X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=nagios-master.cfg;h=27e34f7cb911c63f1b6d2ebe419ef8324b345be4;hb=35d5a04aea33a5fd14bba6d7eac58adf0cbb860c;hp=4560c013ad2258bf88c3acce833ece0181024fe6;hpb=67462d48e72c5f49f4181d5fb1719ecf8e140107;p=mirror%2Fdsa-nagios.git diff --git a/nagios-master.cfg b/nagios-master.cfg index 4560c01..27e34f7 100644 --- a/nagios-master.cfg +++ b/nagios-master.cfg @@ -15,14 +15,11 @@ # - verdi: pg upgrade, openvpn # - mundy: salinfo_decode # - puccini: mailgraph -# - lebrun: ippl # down: -# - ravel # - sarti # - goedel # - leisner -# - schulz --- ############################# @@ -88,10 +85,6 @@ servers: parents: gw-HP-ftc hostgroups: routing-infrastructure contacts: tjrc1 - gw-cst: - address: 213.188.99.215 - parents: gw-HP-ftc - hostgroups: routing-infrastructure gw-lrz: address: 129.187.0.150 parents: gw-HP-ftc @@ -193,8 +186,13 @@ servers: bartok: address: 82.195.75.91 parents: gw-man-da - hostgroups: computers, service, syslog-ng-hosts, postfix-hosts, dl385 + hostgroups: computers, service, syslog-ng-hosts, postfix-hosts, dl385, bind9-hosts contacts: joerg, bzed + morales: + address: 82.195.75.97 + parents: gw-man-da + hostgroups: computers, porterbox, single-cpu + contacts: bzed sperger: address: 82.195.75.98 parents: gw-man-da @@ -203,17 +201,22 @@ servers: agricola: address: 82.195.75.86 parents: gw-man-da - hostgroups: computers, porterbox, sw-raid, single-cpu + hostgroups: computers, porterbox, sw-raid, single-cpu, lenny contacts: bzed arcadelt: address: 82.195.75.87 parents: gw-man-da - hostgroups: computers, buildd, sw-raid, single-cpu + hostgroups: computers, buildd, sw-raid, single-cpu, lenny contacts: bzed liszt: address: 82.195.75.100 parents: gw-man-da - hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, dl385 + hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts, dl385 + contacts: bzed + auber: + address: 82.195.75.101 + parents: gw-man-da + hostgroups: computers, buildd, sw-raid contacts: bzed master: @@ -263,11 +266,11 @@ servers: steffani: address: 128.31.0.36 parents: gw-mit-csail - hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, sw-raid - casals: - address: 128.31.0.16 + hostgroups: computers, service, apache2-hosts, ftpd-hosts, rsyncd-hosts, sw-raid, bind9-hosts + mahler: + address: 128.31.0.46 parents: gw-mit-csail - hostgroups: deadslow + hostgroups: computers, single-cpu, lenny, porterbox, rsyslog-hosts klecker: address: 194.109.137.218 @@ -282,7 +285,7 @@ servers: argento: address: 195.49.152.174 parents: gw-dg-i.net - hostgroups: computers, buildd, sw-raid, single-cpu + hostgroups: computers, buildd, sw-raid, single-cpu, lenny contacts: bzed pergolesi: @@ -302,19 +305,16 @@ servers: albeniz: address: 193.62.202.27 parents: gw-sanger - hostgroups: computers, porterbox, sw-raid + # SMP kernel doesn't run stable + hostgroups: computers, porterbox, sw-raid, single-cpu contacts: tjrc1 goetz: address: 193.62.202.26 parents: gw-sanger - hostgroups: computers, buildd, sw-raid + # SMP kernel doesn't run stable + hostgroups: computers, buildd, sw-raid, single-cpu contacts: tjrc1 - escher: - address: 213.188.99.215 - parents: gw-cst - hostgroups: computers, porterbox, single-cpu - verdi: address: 192.54.42.193 parents: gw-lrz @@ -331,6 +331,11 @@ servers: parents: gw-1und1 hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts contacts: joerg + powell: + address: 87.106.64.223 + parents: gw-1und1 + hostgroups: computers, service, heavy-exim, rsyncd-hosts + contacts: joerg caballero: address: 193.201.200.200 @@ -365,7 +370,7 @@ servers: allegri: address: 157.193.39.233 parents: gw-HP-ftc - hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu + hostgroups: computers, buildd, postfix-hosts, sw-raid, single-cpu, lenny contacts: luk agnesi: @@ -378,16 +383,24 @@ servers: parents: gw-ubc hostgroups: computers, buildd contacts: lfilipoz + ravel: + address: 137.82.84.43 + parents: gw-ubc + hostgroups: computers, general, dl385, apache2-hosts lebrun: - address: 161.53.160.165 + address: 193.198.184.10 parents: gw-carnet hostgroups: computers, buildd + schroeder: + address: 193.198.184.11 + parents: gw-carnet + hostgroups: computers, buildd, sw-raid tartini: address: 82.94.249.158 parents: gw-telegraaf - hostgroups: computers, sw-raid + hostgroups: computers, sw-raid, apache2-hosts, mysql-hosts piatti: address: 193.167.161.225 @@ -449,9 +462,16 @@ hostgroups: alias: Hosts with only one CPU private: 1 + lenny: + alias: Hosts running lenny, not etch + private: 1 + syslog-ng-hosts: alias: hosts running syslog-ng instead of sysklogd private: 1 + rsyslog-hosts: + alias: hosts running rsyslogd instead of sysklogd + private: 1 postfix-hosts: alias: hosts running postfix instead of exim private: 1 @@ -459,7 +479,7 @@ hostgroups: alias: "hosts running the full mail stuff, including clamav, SA, and greylistd" private: 1 heavy-postfix: - alias: "postfix hosts running the full mail stuff, including clamav, SA, postgrey, amavis, policyd-weight" + alias: "postfix hosts running the full mail stuff, including clamav, SA, postgrey, policyd-weight" private: 1 apache2-hosts: alias: hosts running apache2 @@ -485,6 +505,9 @@ hostgroups: postgres81-hosts: alias: hosts running postgres81 private: 1 + mysql-hosts: + alias: hosts running mysql + private: 1 highload: alias: "hosts on which high load is normal" @@ -507,6 +530,15 @@ servicegroups: alias: raid checks kernel: alias: kernel checks + weaksshkeys: + alias: weak ssh keys + apt: + alias: apt upgrade status + samhain: + alias: samhain integrity status + security: + alias: security + servicegroup_members: apt, weaksshkeys, kernel, samhain ############################# # services @@ -543,31 +575,37 @@ services: servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /" hostgroups: computers + excludehosts: ries + - + name: disk usage on / + servicegroups: diskspace + nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /" + hosts: ries - name: disk usage on /boot servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 85 /boot" - hosts: sperger, rietz, steffani, penalosa, peri, albeniz, escher, goetz, mayer, mayr, paer, spontini, tartini + hosts: sperger, rietz, steffani, penalosa, peri, albeniz, goetz, mayer, mayr, paer, spontini, tartini, morales, ravel, auber, schroeder, piatti - name: disk usage on /var servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /var" - hosts: bartok, samosa, raff, lobos, villa, gluck, saens, escher, voltaire, puccini, lebrun, tartini + hosts: bartok, samosa, raff, lobos, villa, gluck, saens, voltaire, puccini, lebrun, tartini, morales, powell - name: disk usage on /org servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /org" - hosts: bartok, sperger, samosa, raff, lobos, villa, steffani, saens, pergolesi, verdi, puccini, spontini + hosts: sperger, samosa, raff, lobos, villa, steffani, saens, pergolesi, verdi, puccini, spontini, ravel, mahler, schroeder, piatti - name: disk usage on /org servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 90 95 /org" - hosts: merkel + hosts: merkel, bartok - name: disk usage on /srv servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 80 90 /srv" - hosts: agricola, arcadelt, argento, allegri, tartini + hosts: agricola, arcadelt, argento, allegri, tartini, morales, auber, powell - name: disk usage on /org/scratch servicegroups: diskspace @@ -577,17 +615,17 @@ services: name: disk usage on /tmp servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 60 80 /tmp" - hosts: samosa, raff, gluck, saens, escher, puccini, merkel, tartini + hosts: samosa, raff, gluck, saens, puccini, merkel, tartini, powell, piatti - name: disk usage on /usr servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /usr" - hosts: samosa, raff, lobos, villa, gluck, saens, pergolesi, puccini, merulo, tartini + hosts: samosa, raff, lobos, villa, gluck, saens, pergolesi, puccini, merulo, tartini, morales, powell - name: disk usage on /home servicegroups: diskspace nrpe: "/usr/lib/nagios/plugins/check_disk 75 90 /home" - hosts: raptor, escher, voltaire, lebrun + hosts: raptor, voltaire, lebrun - name: disk usage on /home servicegroups: diskspace @@ -616,14 +654,13 @@ services: ############ All Computers ############ #### - #- - # name: apt - security updates - # nrpe: "/usr/local/bin/nagios-check-apt-updates --warnifupdates" - # hostgroups: computers - # normal_check_interval: 480 - # notification_interval: 480 - # max_check_attempts: 4 - # retry_check_interval: 12 + - + name: apt - security updates + servicegroups: apt + nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/apt" + hostgroups: computers + normal_check_interval: 60 + retry_check_interval: 15 #### - name: backup @@ -632,6 +669,13 @@ services: normal_check_interval: 180 max_check_attempts: 2 retry_check_interval: 5 + - + name: backup server config + nrpe: "/usr/lib/nagios/plugins/dsa-check-dabackup-server" + hosts: bartok + normal_check_interval: 180 + max_check_attempts: 2 + retry_check_interval: 5 #### - @@ -642,6 +686,20 @@ services: normal_check_interval: 180 retry_check_interval: 5 + #### + - + name: process - samhain + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:8 -c 1: -u root -C samhain -a '/usr/sbin/samhain'" + hostgroups: computers + - + name: samhain + servicegroups: samhain + nrpe: "/usr/lib/nagios/plugins/dsa-check-samhain" + hostgroups: computers + depends: process - samhain + normal_check_interval: 240 + retry_check_interval: 5 + #### - name: users @@ -716,6 +774,40 @@ services: check: dsa_check_ssh_port!443 hosts: gluck normal_check_interval: 180 + + - + name: "network service - sshd - version" + check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch3" + depends: network service - sshd + hostgroups: computers, deadslow + excludehosts: agnesi, crest, kullervo + excludehostgroups: lenny + normal_check_interval: 360 + - + name: "network service - sshd - version" + check: "dsa_check_ssh_port_version!22!OpenSSH_4.3p2 Debian-9etch2+m68k1" + depends: network service - sshd + hosts: crest, kullervo + normal_check_interval: 360 + - + name: "network service - sshd - version" + check: "dsa_check_ssh_port_version!22!OpenSSH_5.1p1 Debian-2" + depends: network service - sshd + hostgroups: lenny + normal_check_interval: 360 + - + name: "network service - sshd - version - 2260" + check: "dsa_check_ssh_port_version!2260!OpenSSH_4.3p2 Debian-9etch3" + depends: network service - sshd - 2260 + hosts: agnesi + normal_check_interval: 360 + # + - + name: ssh - weak keys + servicegroups: weaksshkeys + nrpe: "/usr/lib/nagios/plugins/dsa-check-statusfile /var/cache/dsa/nagios/weak-ssh-keys" + hostgroups: computers + normal_check_interval: 360 #### - name: network service - nrpe @@ -776,17 +868,22 @@ services: name: process - syslog-ng nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslog-ng -a '/sbin/syslog-ng -p /var/run/syslog-ng.pid'" hostgroups: syslog-ng-hosts + ### + - + name: process - rsyslogd + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rsyslogd -a '/usr/sbin/rsyslogd -c3'" + hostgroups: rsyslog-hosts ### - name: process - syslogd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C syslogd -a '/sbin/syslogd'" hostgroups: computers - excludehostgroups: syslog-ng-hosts + excludehostgroups: syslog-ng-hosts, rsyslog-hosts - name: process - klogd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C klogd -a '/sbin/klogd -x'" hostgroups: computers - excludehostgroups: syslog-ng-hosts + excludehostgroups: syslog-ng-hosts, rsyslog-hosts ### MAIL STUFF ### @@ -820,6 +917,10 @@ services: name: process - clamav - freshclam nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C freshclam -a '/usr/bin/freshclam -d --quiet'" hostgroups: heavy-exim, heavy-postfix + - + name: process - clamav - getsigs + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u clamav -C getclamsigs -a 'getclamsigs'" + hostgroups: heavy-exim, heavy-postfix # - name: unwanted process - clamav @@ -831,6 +932,11 @@ services: nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C freshclam" hostgroups: computers excludehostgroups: heavy-exim, heavy-postfix + - + name: unwanted process - clamav - getsigs + nrpe: "/usr/lib/nagios/plugins/check_procs -w 0:0 -C getclamsigs" + hostgroups: computers + excludehostgroups: heavy-exim, heavy-postfix ### - name: process - spamd - master @@ -1025,7 +1131,7 @@ services: - name: network service - smtp - port 8080 check: dsa_check_smtp_port!8080 - hosts: murphy, piatti + hosts: murphy depends: process - postfix - master - name: network service - smtp - port 2025 @@ -1043,8 +1149,8 @@ services: - - name: setup - debian-admin in etc aliases - nrpe: "/usr/lib/nagios/plugins/dsa-check-da-in-aliases" + name: setup - dsa config + nrpe: "/usr/lib/nagios/plugins/dsa-check-config" hostgroups: computers normal_check_interval: 120 - @@ -1106,7 +1212,7 @@ services: - name: process - rngd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C rngd -a '/usr/sbin/rngd -r /dev/hwrng'" - hosts: bartok + hostgroups: dl385 ### - name: process - sensord @@ -1140,7 +1246,14 @@ services: name: HW - hpacucli status servicegroups: raid nrpe: "/usr/lib/nagios/plugins/dsa-check-hpacucli" + normal_check_interval: 120 hostgroups: dl385, dl380, dl360 + ### + - + name: RAID - areca + servicegroups: raid + nrpe: "/usr/lib/nagios/plugins/dsa-check-raid-areca" + hosts: powell ### - name: RAID - DAC960 @@ -1163,13 +1276,13 @@ services: ### - name: process - slapd - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1:50 -u openldap -C slapd -a '/usr/sbin/slapd -g openldap -u openldap'" + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:20 -c 1:50 -u openldap -C slapd -a '/usr/sbin/slapd -h ldap:/// ldaps:/// -g openldap -u openldap'" hosts: samosa ### - name: process - udevd nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C udevd -a 'udevd'" - hosts: sperger, ries, steffani, merkel, spohr, peri, penalosa, albeniz, escher, verdi, liszt, kassia, agricola, arcadelt, argento, allegri + hosts: sperger, ries, steffani, merkel, spohr, peri, penalosa, albeniz, verdi, liszt, kassia, agricola, arcadelt, argento, allegri, morales, bartok, schroeder ### - name: process - acpid @@ -1256,13 +1369,13 @@ services: - name: network service - https check: check_https - hosts: samosa + hosts: samosa, ries depends: "process - apache2 - master" normal_check_interval: 120 - name: network service - https cert check: dsa_check_cert!443 - hosts: samosa + hosts: samosa, ries depends: network service - https normal_check_interval: 240 #### @@ -1300,7 +1413,7 @@ services: - name: process - debianqueued nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -u dak -C debianqueued" - hosts: ries + hosts: ries, ravel ### - @@ -1322,21 +1435,31 @@ services: nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u postgres -C postmaster -a 'postgres: stats collector process'" hostgroups: postgres81-hosts depends: process - postresql81 - master - #### - - name: process - xenconsoled - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenconsoled -a 'xenconsoled'" - hosts: piatti + name: process - mysql - master + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:2 -c 1: -u root -C mysqld_safe -a '/bin/sh /usr/bin/mysqld_safe'" + hostgroups: mysql-hosts - - name: process - xenstored - nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenstored -a '/usr/lib/xen-3.0.3-1/bin/xenstored --pid-file /var/run/xenstore.pid'" - hosts: piatti - - - name: process - xend - nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 2: -u root -C python -a 'python /usr/lib/xen-3.0.3-1/bin/xend start'" - hosts: piatti + name: process - mysql - workers + nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:25 -c 1: -u mysql -C mysqld -a /usr/sbin/mysqld" + hostgroups: mysql-hosts + depends: process - mysql - master + #### + #- + # name: process - xenconsoled + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenconsoled -a 'xenconsoled'" + # hosts: piatti + #- + # name: process - xenstored + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1: -u root -C xenstored -a '/usr/lib/xen-3.0.3-1/bin/xenstored --pid-file /var/run/xenstore.pid'" + # hosts: piatti + #- + # name: process - xend + # nrpe: "/usr/lib/nagios/plugins/check_procs -w 2:2 -c 2: -u root -C python -a 'python /usr/lib/xen-3.0.3-1/bin/xend start'" + # hosts: piatti +# #### # XXX is this needed? -