Compare commits
12 commits
stable
...
evodomains
Author | SHA1 | Date | |
---|---|---|---|
c27c4b1698 | |||
6f178d92ab | |||
d571115e9f | |||
2982fb6625 | |||
e68bc6fe15 | |||
d1b602c838 | |||
919bf5c907 | |||
ccea609173 | |||
e080357a1d | |||
a0772bc5c4 | |||
3d677aaab5 | |||
0a6ae58752 |
|
@ -16,12 +16,14 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
* php: install php-xml with recent PHP versions
|
* php: install php-xml with recent PHP versions
|
||||||
* vrrp: add an `ip.yml` task file to help create VRRP addresses
|
* vrrp: add an `ip.yml` task file to help create VRRP addresses
|
||||||
* webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
|
* webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
|
||||||
|
* inspect-domains: Add role
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
* evocheck: upstream release 22.08.1
|
* evocheck: upstream release 22.08.1
|
||||||
* generate-ldif: Support any MariaDB version
|
* generate-ldif: Support any MariaDB version
|
||||||
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
|
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
|
||||||
|
* nagios-nrpe: Add check_domains
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
|
362
evolinux-base/files/evodomains.py
Executable file
362
evolinux-base/files/evodomains.py
Executable file
|
@ -0,0 +1,362 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
#
|
||||||
|
# Execute 'evodomains --help' for usage.
|
||||||
|
#
|
||||||
|
# Evodomains is a Python script to facilitate the management
|
||||||
|
# of a server's domains.
|
||||||
|
# It's scope is Apache, Nginx, HaProxy and SSL certificates domains.
|
||||||
|
# It can list domains, check domains records, and will permit (in the future)
|
||||||
|
# to remove domains from vhosts configuration and remove certificate files.
|
||||||
|
#
|
||||||
|
# Developped by Will & Brice
|
||||||
|
#
|
||||||
|
|
||||||
|
excludes_path = '/etc/evolinux/evodomains_exclude.list'
|
||||||
|
includes_path = '/etc/evolinux/evodomains_include.list'
|
||||||
|
allowed_ips_path = '/etc/evolinux/evodomains_allowed_ips.list'
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
import re
|
||||||
|
import subprocess
|
||||||
|
import threading
|
||||||
|
import time
|
||||||
|
import argparse
|
||||||
|
import json
|
||||||
|
|
||||||
|
|
||||||
|
def execute(cmd):
|
||||||
|
"""Execute Bash command cmd.
|
||||||
|
Return stdout and stderr as arrays of UTF-8 strings."""
|
||||||
|
|
||||||
|
proc = subprocess.Popen(cmd.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||||
|
stdout, stderr = proc.communicate()
|
||||||
|
|
||||||
|
stdout_lines = stdout.decode('utf-8').splitlines()
|
||||||
|
stderr_lines = stderr.decode('utf-8').splitlines()
|
||||||
|
|
||||||
|
return stdout_lines, stderr_lines
|
||||||
|
|
||||||
|
|
||||||
|
def get_allowed_ips():
|
||||||
|
"""Return allowed IPs."""
|
||||||
|
|
||||||
|
stdout, stderr = execute('hostname -I')
|
||||||
|
if not stdout:
|
||||||
|
return []
|
||||||
|
ips = stdout[0].strip(' \t\n').split()
|
||||||
|
|
||||||
|
# Other allowed IPs
|
||||||
|
with open(allowed_ips_path, encoding='utf-8') as f:
|
||||||
|
for line in f:
|
||||||
|
ip = strip_comments(line).strip(' \t;')
|
||||||
|
ips.append(ip)
|
||||||
|
return ips
|
||||||
|
|
||||||
|
|
||||||
|
def dig(domain):
|
||||||
|
"""Return dig +short result on domain as a list."""
|
||||||
|
stdout, stderr = execute('dig +short {}'.format(domain))
|
||||||
|
return stdout
|
||||||
|
|
||||||
|
|
||||||
|
def strip_comments(string):
|
||||||
|
"""Return string with any # comment removed."""
