From 8f9fb4fd5c5fb5cc0a7fa0577e41dd92e50e6f35 Mon Sep 17 00:00:00 2001 From: Bram Prieshof Date: Fri, 8 Jan 2021 11:06:07 +0100 Subject: [PATCH] Inital commit --- InstallMonitModule.sh | 175 +++++++++++++++++++++++++++++++++++++++ conf.sh | 76 +++++++++++++++++ conf/monit/apache.conf | 6 ++ conf/monit/fail2ban.conf | 10 +++ conf/monit/monitrc | 18 ++++ conf/monit/mysql.conf | 10 +++ conf/monit/nginx.conf | 6 ++ conf/monit/sshd.conf | 6 ++ conf/monit/system.conf | 27 ++++++ conf/php-fpm.conf | 10 +++ draft | 20 +++++ pkg.list | 1 + readme.md | 3 + 13 files changed, 368 insertions(+) create mode 100644 InstallMonitModule.sh create mode 100644 conf.sh create mode 100644 conf/monit/apache.conf create mode 100644 conf/monit/fail2ban.conf create mode 100644 conf/monit/monitrc create mode 100644 conf/monit/mysql.conf create mode 100644 conf/monit/nginx.conf create mode 100644 conf/monit/sshd.conf create mode 100644 conf/monit/system.conf create mode 100644 conf/php-fpm.conf create mode 100644 draft create mode 100644 pkg.list create mode 100644 readme.md diff --git a/InstallMonitModule.sh b/InstallMonitModule.sh new file mode 100644 index 0000000..30ed788 --- /dev/null +++ b/InstallMonitModule.sh @@ -0,0 +1,175 @@ +############################# +# MonitModuleInstaller # +############################# + + +##-----------------## +# Defining Vars # +##-----------------## +#Enforcing Legacy Mode +APTMODE="apt" +OUTPUT='/dev/tty' +IMODE=l + + +##-----------------## +# Fetching Vars # +##-----------------## + +VarError () { +while true; do + echo "" + read -p "Var list $1 not foud, continue without monit for $2? [Y/n]" yn + case $yn in + [Yy]* ) echo install; break;; + [Nn]* ) echo exit;; + * ) echo "Please answer yes or no.";; + esac +done +} + +if [ "/etc/ICTM/mainvar.list" ] ; then + source /etc/ICTM/mainvar.list; +else + VarError mainvar "Webserver and php" + #use if system is not setup using Web-V2 + ##webserv=nginx +fi + +if [ ! -z "$webserv" ]; then + if [ $webserv != nginx_nonphp ]; then + if [ "/etc/ICTM/phpvar.list" ] ; then + source /etc/ICTM/phpvar.list; + else + VarError phpvar apache + #use if system is not setup using Web-V2 + ##phpver=8.0 + ##phpFPMService=php8.0-fpm + fi + source /etc/ICTM/phpvar.list + fi + if [ $webserv = apache ]; then + if [ -f "/etc/ICTM/apachevar.list" ] && ; then + source /etc/ICTM/apachevar.list + else + VarError apachevar apache + #use if system is not setup using Web-V2 + ##apacheService=apache2 + fi + fi +fi + +#PackageManager-config + +dist_ver=$(grep --color=never -Po "^VERSION_ID=\K.*" "/etc/os-release") +dist=$(grep --color=never -Po "^ID=\K.*" "/etc/os-release") + +if [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"18.04"* ]]; then + echo "Ubuntu 18.04 Detected" + PKGM="$APTMODE" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=ubu1804 +elif [[ "${dist}" == *"ubuntu"* ]] && [[ "${dist_ver}" == *"20.04"* ]]; then + echo "Ubuntu 20.04 Detected" + PKGM="$APTMODE" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=ubu2004 +elif [[ "${dist}" == *"debian"* ]] && [[ "${dist_ver}" == *"10"* ]]; then + echo "Debian 10 Detected" + PKGM="$APTMODE" + PKGI="${PKGM} install -y --no-install-recommends" + PKGLIST="apt" + shortdist=deb10 +elif [[ "${dist}" == *"centos"* ]] && [[ "${dist_ver}" == *"8"* ]]; then + echo "Centos 8 Detected" + PKGM="dnf" + PKGI="${PKGM} install --setopt=install_weak_deps=False --best -y" + PKGLIST="dnf" + shortdist=el8 +else + echo "This os in not supported" + exit +fi + +unset dist_ver dist APTMODE + + +#Repo Vars +repo=https://git.ictmaatwerk.com/VPS-scripts/Monit +branch=main +branchtype=branch + +#SelfBuilding Vars +mtype=""$repo"/raw/"$branchtype"/"$branch"" + + +##---------------## +# Functions # +##---------------## + +msg () { +echo "$1" +} + +##--------------------------## +# Installer-Requirements # +##--------------------------## + +msg " Starting installer" 8 78 +$PKGM update > $OUTPUT 2>&1 +$PKGI curl > $OUTPUT 2>&1 + + +##-------------------------## +# Generating APT list # +##-------------------------## +#General aptList +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/generic.pkg.list; then + curl "$mtype"/generic.pkg.list >>/tmp/pkg.list +fi +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/"$PKGLIST".pkg.list; then + curl "$mtype"/"$PKGLIST".pkg.list >>/tmp/pkg.list +fi + +##--------------------## +# Pre-Requirements # +##--------------------## + +msg " Preconfiguring" +curl --retry 7 --retry-delay 5 -s https://git.ictmaatwerk.com/VPS-scripts/General/raw/branch/Main/Setup-Repo.sh |repo=init osrel=$shortdist bash > $OUTPUT 2>&1 +$PKGM update +$PKGM upgrade -y + + +##-------------------## +# Pre-configuring # +##-------------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/preconf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/preconf.sh) +fi + +##-------------## +# Installer # +##-------------## + +$PKGM update +sed -i 's/PHPver/'$phpver'/g' /tmp/pkg.list +cat /tmp/pkg.list | xargs $PKGI + + +##---------------## +# Configuring # +##---------------## + +if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$mtype"/conf.sh; then + source <(curl --retry 7 --retry-delay 5 -s "$mtype"/conf.sh) +fi + +##-------## +# end # +##-------## + +msg " Done!" diff --git a/conf.sh b/conf.sh new file mode 100644 index 0000000..1de2ef9 --- /dev/null +++ b/conf.sh @@ -0,0 +1,76 @@ +mrepo=https://git.ictmaatwerk.com/VPS-scripts/Monit +mbranch=main + +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then + monitconf=/etc/monit/monitrc + + #ServiceDefenition + monitMysqlserv=mysql + monitApachepro=apache + monitPhpSock=/var/run/php/"$phpFPMService".sock + monitPhpPid=/var/run/php/"$phpFPMService".pid + monitPhpPro=$phpFPMService + + /var/run/php/PHPSRV.sock +elif [ "$shortdist" = "el8" ]; then + monitconf=/etc/monitrc + rm -rf /etc/monit.d + + #ServiceDefenition + monitMysqlserv=mysqld + monitApachepro=httpd + monitPhpSock=/var/opt/remi/php"${phpver//.}"/run/php-fpm/www.sock + monitPhpPid=/var/opt/remi/php"${phpver//.}"/run/php-fpm/php-fpm.pid + monitPhpPro=php-fpm +fi + +systemctl stop monit + +curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/monitrc -o $monitconf + +if [ ! -d "/var/lib/monit" ] ; then mkdir -p /var/lib/monit; fi +mkdir -p /etc/monit/conf.d + + +SysServiceList=$(systemctl list-units --full -all) + +#SystemMonitor +curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/system.conf -o /etc/monit/conf.d/system.conf + +#sshd +if echo "$SysServiceList" | grep -Fq 'sshd'; then + curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/sshd.conf -o /etc/monit/conf.d/sshd.conf +fi + +#Fail2Ban +if echo "$SysServiceList" | grep -Fq 'fail2ban'; then + curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/fail2ban.conf -o /etc/monit/conf.d/fail2ban.conf +fi + +if echo "$SysServiceList" | grep -Fq "$monitMysqlserv"; then + curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/mysql.conf -o /etc/monit/conf.d/mysql.conf + sed -i "s/MYSQLserv/$monitMysqlservice/g" /etc/monit/conf.d/mysql.conf +fi + +if echo "$SysServiceList" | grep -Fq 'nginx'; then + curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/nginx.conf -o /etc/monit/conf.d/nginx.conf +fi + +if echo "$SysServiceList" | grep -Fq "$phpFPMService" && test ! -z "$phpFPMService"; then + curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/php-fpm.conf -o /etc/monit/conf.d/php"$phpver".conf + sed -i "s/PHPpid/$monitPhpPid/g" /etc/monit/conf.d/php"$phpver".conf + sed -i "s/PHPpro/$monitPhpPro/g" /etc/monit/conf.d/php"$phpver".conf + sed -i "s/PHPsrv/$phpFPMService/g" /etc/monit/conf.d/php"$phpver".conf + sed -i "s/PHPsock/$monitPhpSock/g" /etc/monit/conf.d/php"$phpver".conf +fi + +if echo "$SysServiceList" | grep -Fq "$apacheService" && test ! -z "$apacheService"; then + curl --retry 7 --retry-delay 5 -s "$mrepo"/raw/branch/"$mbranch"/config/monit/apache.conf -o /etc/monit/conf.d/apache.conf + sed -i "s/APAserv/$apacheService/g" /etc/monit/conf.d/apache.conf + sed -i "s/APApro/$monitApachepro/g" /etc/monit/conf.d/apache.conf +fi + +systemctl enable monit +systemctl start monit + +unset monitMysqlserv monitApachepro monitPhpSock monitPhpPid monitPhpPro monitconf \ No newline at end of file diff --git a/conf/monit/apache.conf b/conf/monit/apache.conf new file mode 100644 index 0000000..47988ef --- /dev/null +++ b/conf/monit/apache.conf @@ -0,0 +1,6 @@ +check process APApro with pidfile /var/run/APAserv/APAserv.pid + start program = "/usr/bin/systemctl start APAserv" + stop program = "/usr/bin/systemctl stop APAserv" + if not exist for 1 cycles then restart + if not exist for 3 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: Apache'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: Apache'" diff --git a/conf/monit/fail2ban.conf b/conf/monit/fail2ban.conf new file mode 100644 index 0000000..0fb3b23 --- /dev/null +++ b/conf/monit/fail2ban.conf @@ -0,0 +1,10 @@ +check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid + start program = "/usr/bin/systemctl start fail2ban" + stop program = "/usr/bin/systemctl stop fail2ban" + if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart + if failed unixsocket /var/run/fail2ban/fail2ban.sock for 3 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: Fail2Ban Socket'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: Fail2Ban Socket'" + + if not exist for 1 cycles then restart + if not exist for 3 cycles then exec "/opt/MonitNotify.sh 'Fail2Ban service'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: Fail2Ban service'" diff --git a/conf/monit/monitrc b/conf/monit/monitrc new file mode 100644 index 0000000..c434898 --- /dev/null +++ b/conf/monit/monitrc @@ -0,0 +1,18 @@ +######################## +## Monit control file ## +######################## +set daemon 30 # check services at 2-minute intervals +set log /var/log/monit.log +set idfile /var/lib/monit/id + +set eventqueue + basedir /var/lib/monit/events # set the base directory where events will be stored + slots 100 # optionally limit the queue size + +#WEBUIset httpd port 2812 and + #WEBUIallow admin:monit # require user 'admin' with password 'monit' + #WEBUI#use address localhost # only accept connection from localhost (drop if you use M/Monit) + #WEBUI#allow localhost # allow localhost to connect to the server and + + + include /etc/monit/conf.d/* diff --git a/conf/monit/mysql.conf b/conf/monit/mysql.conf new file mode 100644 index 0000000..34b9cc9 --- /dev/null +++ b/conf/monit/mysql.conf @@ -0,0 +1,10 @@ +check process mysqld with pidfile /var/run/mysqld/mysqld.pid + start program = "/usr/bin/systemctl start MYSQLserv" + stop program = "/usr/bin/systemctl stop MYSQLserv" + if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 2 times within 5 cycles then restart + if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 4 times within 5 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: MySQL Socket'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: MySQL Socket" + + if not exist for 1 cycles then restart + if not exist for 3 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: MySQL service'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: MySQL service'" diff --git a/conf/monit/nginx.conf b/conf/monit/nginx.conf new file mode 100644 index 0000000..1d546cd --- /dev/null +++ b/conf/monit/nginx.conf @@ -0,0 +1,6 @@ +check process nginx with pidfile /var/run/nginx.pid + start program = "/usr/bin/systemctl start nginx" + stop program = "/usr/bin/systemctl stop nginx" + if not exist for 1 cycles then restart + if not exist for 3 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: Nginx" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: Nginx'" diff --git a/conf/monit/sshd.conf b/conf/monit/sshd.conf new file mode 100644 index 