsd.pid\n' - config += ' start program = "/etc/init.d/cupsys start"\n' - config += ' stop program = "/etc/init.d/cupsys stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # cron - if bsd : - config += '# cron\n' - config += 'check process cron with pidfile /var/run/cron.pid\n' - config += ' start program = "/usr/sbin/cron"\n' - config += ' stop program = "/bin/kill `cat /var/run/cron.pid`"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - else : - config += '# cron\n' - config += 'check process cron with pidfile /var/run/crond.pid\n' - config += ' start program = "/etc/init.d/cron start"\n' - config += ' stop program = "/etc/init.d/cron stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # dhcp - if hostname in ['ragnarok'] : - pass - - # filtrage des logs : - # netacct - if hostname in ['komaz'] : - config += '# filtrage_netacct\n' - config += 'check process filtrage_netacct with pidfile /var/run/filtrage_netacct.pid\n' - config += ' start program = "/etc/init.d/filtrage_netacct start"\n' - config += ' stop program = "/etc/init.d/filtrage_netacct stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - # filtrage des logs : - # firewall - if hostname in ['komaz'] : - config += '# filtrage_firewall\n' - config += 'check process filtrage_firewall with pidfile /var/run/filtrage_firewall.pid\n' - config += ' start program = "/etc/init.d/filtrage_firewall start"\n' - config += ' stop program = "/etc/init.d/filtrage_firewall stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - - # freeradius - if hostname in ['zamok','pegase'] : - config += '# freeradius\n' - config += 'check process freeradius with pidfile /var/run/freeradius/freeradius.pid\n' - config += ' start program = "/etc/init.d/freeradius start"\n' - config += ' stop program = "/etc/init.d/freeradius stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # inn - if hostname in ['rouge'] : - config += '# inn\n' - config += 'check process inn with pidfile /var/run/news/innd.pid\n' - config += ' start program = "/etc/init.d/inn2 start"\n' - config += ' stop program = "/etc/init.d/inn2 stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # isakmpd - if hostname in ['ragnarok'] : - config += '# isakmpd\n' - config += 'check process isakmpd with pidfile /var/run/isakmpd.pid\n' - config += ' start program = "/sbin/isakmpd -d"\n' - config += ' stop program = "/bin/kill `cat /var/run/isakmpd.pid`"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # mailman - if hostname in ['rouge'] : - config += '# mailman\n' - config += 'check process mailman with pidfile /var/run/mailman/mailman.pid\n' - config += ' start program = "/etc/init.d/mailman start"\n' - config += ' stop program = "/etc/init.d/mailman stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # munin-node - if not bsd : - config += '# munin-node\n' - config += 'check process munin-node with pidfile /var/run/munin/munin-node.pid\n' - config += ' start program = "/etc/init.d/munin-node start"\n' - config += ' stop program = "/etc/init.d/munin-node stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # mysql - if hostname in ['zamok'] : - config += '# mysql\n' - config += 'check process mysql with pidfile /var/run/mysqld/mysqld.pid\n' - config += ' start program = "/etc/init.d/mysql start"\n' - config += ' stop program = "/etc/init.d/mysql stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # nscd - if not bsd : - config += '# nscd\n' - config += 'check process nscd with pidfile /var/run/nscd.pid\n' - config += ' start program = "/etc/init.d/nscd start"\n' - config += ' stop program = "/etc/init.d/nscd stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += ' if failed unixsocket /var/run/.nscd_socket then restart\n' - config += '\n' - - # nut - upsmonitor - if hostname in ['zamok','vert','sila','komaz','rouge','ultra-adsl'] : - config += '# nut\n' - config += 'check process nut with pidfile /var/run/nut/upsmon.pid\n' - config += ' start program = "/etc/init.d/ups-monitor start"\n' - config += ' stop program = "/etc/init.d/ups-monitor stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # openntp / pas de pidfile, on peut pas monitorer - if False : - config += '# openntp\n' - config += 'check process ntpd\n' - config += ' start program = "/etc/init.d/openntpd start"\n' - config += ' stop program = "/etc/init.d/openntpd stop"\n' - config += ' if failed host 127.0.0.1 port 123 type udp %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # postfix - if not bsd : - config += '# postfix\n' - config += 'check process postfix with pidfile /var/spool/postfix/pid/master.pid\n' - config += ' start program = "/etc/init.d/postfix start"\n' - config += ' stop program = "/etc/init.d/postfix stop"\n' - config += ' if failed port 25 protocol smtp %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # postgresql - if hostname in ['rouge'] : - config += '# postgresql\n' - config += 'check process postgresql with pidfile /var/lib/postgres/data/postmaster.pid\n' - config += ' start program = "/etc/init.d/postgresql start"\n' - config += ' stop program = "/etc/init.d/postgresql stop"\n' - config += ' if failed port 5432 %s then restart\n' % timeout - # config += ' if failed unixsocket /var/run/postgresql then restart\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # privoxy - if hostname in ['sila'] : - config += '# privoxy\n' - config += 'check process privoxy with pidfile /var/run/privoxy.pid\n' - config += ' start program = "/etc/init.d/privoxy start"\n' - config += ' stop program = "/etc/init.d/privoxy stop"\n' - config += ' if failed host localhost port 8117 %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # proftpd - if hostname in ['pegase'] : - config += '# proftpd\n' - config += 'check process proftpd with pidfile /var/run/proftpd.pid\n' - config += ' start program = "/etc/init.d/proftpd start"\n' - config += ' stop program = "/etc/init.d/proftpd stop"\n' - config += ' if failed port 21 protocol ftp %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # rsync - if hostname in ['ragnarok'] and False : - config += '# rsyncd\n' - config += 'check process rsyncd with pidfile /var/run/rsyncd.pid\n' - config += ' start program = "???"