|
||||||
|
return string.split('#')[0]
|
||||||
|
|
||||||
|
|
||||||
|
def list_apache_domains():
|
||||||
|
"""Return a dict containing :
|
||||||
|
- key: Apache domain (from command "apache2ctl -D DUMP_VHOSTS").
|
||||||
|
- value: a list of strings "apache:<VHOST_PATH>:<LINE_IN_BLOCK>"
|
||||||
|
"""
|
||||||
|
domains = {}
|
||||||
|
|
||||||
|
try:
|
||||||
|
stdout, stderr = execute('apache2ctl -D DUMP_VHOSTS')
|
||||||
|
except:
|
||||||
|
# Apache is not present on the server
|
||||||
|
return domains
|
||||||
|
|
||||||
|
vhost_infos = ''
|
||||||
|
for line in stdout:
|
||||||
|
dom = ''
|
||||||
|
words = line.strip(' \t').split()
|
||||||
|
|
||||||
|
if 'namevhost' in line and len(words) >= 5:
|
||||||
|
#Â line format: port <PORT> namevhost <DOMAIN> (<VHOST_PATH>:<LINE_IN_BLOCK>)
|
||||||
|
dom = words[3].strip()
|
||||||
|
vhost_infos = 'apache:' + words[4].strip('()')
|
||||||
|
|
||||||
|
elif 'alias' in line and len(words) >= 2:
|
||||||
|
# line format: alias <DOMAIN>
|
||||||
|
dom = words[1].strip() #Â vhost_infos defined in previous lines
|
||||||
|
|
||||||
|
if dom:
|
||||||
|
if dom not in domains:
|
||||||
|
domains[dom] = []
|
||||||
|
if vhost_infos not in domains[dom]:
|
||||||
|
domains[dom].append(vhost_infos)
|
||||||
|
|
||||||
|
return domains
|
||||||
|
|
||||||
|
|
||||||
|
def list_nginx_domains():
|
||||||
|
"""Return a dict containing :
|
||||||
|
- key: Nginx domain (from command "nginx -T").
|
||||||
|
- value: a list of strings "nginx:<VHOST_PATH>:<LINE_IN_BLOCK>"
|
||||||
|
"""
|
||||||
|
domains = {}
|
||||||
|
|
||||||
|
try:
|
||||||
|
stdout, stderr = execute('nginx -T')
|
||||||
|
except:
|
||||||
|
# Nginx is not present on the server
|
||||||
|
return domains
|
||||||
|
|
||||||
|
line_number = 1
|
||||||
|
config_file_path = ''
|
||||||
|
|
||||||
|
for line in stdout:
|
||||||
|
if '# configuration file' in line:
|
||||||
|
# line format : # configuration file <PATH>:
|
||||||
|
words = line.strip(' \t;').split()
|
||||||
|
config_file_path = words[3].strip(' :')
|
||||||
|
continue
|
||||||
|
|
||||||
|
if 'server_name ' in line:
|
||||||
|
# TODO: améliorer le if (cas tabulation)
|
||||||
|
# line format : server_name <DOMAIN1> [<DOMAINS2 ...];
|
||||||
|
line = strip_comments(line)
|
||||||
|
words = line.strip(' \t;').split()
|
||||||
|
|
||||||
|
for d in words[1:]:
|
||||||
|
dom = d.strip()
|
||||||
|
vhost_infos = 'nginx:{}:{}'.format(config_file_path, line_number)
|
||||||
|
|
||||||
|
if dom not in domains:
|
||||||
|
domains[dom] = []
|
||||||
|
if vhost_infos not in domains[d]:
|
||||||
|
domains[dom].append(vhost_infos)
|
||||||
|
|
||||||
|
line_number += 1 # increment line number for next round
|
||||||
|
|
||||||
|
if 'server {' in line:
|
||||||
|
# TODO: améliorer le if (cas plusieurs espaces)
|
||||||
|
# line format : server {
|
||||||
|
line_number = 0
|
||||||
|
|
||||||
|
return domains
|
||||||
|
|
||||||
|
|
||||||
|
class DNSResolutionThread(threading.Thread):
|
||||||
|
|
||||||
|
def __init__(self, domain):
|
||||||
|
threading.Thread.__init__(self, daemon=True)
|
||||||
|
self.domain = domain
|
||||||
|
self.ips = []
|
||||||
|
|
||||||
|
def run(self):
|
||||||
|
"""Resolve domain with dig."""