0000000..b01203b --- /dev/null +++ b/conf/monit/sshd.conf @@ -0,0 +1,6 @@ +check process sshd with pidfile /var/run/sshd.pid + start program = "/usr/bin/systemctl start sshd" + stop program = "/usr/bin/systemctl stop sshd" + if not exist for 1 cycles then restart + if not exist for 3 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: SSHD'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: SSHD'" diff --git a/conf/monit/system.conf b/conf/monit/system.conf new file mode 100644 index 0000000..0e659a1 --- /dev/null +++ b/conf/monit/system.conf @@ -0,0 +1,27 @@ +check system $HOST +#SystemLoad + if loadavg (5min) > 4 then exec "/opt/MonitNotify.sh 'SYS-WARN:: High load (5min)'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: load (5min)'" + if loadavg (15min) > 2 then exec "/opt/MonitNotify.sh 'SYS-WARN:: High load (15min)'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: load (15min)'" + +#Memory + if memory usage > 90% for 4 cycles then exec "/opt/MonitNotify.sh 'WARN: Memory threshold'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: Memory threshold'" + if swap usage > 20% for 4 cycles then exec "/opt/MonitNotify.sh 'SYS-WARN: Swap threshold'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: Swap threshold'" + +#CPU + if cpu usage (user) > 90% for 4 cycles then exec "/opt/MonitNotify.sh 'SYS-WARN: CPU(user) threshold'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: CPU(user) threshold'" + if cpu usage (system) > 80% for 4 cycles then exec "/opt/MonitNotify.sh 'SYS-WARN: CPU(sys) threshold'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: CPU(sys) threshold'" + if cpu usage (wait) > 80% for 4 cycles then exec"/opt/MonitNotify.sh 'SYS-WARN: CPU(wait) threshold'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: CPU(wait) threshold'" + if cpu usage > 200% for 4 cycles then exec "/opt/MonitNotify.sh "/opt/MonitNotify.sh 'SYS-WARN: CPU threshold'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: CPU threshold'" + +#Disk +check device rootfs with path / + if SPACE usage > 80% then exec "/opt/MonitNotify.sh 'SYS-WARN: Disk quota'" + else if recovered then exec "/opt/MonitNotify.sh 'SYS-OK: Disk quota'" diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..b65bf41 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,10 @@ +check process PHPpro with pidfile PHPpid + start program = "/usr/bin/systemctl start PHPsrv" + stop program = "/usr/bin/systemctl stop PHPsrv" + if failed unixsocket PHPsock then restart + if failed unixsocket PHPsockfor 3 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: phpPHPver-fpm socket'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: phpPHPver-fpm socket'" + + if not exist for 1 cycles then restart + if not exist for 3 cycles then exec "/opt/MonitNotify.sh 'SRV-WARN: phpPHPver-fpm service'" + else if recovered then exec "/opt/MonitNotify.sh 'SRV-OK: phpPHPver-fpm service'" diff --git a/draft b/draft new file mode 100644 index 0000000..37716d0 --- /dev/null +++ b/draft @@ -0,0 +1,20 @@ +#genapplist +monit +#GenericConfig +if [ ! -d "/var/lib/monit" ] ; then mkdir -p /var/lib/monit; fi + + +if [ "$shortdist" = "ubu1804" ] || [ "$shortdist" = "ubu2004" ] || [ "$shortdist" = "deb10" ] ; then + monitconf=/etc/monit/monitrc +elif [ "$shortdist" = "el8" ]; then + monitconf=/etc/monitrc + rm -rf /etc/monit.d +fi + +unset monitconf +mkdir -p /etc/monit/conf.d + + +##Custom notify +echo '#!/bin/sh' > /opt/MonitNotify.sh +echo 'curl "https://gass1.bprieshof.ovh/push/message?token=AwadzwYHS9lrHwo" -F "title=[$MONIT_HOST] $1" -F "message=$MONIT_SERVICE $MONIT_DESCRIPTION" -F "priority=5"' >> /opt/MonitNotify.sh diff --git a/pkg.list b/pkg.list new file mode 100644 index 0000000..06b8974 --- /dev/null +++ b/pkg.list @@ -0,0 +1 @@ +monit diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..592fb39 --- /dev/null +++ b/readme.md @@ -0,0 +1,3 @@ +# Monit + +A lightweight linux monitoring tool