4 069
contributi
Monitorare un server con Munin e Monit: differenze tra le versioni
Vai alla navigazione
Vai alla ricerca
Monitorare un server con Munin e Monit (visualizza wikitesto)
Versione delle 11:33, 9 mar 2014
, 9 mar 2014→Protezione di Munin
| Riga 99: | Riga 99: | ||
# /etc/init.d/apache2 restart | # /etc/init.d/apache2 restart | ||
# /etc/init.d/munin-node restart | # /etc/init.d/munin-node restart | ||
</pre> | |||
== Installazione di Monit == | |||
Installare Monit in Debian è semplice: | |||
<pre> | |||
# apt-get install monit | |||
</pre> | |||
Il file di configurazione è <tt>/etc/monit/monitrc</tt>. Il file di default contiene un sacco di esempi. Nel nostro caso noi vogliamo: | |||
* monitorare proftpd, sshd, mysql, apache, postfix | |||
* abilitare l'interfaccia di monit sulla porta 2812 | |||
* abilitare HTTPS sull'interfaccia | |||
* proteggere le pagine con una username e una password | |||
* inviare degli alert vie email all'indirizzo root@localhost | |||
Salviamo la configurazione originale e creiamo quindi il nostro file di configurazione, secondo le specifiche stabilite: | |||
<pre> | |||
# cp /etc/monit/monitrc /etc/monit/monitrc_orig | |||
# cat /dev/null > /etc/monit/monitrc | |||
# nano /etc/monit/monitrc | |||
</pre> | |||
dandogli questo contenuto: | |||
<pre> | |||
set daemon 60 | |||
set logfile syslog facility log_daemon | |||
set mailserver localhost | |||
set mail-format { from: monit@server1.example.com } | |||
set alert root@localhost | |||
set httpd port 2812 and | |||
SSL ENABLE | |||
PEMFILE /var/certs/monit.pem | |||
allow admin:test | |||
check process proftpd with pidfile /var/run/proftpd.pid | |||
start program = "/etc/init.d/proftpd start" | |||
stop program = "/etc/init.d/proftpd stop" | |||
if failed port 21 protocol ftp then restart | |||
if 5 restarts within 5 cycles then timeout | |||
check process sshd with pidfile /var/run/sshd.pid | |||
start program "/etc/init.d/ssh start" | |||
stop program "/etc/init.d/ssh stop" | |||
if failed port 22 protocol ssh then restart | |||
if 5 restarts within 5 cycles then timeout | |||
check process mysql with pidfile /var/run/mysqld/mysqld.pid | |||
group database | |||
start program = "/etc/init.d/mysql start" | |||
stop program = "/etc/init.d/mysql stop" | |||
if failed host 127.0.0.1 port 3306 then restart | |||
if 5 restarts within 5 cycles then timeout | |||
check process apache with pidfile /var/run/apache2.pid | |||
group www | |||
start program = "/etc/init.d/apache2 start" | |||
stop program = "/etc/init.d/apache2 stop" | |||
if failed host www.example.com port 80 protocol http | |||
and request "/monit/token" then restart | |||
if cpu is greater than 60% for 2 cycles then alert | |||
if cpu > 80% for 5 cycles then restart | |||
if totalmem > 500 MB for 5 cycles then restart | |||
if children > 250 then restart | |||
if loadavg(5min) greater than 10 for 8 cycles then stop | |||
if 3 restarts within 5 cycles then timeout | |||
check process postfix with pidfile /var/spool/postfix/pid/master.pid | |||
group mail | |||
start program = "/etc/init.d/postfix start" | |||
stop program = "/etc/init.d/postfix stop" | |||
if failed port 25 protocol smtp then restart | |||
if 5 restarts within 5 cycles then timeout | |||
#check process nginx with pidfile /var/run/nginx.pid | |||
# start program = "/etc/init.d/nginx start" | |||
# stop program = "/etc/init.d/nginx stop" | |||
# if failed host 127.0.0.1 port 80 then restart | |||
# | |||
#check process memcached with pidfile /var/run/memcached.pid | |||
# start program = "/etc/init.d/memcached start" | |||
# stop program = "/etc/init.d/memcached stop" | |||
# if failed host 127.0.0.1 port 11211 then restart | |||
# | |||
#check process pureftpd with pidfile /var/run/pure-ftpd/pure-ftpd.pid | |||
# start program = "/etc/init.d/pure-ftpd-mysql start" | |||
# stop program = "/etc/init.d/pure-ftpd-mysql stop" | |||
# if failed port 21 protocol ftp then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process named with pidfile /var/run/named/named.pid | |||
# start program = "/etc/init.d/bind9 start" | |||
# stop program = "/etc/init.d/bind9 stop" | |||
# if failed host 127.0.0.1 port 53 type tcp protocol dns then restart | |||
# if failed host 127.0.0.1 port 53 type udp protocol dns then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process ntpd with pidfile /var/run/ntpd.pid | |||
# start program = "/etc/init.d/ntp start" | |||
# stop program = "/etc/init.d/ntp stop" | |||
# if failed host 127.0.0.1 port 123 type udp then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process mailman with pidfile /var/run/mailman/mailman.pid | |||
# group mail | |||
# start program = "/etc/init.d/mailman start" | |||
# stop program = "/etc/init.d/mailman stop" | |||
# | |||
#check process amavisd with pidfile /var/run/amavis/amavisd.pid | |||
# group mail | |||
# start program = "/etc/init.d/amavis start" | |||
# stop program = "/etc/init.d/amavis stop" | |||
# if failed port 10024 protocol smtp then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process courier-imap with pidfile /var/run/courier/imapd.pid | |||
# group mail | |||
# start program = "/etc/init.d/courier-imap start" | |||
# stop program = "/etc/init.d/courier-imap stop" | |||
# if failed host localhost port 143 type tcp protocol imap then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process courier-imap-ssl with pidfile /var/run/courier/imapd-ssl.pid | |||
# group mail | |||
# start program = "/etc/init.d/courier-imap-ssl start" | |||
# stop program = "/etc/init.d/courier-imap-ssl stop" | |||
# if failed host localhost port 993 type tcpssl sslauto protocol imap then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process courier-pop3 with pidfile /var/run/courier/pop3d.pid | |||
# group mail | |||
# start program = "/etc/init.d/courier-pop start" | |||
# stop program = "/etc/init.d/courier-pop stop" | |||
# if failed host localhost port 110 type tcp protocol pop then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process courier-pop3-ssl with pidfile /var/run/courier/pop3d-ssl.pid | |||
# group mail | |||
# start program = "/etc/init.d/courier-pop-ssl start" | |||
# stop program = "/etc/init.d/courier-pop-ssl stop" | |||
# if failed host localhost port 995 type tcpssl sslauto protocol pop then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
# | |||
#check process dovecot with pidfile /var/run/dovecot/master.pid | |||
# group mail | |||
# start program = "/etc/init.d/dovecot start" | |||
# stop program = "/etc/init.d/dovecot stop" | |||
# if failed host localhost port 993 type tcpssl sslauto protocol imap then restart | |||
# if 5 restarts within 5 cycles then timeout | |||
</pre> | </pre> | ||