|
||||||
|
try:
|
||||||
|
dig_results = dig(self.domain)
|
||||||
|
|
||||||
|
if not dig_results:
|
||||||
|
return
|
||||||
|
|
||||||
|
for line in dig_results:
|
||||||
|
match = re.search('^([0-9abcdef\.:]+)$', line)
|
||||||
|
if match:
|
||||||
|
ip = match.group(1)
|
||||||
|
if ip not in self.ips:
|
||||||
|
self.ips.append(ip)
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
#print(e)
|
||||||
|
return
|
||||||
|
|
||||||
|
|
||||||
|
def run_check_domains(domains):
|
||||||
|
"""Check resolution of domains (list)."""
|
||||||
|
|
||||||
|
excludes = ['_']
|
||||||
|
timeout = 5
|
||||||
|
|
||||||
|
allowed_ips = get_allowed_ips()
|
||||||
|
|
||||||
|
with open(excludes_path, encoding='utf-8') as f:
|
||||||
|
for line in f:
|
||||||
|
domain = strip_comments(line).strip(' \t\n')
|
||||||
|
if not domain: continue
|
||||||
|
excludes.append(domain)
|
||||||
|
|
||||||
|
jobs = []
|
||||||
|
timeout_domains = []
|
||||||
|
none_domains = []
|
||||||
|
outside_ips = {}
|
||||||
|
ok_domains = []
|
||||||
|
|
||||||
|
for d in domains:
|
||||||
|
if d in excludes:
|
||||||
|
ok_domains.append(d)
|
||||||
|
continue
|
||||||
|
|
||||||
|
t = DNSResolutionThread(d)
|
||||||
|
t.start()
|
||||||
|
jobs.append(t)
|
||||||
|
|
||||||
|
# Let <timeout> secs to DNS servers to reply to jobs threads queries
|
||||||
|
time.sleep(timeout)
|
||||||
|
|
||||||
|
for j in jobs:
|
||||||
|
if j.is_alive():
|
||||||
|
timeout_domains.append(j.domain)
|
||||||
|
continue
|
||||||
|
|
||||||
|
if not j.ips:
|
||||||
|
none_domains.append(j.domain)
|
||||||
|
continue
|
||||||
|
|
||||||
|
is_outside = False
|
||||||
|
for ip in j.ips:
|
||||||
|
if ip not in allowed_ips:
|
||||||
|
is_outside = True
|
||||||
|
break
|
||||||
|
if is_outside:
|
||||||
|
outside_ips[j.domain] = j.ips
|
||||||
|
else:
|
||||||
|
ok_domains.append(j.domain)
|
||||||
|
|
||||||
|
return timeout_domains, none_domains, outside_ips, ok_domains
|
||||||
|
|
||||||
|
|
||||||
|
def output_nrpe_mode(timeout_domains, none_domains, outside_ips, ok_domains):
|
||||||
|
"""Output result for check mode.
|
||||||
|
For now, consider everyting as warnings to avoid too much alerts.
