Jérémy Dubois
6a2faf5649
On OpenBSD, ansible_fqdn is the reverse of the IP, which is not always properly configured
56 lines
3.6 KiB
Django/Jinja
56 lines
3.6 KiB
Django/Jinja
# Allowed IPs
|
|
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
|
|
|
|
# SSL Certificate
|
|
ssl_cert_file=/etc/ssl/certs/{{ evobsd_ssl_cert_hostname }}.crt
|
|
ssl_privatekey_file=/etc/ssl/private/{{ evobsd_ssl_cert_hostname }}.key
|
|
|
|
{% if ansible_distribution_version is version_compare("7.2",'>=') %}
|
|
# Allow older cipher suites for older Icinga version
|
|
ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
|
|
|
|
{% endif %}
|
|
# System checks
|
|
command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10
|
|
command[check_load]=/usr/local/libexec/nagios/check_load --percpu --warning=0.7,0.6,0.5 --critical=0.9,0.8,0.7
|
|
command[check_disk1]=/usr/local/libexec/nagios/check_disk -e -w 10% -c 3% -W 10% -K 3% -C -w 5% -c 2% -W 5% -K 2% -p /home -x dev
|
|
command[check_zombie_procs]=/usr/local/libexec/nagios/check_procs -w 5 -c 10 -s Z
|
|
command[check_total_procs]=/usr/local/libexec/nagios/check_procs -w 150 -c 200
|
|
command[check_swap]=/usr/local/libexec/nagios/check_swap --no-swap=ok -a -w 30% -c 20%
|
|
|
|
# Generic services checks
|
|
command[check_smtp]=/usr/local/libexec/nagios/check_smtp -H localhost -f {{ general_alert_email }}
|
|
command[check_dns]=/usr/local/libexec/nagios/check_dns -H evolix.net
|
|
command[check_ntp]=/usr/local/libexec/nagios/check_ntp -H {{ nagios_nrpe_default_ntp_server}}
|
|
command[check_ssh]=/usr/local/libexec/nagios/check_ssh -p 22 localhost
|
|
command[check_mailq]=doas /usr/local/libexec/nagios/plugins/check_mailq.pl -M opensmtpd -w 5 -c 10
|
|
|
|
# Specific services checks
|
|
command[check_imap]=/usr/local/libexec/nagios/check_imap -H localhost
|
|
command[check_http]=/usr/local/libexec/nagios/check_http -H localhost -p 80
|
|
command[check_bind]=/usr/local/libexec/nagios/check_dig -l evolix.net -H localhost
|
|
command[check_unbound]=/usr/local/libexec/nagios/check_dig -l evolix.net -H localhost
|
|
#command[check_proxy]=/usr/local/libexec/nagios/check_tcp -p PORT
|
|
#command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445
|
|
command[check_mysql]=/usr/local/libexec/nagios/check_mysql -H 127.0.0.1 -f /etc/nrpe.d/.my.cnf
|
|
#command[check_vpn]=/usr/local/libexec/nagios/check_ping -H IPDISTANTE -p 1 -w 5000,100% -c 5000,100%
|
|
command[check_bioctl]=/usr/local/libexec/nagios/check_bioctl -d sd2
|
|
|
|
# Local checks (not packaged)
|
|
#command[check_openvpn]=/usr/local/libexec/nagios/plugins/check_openvpn.pl -H 127.0.0.1 -p 1195 -P PASSWORD
|
|
#command[check_openvpn]=/usr/local/libexec/nagios/plugins/check_openvpn # Wrapper of check_openvpn.pl, to use when the server is CARP backup and OpenVPN should not run
|
|
command[check_openvpn_certificates]=doas /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
|
#command[check_carp0]=/usr/local/libexec/nagios/plugins/check_carp_if carp0 master
|
|
command[check_mem]=/usr/local/libexec/nagios/plugins/check_free_mem.sh -w 20% -c 10%
|
|
#command[check_vpn]=/usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
|
command[check_pf_states]=doas /usr/local/libexec/nagios/plugins/check_pf_states
|
|
command[check_ospfd]=doas /usr/local/libexec/nagios/plugins/check_ospfd
|
|
command[check_ospf6d]=doas /usr/local/libexec/nagios/plugins/check_ospf6d
|
|
command[check_ospfd_simple]=doas /usr/local/libexec/nagios/plugins/check_ospfd_simple
|
|
#command[check_bgpd]=doas /usr/local/libexec/nagios/plugins/check_openbgpd -u
|
|
command[check_connections_state]=doas /usr/local/libexec/nagios/plugins/check_connections_state.sh
|
|
command[check_packetfilter]=doas /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
|
command[check_dhcpd]=/usr/local/libexec/nagios/plugins/check_dhcpd.sh
|
|
command[check_dhcp_pool]=/usr/local/libexec/nagios/plugins/check_dhcp_pool
|
|
command[check_ipmi_sensors]=doas /usr/local/libexec/nagios/plugins/check_ipmi_sensor
|