\n' - config += ' stop program = "/bin/kill `cat /var/run/rsyncd.pid`"\n' - config += ' if failed port 873 %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # slapd - if hostname in ['pegase','sila','vert'] : - config += '# slapd\n' - config += 'check process slapd with pidfile /var/run/slapd/slapd.pid\n' - config += ' start program = "/etc/init.d/slapd start"\n' - config += ' stop program = "/etc/init.d/slapd stop"\n' - config += ' if failed host localhost port 389 protocol ldap3 %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # spamd - if hostname in ['zamok','rouge'] : - config += '# spamd\n' - config += 'check process spamd with pidfile /var/run/spamd.pid\n' - config += ' start program = "/etc/init.d/spamassassin start"\n' - config += ' stop program = "/etc/init.d/spamassassin stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # sqlgrey - if hostname in ['zamok','rouge','ultra-adsl'] : - config += '# sqlgrey\n' - config += 'check process sqlgrey with pidfile /var/run/sqlgrey.pid\n' - config += ' start program = "/etc/init.d/sqlgrey start"\n' - config += ' stop program = "/etc/init.d/sqlgrey stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # squid / redémare tout le temps - if False : - config += '# squid\n' - config += 'check process squid with pidfile /var/run/squid.pid\n' - config += ' start program = "/etc/init.d/squid start"\n' - config += ' stop program = "/etc/init.d/squid stop"\n' - config += ' if failed host %s.crans.org port 3128 then restart\n' % hostname - config += ' if 5 restarts within 15 cycles then timeout\n' - config += '\n' - - # ssh - if not bsd : - config += '# ssh\n' - config += 'check process ssh with pidfile /var/run/sshd.pid\n' - config += ' start program = "/etc/init.d/ssh start"\n' - config += ' stop program = "/etc/init.d/ssh stop"\n' - config += ' if failed port 22 protocol ssh %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # syslog - if bsd : - config += '# syslog\n' - config += 'check process syslog with pidfile /var/run/syslog.pid\n' - config += ' start program = "/usr/local/bin/rsync --daemon --config /etc/rsyncd.conf"\n' - config += ' stop program = "/bin/kill `cat /var/run/syslog.pid`"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # syslog-ng - if hostname not in ['ultra-adsl'] and not bsd : - config += '# syslog-ng\n' - config += 'check process syslog-ng with pidfile /var/run/syslog-ng.pid\n' - config += ' start program = "/etc/init.d/syslog-ng start"\n' - config += ' stop program = "/etc/init.d/syslog-ng stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += ' depend on file/var/log/messages\n' - config += '\n' - config += 'check file file/var/log/messages with path /var/log/messages\n' - config += ' if timestamp > 15 minutes then alert\n' - config += '\n' - - # sysklogd - if hostname in ['ultra-adsl'] : - config += '# syslogd\n' - config += 'check process syslogd with pidfile /var/run/syslogd.pid\n' - config += ' start program = "/etc/init.d/sysklogd start"\n' - config += ' stop program = "/etc/init.d/sysklogd stop"\n' - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # tinyproxy - if hostname in ['ultra-adsl'] : - config += '# tinyproxy\n' - config += 'check process tinyproxy with pidfile /var/run/tinyproxy.pid\n' - config += ' start program = "/etc/init.d/tinyproxy start"\n' - config += ' stop program = "/etc/init.d/tinyproxy stop"\n' - config += ' if failed host %s.crans.org port 3128 %s then restart\n' % (hostname,timeout) - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - # vsftpd - if hostname in ['sila'] : - config += '# vsftpd\n' - config += 'check process vsftpd with pidfile /var/run/vsftpd/vsftpd.pid\n' - config += ' start program = "/etc/init.d/vsftpd start"\n' - config += ' stop program = "/etc/init.d/vsftpd stop"\n' - config += ' if failed port 21 protocol ftp %s then restart\n' % timeout - config += ' if 5 restarts within 5 cycles then timeout\n' - config += '\n' - - return config - -def file_default (hostname = host) : - config = '# Configuration de monit sur %s\n' % hostname - config += '# généré par monit.py\n' - config += '\n' - config += '# on lance monit au démarage\n' - config += 'startup=1\n' - config += '\n' - config += '# intervale de vérification\n' - config += 'CHECK_INTERVALS=60\n' - - return config - -# corps du programme -#################### - -# vérification de l'uid -if os.getuid() : - print 'Il faut être root !' - sys.exit(1) - -# le fichier de cron -if bsd : - print "Système bsd, crontab non mis à jour" -else : - f = open('/etc/cron.d/monit','w') - f.write('* * * * * root /usr/sbin/monit status > /usr/scripts/monit/status/%s\n' % host) - f.close() - -# génération du monitrc -if bsd : - f = open('/etc/monitrc','w') -else : - f = open('/etc/monit/monitrc','w') -f.write(file_monitrc()) -f.close() - -# génération du default -if not bsd : - f = open('/etc/default/monit','w') - f.write(file_default()) - f.close() - -# redémarage de monit -if bsd : - - # arret - out = commands.getstatusoutput("/bin/kill `cat /var/run/monit.pid`") - if out[0] : - print "Erreur arrêt de monit" - print out[1].replace('\n','\n ') - else : - print "Arrêt de monit : OK" - - # on sleep, sinon le fichier monit.pid est bloqué, et il ne - # peut pas être écrit par la commande de démarage - time.sleep(1) - - # démarage - out = commands.getstatusoutput("monit -c /etc/monitrc -d 60 -p /var/run/monit.pid") - if out[0] : - print "Erreur démarage de monit" - print ' ' + out[1].replace('\n','\n ') - else : - print "Démarage de monit : OK" -else : - os.system('/etc/init.d/monit restart')