|
||||||
|
"""
|
||||||
|
|
||||||
|
n_ok = len(ok_domains)
|
||||||
|
n_warnings = len(timeout_domains) + len(none_domains) + len(outside_ips)
|
||||||
|
|
||||||
|
msg = 'WARNING' if n_warnings else 'OK'
|
||||||
|
|
||||||
|
print('{} - 0 UNK / 0 CRIT / {}Â WARN / {} OK \n'.format(msg, n_warnings, n_ok))
|
||||||
|
|
||||||
|
if timeout_domains or none_domains or outside_ips:
|
||||||
|
for d in timeout_domains:
|
||||||
|
print('WARNING - timeout resolving {}'.format(d))
|
||||||
|
for d in none_domains:
|
||||||
|
print('WARNING - no resolution for {}'.format(d))
|
||||||
|
for d in outside_ips:
|
||||||
|
print('WARNING - {} pointing elsewhere ({})'.format(d, ' '.join(outside_ips[d])))
|
||||||
|
|
||||||
|
sys.exit(1) if n_warnings else sys.exit(0)
|
||||||
|
|
||||||
|
|
||||||
|
def output_human_mode(doms, timeout_domains, none_domains, outside_ips):
|
||||||
|
if timeout_domains or none_domains or outside_ips:
|
||||||
|
if timeout_domains: print('\nTimeouts:')
|
||||||
|
for d in timeout_domains:
|
||||||
|
print('\t{} {}'.format(d, ' '.join(doms[d])))
|
||||||
|
if none_domains: print('\nNo resolution:')
|
||||||
|
for d in none_domains:
|
||||||
|
print('\t{} {}'.format(d, ' '.join(doms[d])))
|
||||||
|
if outside_ips: print('\nPointing elsewhere:')
|
||||||
|
for d in outside_ips:
|
||||||
|
print('\t{} {}Â -> [{}]'.format(d, ' '.join(doms[d]), ' '.join(outside_ips[d])))
|
||||||
|
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
print('Domains resolve to right IPs !')
|
||||||
|
|
||||||
|
|
||||||
|
def main(argv):
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument('action', metavar='ACTION', help='Values: check-dns, list')
|
||||||
|
parser.add_argument('-o', '--output-style', help='Values: json (default for action list), human (default for action check-dns), nrpe')
|
||||||
|
parser.add_argument('-a', '--all-domains', action='store_true', help='Include all domains (default).')
|
||||||
|
parser.add_argument('-ap', '--apache-domains', action='store_true', help='Include Apache domains.')
|
||||||
|
parser.add_argument('-ng', '--nginx-domains', action='store_true', help='Include Nginx domains.')
|
||||||
|
parser.add_argument('-ha', '--haproxy-domains', action='store_true', help='Include HaProxy domains (not supported yet).')
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
if args.action not in ['check-dns', 'list']:
|
||||||
|
if args.output_style == 'nrpe':
|
||||||
|
print('UNKNOWN - unknown {}Â action, use -h option for help.'.format(args.action))
|
||||||
|
sys.exit(3)
|
||||||
|
else:
|
||||||
|
print('Unknown {}Â action, use -h option for help.'.format(args.action))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if not (args.all_domains or args.apache_domains or args.nginx_domains or args.haproxy_domains):
|
||||||
|
print('Domains scope not specified, looking for all domains.')
|
||||||
|
args.all_domains = True
|
||||||
|
|
||||||
|
doms = {}
|
||||||
|
|
||||||
|
if args.all_domains:
|
||||||
|
doms.update(list_apache_domains())
|
||||||
|
|
||||||
|
else:
|
||||||
|
if args.apache_domains:
|
||||||
|
doms.update(list_apache_domains())
|
||||||
|
if args.nginx_domains:
|
||||||
|
doms.update(list_nginx_domains())
|
||||||
|
if args.haproxy_domains:
|
||||||
|
print('Option --haproxy-domains not supported yet.')
|
||||||
|
|
||||||
|
if not doms:
|
||||||
|
if args.output_style == 'nrpe':
|
||||||
|
print('UNKNOWN - No domain found on this server.')
|
||||||
|
sys.exit(3)
|
||||||
|
else: # == 'json' or 'human'
|
||||||
|
print('No domain found on this server.')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
if args.action == 'check-dns':
|
||||||
|
|
||||||
|
# Add included domains to domains dict
|
||||||
|
with open(includes_path, encoding='utf-8') as f:
|
||||||
|
line_number = 0
|
||||||
|
for line in f:
|
||||||
|
line_number += 1
|
||||||
|
domain = strip_comments(line).strip(' \t\n')
|
||||||
|
if not domain: continue
|
||||||
|
if domain not in doms:
|
||||||
|
doms[domain] = []
|
||||||
|
doms[domain].append('evodomains:{}:{}'.format(includes_path, line_number))
|
||||||
|
|
||||||
|
timeout_domains, none_domains, outside_ips, ok_domains = run_check_domains(doms.keys())
|
||||||
|
|
||||||
|
if args.output_style == 'nrpe':
|
||||||
|
output_nrpe_mode(timeout_domains, none_domains, outside_ips, ok_domains)
|
||||||
|
|
||||||
|
elif args.output_style == 'json':
|
||||||
|
print('Option --output-style json not implemented yet for action check-dns.')
