#! /usr/bin/env python # -*- coding:iso-8859-15 -*- """ ToDo : ------ Revoir les scripts pour nut/upsmonitor Ajouter les ports tcp/udp quand il y en a """ debug = 0 import sre import sys, os # on récupère le hostname if debug : print 'DEBUG : Lecture de l\'hote' host = open('/etc/hostname').readline().strip() # fonctions utiles ################## def file_monitrc(hostname = host) : """ Retourne la configuration de la machine """ config = "" # headers if True : config += '# Configuration de monit sur %s générée par /usr/scripts/monit/generate.py\n' % hostname config += '\n' config += 'set daemon 60\n' config += '\n' config += 'set mailserver localhost, smtp.crans.org\n' config += '\n' config += 'set alert roots@crans.org { uid gid size nonexist data icmp invalid exec timeout resource checksum timestamp connection permission }\n' # changed config += '\n' config += 'set httpd port 2812\n' config += ' use address %s.adm.crans.org\n' % hostname config += ' use address localhost\n' config += ' allow proxy.adm.crans.org\n' config += ' allow localhost\n' config += ' allow crans:crans read-only\n' config += '\n' config += 'set mail-format {\n' config += 'from: roots@crans.org\n' config += 'subject: Monit %s - $SERVICE : $EVENT\n' % hostname config += 'message: Monit $ACTION $SERVICE at $DATE on $HOST.\n' config += '-- \n' config += 'Monit\n' config += '}\n' config += '\n' # disques if True : fstab = open("/etc/fstab") for line in fstab.readlines() : # on supprime les espaces line = line.strip().replace('\t',' ') # on saute les lignes inintérassantes if not line : continue if line[0] == "#" : continue # on découpe la ligne line = sre.split(' *',line) # on saute si c'est une partition non montée au démarrage if "noauto" in line[3].split(",") : continue # on saute si c'est une partition bind if "bind" in line[3].split(",") : continue # on saute les système pas intéressants if line[2] in ['swap','proc','tmpfs'] : continue # on saute le nfs if ':' in line[0] : continue # on ajoute les lignes config += '# partition %s\n' % line[1] config += 'check device fs%s with path %s\n' % (line[1], line[0]) if '/dev/mapper/' in line[0] : config += ' if failed permission 600 then alert\n' config += ' if failed uid root then alert\n' config += ' if failed gid root then alert\n' else : config += ' if failed permission 660 then alert\n' config += ' if failed uid root then alert\n' config += ' if failed gid disk then alert\n' # place sur ls disques if (hostname,line[1]) in [('sila','/var/spool/squid1'),('sila','/var/spool/squid2')] : continue elif (hostname,line[1]) in [('egon','/pubftp')] : config += ' if space usage > 95% then alert\n' elif (hostname,line[1]) in [('sila','/var/log/squid')] : config += ' if space usage > 90% then alert\n' else : config += ' if space usage > 80% then alert\n' # inodes pour les disques if line[2] != 'reiserfs' : config += ' if inode usage > 80% then alert\n' config += ' mode passive\n' config += '\n' # apache SSL if hostname in ['egon'] : config += '# apache-ssl\n' config += 'check process apache-ssl with pidfile /var/run/apache-ssl.pid\n' config += ' start program = "/etc/init.d/apache-ssl start"\n' config += ' stop program = "/etc/init.d/apache-ssl stop"\n' config += ' if failed host localhost port 80 protocol http then restart\n' #config += ' if failed host %s port 80 protocol http then restart\n' % hostname #config += ' if failed host localhost port 443 type tcpssl protocol http then restart\n' #config += ' if failed host %s port 80 protocol http then restart\n' % hostname config += ' if cpu is greater than 60% for 2 cycles then alert\n' config += ' if cpu > 80% for 5 cycles then restart\n' #config += ' if totalmem > 200.0 MB for 5 cycles then restart\n' config += ' if children > 250 then restart\n' config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n' config += ' if 3 restarts within 5 cycles then timeout\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # apache 2 if hostname in ['zamok','pegase'] : config += '# apache2\n' config += 'check process apache2 with pidfile /var/run/apache2.pid\n' config += ' start program = "/etc/init.d/apache2 start"\n' config += ' stop program = "/etc/init.d/apache2 stop"\n' if hostname == 'pegase' : config += ' if failed host localhost port 443 type tcpssl protocol http timeout 15 seconds then restart\n' else : config += ' if failed host localhost port 80 protocol http timeout 15 seconds then restart\n' config += ' if failed host localhost port 443 type tcpssl protocol http then restart\n' config += ' if cpu is greater than 60% for 2 cycles then alert\n' config += ' if cpu > 80% for 5 cycles then restart\n' #config += ' if totalmem > 500.0 MB for 5 cycles then restart\n' config += ' if children > 250 then restart\n' config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n' config += ' if 3 restarts within 5 cycles then timeout\n' config += '\n' # at if True : config += '# at\n' config += 'check process at with pidfile /var/run/atd.pid\n' config += ' start program = "/etc/init.d/atd start"\n' config += ' stop program = "/etc/init.d/atd stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # backuppc if hostname in ['pegase'] : config += '# backuppc\n' config += 'check process backuppc with pidfile /var/lib/backuppc/log/BackupPC.pid\n' config += ' start program = "/etc/init.d/backuppc start"\n' config += ' stop program = "/etc/init.d/backuppc stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # cups if hostname in ['zamok'] : config += '# cups\n' config += 'check process cups with pidfile /var/run/cups/cupsd.pid\n' config += ' start program = "/etc/init.d/cupsys start"\n' config += ' stop program = "/etc/init.d/cupsys stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # cron if True : config += '# cron\n' config += 'check process cron with pidfile /var/run/crond.pid\n' config += ' start program = "/etc/init.d/cron start"\n' config += ' stop program = "/etc/init.d/cron stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # freeradius if hostname in ['zamok','pegase'] : config += '# freeradius\n' config += 'check process freeradius with pidfile /var/run/freeradius/freeradius.pid\n' config += ' start program = "/etc/init.d/freeradius start"\n' config += ' stop program = "/etc/init.d/freeradius stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # inn if hostname in ['rouge'] : config += '# inn\n' config += 'check process inn with pidfile /var/run/news/innd.pid\n' config += ' start program = "/etc/init.d/inn2 start"\n' config += ' stop program = "/etc/init.d/inn2 stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # mailman if hostname in ['rouge'] : config += '# mailman\n' config += 'check process mailman with pidfile /var/run/mailman/mailman.pid\n' config += ' start program = "/etc/init.d/mailman start"\n' config += ' stop program = "/etc/init.d/mailman stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # munin-node if True : config += '# munin-node\n' config += 'check process munin-node with pidfile /var/run/munin/munin-node.pid\n' config += ' start program = "/etc/init.d/munin-node start"\n' config += ' stop program = "/etc/init.d/munin-node stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # mysql if hostname in ['zamok'] : config += '# mysql\n' config += 'check process mysql with pidfile /var/run/mysqld/mysqld.pid\n' config += ' start program = "/etc/init.d/mysql start"\n' config += ' stop program = "/etc/init.d/mysql stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # nscd if True : config += '# nscd\n' config += 'check process nscd with pidfile /var/run/nscd.pid\n' config += ' start program = "/etc/init.d/nscd start"\n' config += ' stop program = "/etc/init.d/nscd stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # nut - upsmonitor if hostname in ['zamok','vert','sila','komaz','rouge','ultra-adsl'] : config += '# nut\n' config += 'check process nut with pidfile /var/run/nut/upsmon.pid\n' config += ' start program = "/etc/init.d/ups-monitor start"\n' config += ' stop program = "/etc/init.d/ups-monitor stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # openntp / pas de pidfile, on peut pas monitorer if False : config += '# openntp\n' config += 'check process ntpd\n' config += ' start program = "/etc/init.d/openntpd start"\n' config += ' stop program = "/etc/init.d/openntpd stop"\n' config += ' if failed host 127.0.0.1 port 123 type udp then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # postfix if True : config += '# postfix\n' config += 'check process postfix with pidfile /var/spool/postfix/pid/master.pid\n' config += ' start program = "/etc/init.d/postfix start"\n' config += ' stop program = "/etc/init.d/postfix stop"\n' config += ' if failed port 25 protocol smtp timeout 15 seconds then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # postgresql if hostname in ['rouge','komaz'] : config += '# postgresql\n' config += 'check process postgresql with pidfile /var/lib/postgres/data/postmaster.pid\n' config += ' start program = "/etc/init.d/postgresql start"\n' config += ' stop program = "/etc/init.d/postgresql stop"\n' config += ' if failed port 5432 then restart\n' # config += ' if failed unixsocket /var/run/postgresql then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # privoxy if hostname in ['sila'] : config += '# privoxy\n' config += 'check process privoxy with pidfile /var/run/privoxy.pid\n' config += ' start program = "/etc/init.d/privoxy start"\n' config += ' stop program = "/etc/init.d/privoxy stop"\n' config += ' if failed host localhost port 8117 then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # proftpd if hostname in ['pegase'] : config += '# proftpd\n' config += 'check process proftpd with pidfile /var/run/proftpd.pid\n' config += ' start program = "/etc/init.d/proftpd start"\n' config += ' stop program = "/etc/init.d/proftpd stop"\n' config += ' if failed port 21 protocol ftp then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # slapd if hostname in ['pegase','sila','vert'] : config += '# slapd\n' config += 'check process slapd with pidfile /var/run/slapd/slapd.pid\n' config += ' start program = "/etc/init.d/slapd start"\n' config += ' stop program = "/etc/init.d/slapd stop"\n' config += ' if failed host localhost port 389 protocol ldap3 then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # spamd if hostname in ['zamok','rouge'] : config += '# spamd\n' config += 'check process spamd with pidfile /var/run/spamd.pid\n' config += ' start program = "/etc/init.d/spamassassin start"\n' config += ' stop program = "/etc/init.d/spamassassin stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # sqlgrey if hostname in ['zamok','rouge','ultra-adsl'] : config += '# sqlgrey\n' config += 'check process sqlgrey with pidfile /var/run/sqlgrey.pid\n' config += ' start program = "/etc/init.d/sqlgrey start"\n' config += ' stop program = "/etc/init.d/sqlgrey stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # squid #if hostname in ['sila'] : # config += '# squid\n' # config += 'check process squid with pidfile /var/run/squid.pid\n' # config += ' start program = "/etc/init.d/squid start"\n' # config += ' stop program = "/etc/init.d/squid stop"\n' # config += ' if failed host %s.crans.org port 3128 then restart\n' % hostname # config += ' if 5 restarts within 15 cycles then timeout\n' # config += '\n' # ssh if True : config += '# ssh\n' config += 'check process ssh with pidfile /var/run/sshd.pid\n' config += ' start program = "/etc/init.d/ssh start"\n' config += ' stop program = "/etc/init.d/ssh stop"\n' config += ' if failed port 22 protocol ssh then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # syslog-ng if hostname not in ['ultra-adsl'] : config += '# syslog-ng\n' config += 'check process syslog-ng with pidfile /var/run/syslog-ng.pid\n' config += ' start program = "/etc/init.d/syslog-ng start"\n' config += ' stop program = "/etc/init.d/syslog-ng stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += ' depend on file/var/log/messages\n' config += '\n' config += 'check file file/var/log/messages with path /var/log/messages\n' config += ' if timestamp > 15 minutes then alert\n' config += '\n' # sysklogd if hostname in ['ultra-adsl'] : config += '# syslogd\n' config += 'check process syslogd with pidfile /var/run/syslogd.pid\n' config += ' start program = "/etc/init.d/sysklogd start"\n' config += ' stop program = "/etc/init.d/sysklogd stop"\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # tinyproxy if hostname in ['ultra-adsl'] : config += '# tinyproxy\n' config += 'check process tinyproxy with pidfile /var/run/tinyproxy.pid\n' config += ' start program = "/etc/init.d/tinyproxy start"\n' config += ' stop program = "/etc/init.d/tinyproxy stop"\n' config += ' if failed host %s.crans.org port 3128 then restart\n' % hostname config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' # vsftpd if hostname in ['sila'] : config += '# vsftpd\n' config += 'check process vsftpd with pidfile /var/run/vsftpd/vsftpd.pid\n' config += ' start program = "/etc/init.d/vsftpd start"\n' config += ' stop program = "/etc/init.d/vsftpd stop"\n' config += ' if failed port 21 protocol ftp then restart\n' config += ' if 5 restarts within 5 cycles then timeout\n' config += '\n' return config if debug : print 'DEBUG : Fin de la création de la fonction file_monitrc' if debug : print 'DEBUG : Création de la fonction file_default' def file_default (hostname = host) : config = '# Configuration de monit sur %s\n' % hostname config += '# généré par monit.py\n' config += '\n' config += '# on lance monit au démarage\n' config += 'startup=1\n' config += '\n' config += '# intervale de vérification\n' config += 'CHECK_INTERVALS=60\n' return config if debug : print 'DEBUG : Fin de la création de la fonction file_default' # corps du programme #################### # vérification de l'uid #if debug : 'DEBUG : Vérification de l\'uid' if os.getuid() : print 'Il faut être root !' sys.exit(1) if len(sys.argv) <= 1 : commit = 'Mise à jour' else : commit = sys.argv[1] # le fichier de cron f = open('/etc/cron.d/monit','w') f.write('* * * * * root /usr/sbin/monit status > /usr/scripts/monit/status/%s\n' % host) f.close() # génération du monitrc if debug : print 'DEBUG : Ouverture de monitrc' f = open('/etc/monit/monitrc','w') if debug : print 'DEBUG : Ecriture de monitrc' f.write(file_monitrc()) if debug : print 'DEBUG : Fermeture de monitrc' f.close() if debug : print 'DEBUG : Commit de monitrc' #os.system('cvs commit -m "%s" /etc/monit/monitrc' % commit ) # génération du default if debug : print 'DEBUG : Ouverture de default/monit' f = open('/etc/default/monit','w') if debug : print 'DEBUG : Ecriture de default/monit' f.write(file_default()) if debug : print 'DEBUG : Fermeture de default/monit' f.close() if debug : print 'DEBUG : Commit de default/monit' #os.system('cvs commit -m "%s" /etc/default/monit' % commit ) os.system('/etc/init.d/monit restart') if debug : print 'DEBUG : Sortie du programme'