|
||||||
|
|
||||||
|
else: # args.output_style == 'human'
|
||||||
|
output_human_mode(doms, timeout_domains, none_domains, outside_ips)
|
||||||
|
|
||||||
|
elif args.action == 'list':
|
||||||
|
# Note: do not use evodomains include and exclude lists for listing.
|
||||||
|
|
||||||
|
if args.output_style == 'nrpe':
|
||||||
|
print('Action list is not for --output-style nrpe.')
|
||||||
|
|
||||||
|
elif args.output_style == 'json':
|
||||||
|
print(json.dumps(doms, sort_keys=True, indent=4))
|
||||||
|
|
||||||
|
else:
|
||||||
|
print('Option --output-style human not implemented yet for action list, fallback to --output-style json.')
|
||||||
|
print(json.dumps(doms, sort_keys=True, indent=4))
|
||||||
|
|
||||||
|
#elif args.action == 'brice_action':
|
||||||
|
# #doms est un dict avec le nom de domaine comme clé, pour voir la structure de données :
|
||||||
|
# # evodomains --output-style json list
|
||||||
|
#
|
||||||
|
# print(doms)
|
||||||
|
# brice_function(doms)
|
||||||
|
#
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main(sys.argv[1:])
|
43
evolinux-base/tasks/evodomains.yml
Normal file
43
evolinux-base/tasks/evodomains.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
- name: Copy evodomains script to local sbin
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: evodomains.py
|
||||||
|
dest: /usr/local/sbin/evodomains
|
||||||
|
mode: '0700'
|
||||||
|
|
||||||
|
- name: Create config file 'evodomains_exclude.list'
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
path: /etc/evolinux/evodomains_exclude.list
|
||||||
|
create: true
|
||||||
|
marker: "### {mark} ANSIBLE MANAGED HEADER"
|
||||||
|
insertbefore: BOF
|
||||||
|
block: |
|
||||||
|
# Domains present in vhosts or SSL certificates whose DNS records should
|
||||||
|
# not be checked by 'evodomains --check-dns'.
|
||||||
|
# Note: custom record IPs can also be added to /etc/evolinux/evodomains_allowed_ips.list,
|
||||||
|
# this is useful for load-balanced domains or NAT.
|
||||||
|
# Format: one domain per line, regex and wildcards not supported.
|
||||||
|
|
||||||
|
- name: Create config file 'evodomains_include.list'
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
path: /etc/evolinux/evodomains_include.list
|
||||||
|
create: true
|
||||||
|
marker: "### {mark} ANSIBLE MANAGED HEADER"
|
||||||
|
insertbefore: BOF
|
||||||
|
block: |
|
||||||
|
# Domains absent from vhosts or SSL certificates whose DNS records must
|
||||||
|
# be checked by 'evodomains --check-dns'.
|
||||||
|
# Format: one domain per line, regex and wildcards not supported.
|
||||||
|
|
||||||
|
- name: Create config file 'evodomains_allowed_ips.list'
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
path: /etc/evolinux/evodomains_allowed_ips.list
|
||||||
|
create: true
|
||||||
|
marker: "### {mark} ANSIBLE MANAGED HEADER"
|
||||||
|
insertbefore: BOF
|
||||||
|
block: |
|
||||||
|
# External IPs the domains of this server are allowed to point for
|
||||||
|
# 'evodomains --check-dns'.
|
||||||
|
# This is useful for load-balanced domains or NAT.
|
||||||
|
# Note: the network interfaces IPs of the server are allowed by default.
|
||||||
|
# Format: one IP per line, regex and wildcards not supported.
|
||||||
|
|
|
@ -12,3 +12,9 @@ Everything is in the `tasks/main.yml` file.
|
||||||
* `nagios_nrpe_force_update_allowed_hosts` : force update list of allowed hosts (default: `False`)
|
* `nagios_nrpe_force_update_allowed_hosts` : force update list of allowed hosts (default: `False`)
|
||||||
|
|
||||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
||||||
|
|
||||||
|
##Â Available tags
|
||||||
|
|
||||||
|
* `nagios-nrpe` : install Nagios and plugins (idempotent)
|
||||||
|
* `nagios-plugins` : install only plugins (idempotent)
|
||||||
|
|
||||||
|
|
14
nagios-nrpe/files/plugins/check_domains
Executable file
14
nagios-nrpe/files/plugins/check_domains
Executable file
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Check domains using script domains.
|
||||||
|
#
|
||||||
|
#Â Written by Will
|
||||||
|
#
|
||||||
|
|
||||||
|
if ! command -v evodomains >/dev/null; then
|
||||||
|
echo 'UNKNOWN - Missing dependency evodomains.'
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
evodomains -o nrpe -a check-dns
|
||||||
|
|
26
nagios-nrpe/tasks/configure_check_domains.yml
Normal file
26
nagios-nrpe/tasks/configure_check_domains.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
- name: Install check_domains dependency
|
||||||
|
include_role:
|
||||||
|
name: evolinux-base
|
||||||
|
tasks_from: evodomains
|
||||||
|
|
||||||
|
- name: Configure check_domains in /etc/nagios/nrpe.d/evolix.cfg
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/nagios/nrpe.d/evolix.cfg
|
||||||
|
regexp: '^command\[check_domains\]='
|
||||||
|
line: command[check_domains]=sudo {{ nagios_plugins_directory }}/check_domains
|
||||||
|
notify: restart nagios-nrpe-server
|
||||||
|
|
||||||
|
- name: Is evolinux sudoers installed?
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/sudoers.d/evolinux
|
||||||
|
register: sudoers_evolinux
|
||||||
|
|
||||||
|
- name: Allow nagios user to execute check_domains without sudo password
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/sudoers.d/evolinux
|
||||||
|
regexp: 'check_domains'
|
||||||
|
line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_domains'
|
||||||
|
insertafter: '^nagios'
|
||||||
|
validate: "visudo -cf %s"
|
||||||
|
when: sudoers_evolinux.stat.exists
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
tags:
|
tags:
|
||||||
|
- nagios-nrpe
|
||||||
- nagios-plugins
|
- nagios-plugins
|
||||||
|
|
||||||
- name: custom configuration is present
|
- name: custom configuration is present
|
||||||
|
|
|
@ -47,6 +47,7 @@ command[check_proxy]=/usr/lib/nagios/plugins/check_http -H {{ nagios_nrpe_check_
|
||||||
command[check_redis]=/usr/lib/nagios/plugins/check_tcp -p 6379
|
command[check_redis]=/usr/lib/nagios/plugins/check_tcp -p 6379
|
||||||
command[check_clamd]=/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl -v
|
command[check_clamd]=/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl -v
|
||||||
command[check_clamav_db]=/usr/lib/nagios/plugins/check_file_age -w 86400 -c 172800 -f /var/lib/clamav/evolix.ndb
|
command[check_clamav_db]=/usr/lib/nagios/plugins/check_file_age -w 86400 -c 172800 -f /var/lib/clamav/evolix.ndb
|
||||||
|
command[check_domains]=sudo {{ nagios_plugins_directory }}/check_domains
|
||||||
command[check_ssl]=/usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S -p 443 -H ssl.evolix.net -C 15,5
|
command[check_ssl]=/usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S -p 443 -H ssl.evolix.net -C 15,5
|
||||||
command[check_ssl_local]={{ nagios_plugins_directory }}/check_ssl_local
|
command[check_ssl_local]={{ nagios_plugins_directory }}/check_ssl_local
|
||||||
command[check_elasticsearch]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /_cat/health?h=st -p 9200 -r 'red' --invert-regex
|
command[check_elasticsearch]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /_cat/health?h=st -p 9200 -r 'red' --invert-regex
|
||||||
|
|
Loading…
Reference in a new issue