From c02f3097cdbaa7b6360e0bfa257ff32c5e3b7d11 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sun, 3 Oct 2010 13:16:35 +0200 Subject: [PATCH] make an apache-https host groups. Warn if hosts not in that group do https --- config/nagios-master.cfg | 44 +++++++++++++++++---------------- config/static/checkcommands.cfg | 4 +++ 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/config/nagios-master.cfg b/config/nagios-master.cfg index 0dd3986..26b8fb0 100644 --- a/config/nagios-master.cfg +++ b/config/nagios-master.cfg @@ -202,7 +202,7 @@ servers: spohr: address: 192.25.206.33 parents: gw-HP-ftc - hostgroups: computers, service, dl380, apache2-hosts, postgres83-hosts, nfs-server, spamd, heavy-exim, bind9-hosts + hostgroups: computers, service, dl380, apache2-hosts, postgres83-hosts, nfs-server, spamd, heavy-exim, bind9-hosts, apache-https peri: address: 192.25.206.15 parents: gw-HP-ftc @@ -253,7 +253,7 @@ servers: liszt: address: 82.195.75.100 parents: gw-man-da - hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts, dl385, acpid-hosts + hostgroups: computers, service, apache2-hosts, bind9-hosts, postfix-hosts, heavy-postfix, amavis-hosts, dl385, acpid-hosts, apache-https contacts: bzed heininen: address: 82.195.75.98 @@ -274,7 +274,7 @@ servers: draghi: address: 82.195.75.106 parents: unger - hostgroups: computers, service, hasbootfs, hassrvfs, apache2-hosts, bind9-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts + hostgroups: computers, service, hasbootfs, hassrvfs, apache2-hosts, bind9-hosts, spamd, heavy-exim, kvmdomains, xinetd-hosts, apache-https kaufmann: address: 82.195.75.107 parents: unger @@ -314,7 +314,7 @@ servers: franck: address: 128.148.34.3 parents: gw-brown.edu - hostgroups: computers, service, apache2-hosts, bind9-hosts, dl380, rsyncd-hosts, postgres84-hosts, spamd, heavy-exim, acpid-hosts, uploadqueue, xinetd-hosts + hostgroups: computers, service, apache2-hosts, bind9-hosts, dl380, rsyncd-hosts, postgres84-hosts, spamd, heavy-exim, acpid-hosts, uploadqueue, xinetd-hosts, apache-https mayer: address: 140.211.166.78 @@ -395,7 +395,7 @@ servers: widor: address: 93.94.130.161 parents: gw-dg-i.net - hostgroups: computers, apache2-hosts, sw-raid, acpid-hosts, hasorgfs, service + hostgroups: computers, apache2-hosts, sw-raid, acpid-hosts, hasorgfs, service, apache-https contacts: bzed pergolesi: @@ -449,7 +449,7 @@ servers: chopin: address: 195.20.242.124 parents: schumann - hostgroups: computers, service, apache2-hosts, hassrvfs, hasbootfs, rsyncd-hosts, uploadqueue, kvmdomains, heavy-exim, xinetd-hosts, postgres83-hosts + hostgroups: computers, service, apache2-hosts, hassrvfs, hasbootfs, rsyncd-hosts, uploadqueue, kvmdomains, heavy-exim, xinetd-hosts, postgres83-hosts, apache-https geo3: address: 195.20.242.125 parents: schumann @@ -516,7 +516,7 @@ servers: hostgroups: computers, bl460, acpid-hosts, service tchaikovsky: address: 206.12.19.118 - hostgroups: computers, general, apache2-hosts, hasbootfs, kvmdomains + hostgroups: computers, general, apache2-hosts, hasbootfs, kvmdomains, apache-https wolkenstein: address: 206.12.19.116 parents: dijkstra @@ -564,7 +564,7 @@ servers: vivaldi: address: 206.12.19.12 parents: tchaikovsky - hostgroups: computers, hasbootfs, aacraid, hassrvfs, apache2-hosts, postgres84-hosts, service + hostgroups: computers, hasbootfs, aacraid, hassrvfs, apache2-hosts, postgres84-hosts, service, apache-https # MSA 2000 (2012i) giustini: address: 192.168.2.6 @@ -624,7 +624,7 @@ servers: nono: address: 206.12.19.123 parents: salieri - hostgroups: computers, service, hasbootfs, kvmdomains, squeeze, heavy-exim, postgres84-hosts, xinetd-hosts, apache2-hosts + hostgroups: computers, service, hasbootfs, kvmdomains, squeeze, heavy-exim, postgres84-hosts, xinetd-hosts, apache2-hosts, apache-https lebrun: address: 193.198.184.10 @@ -687,7 +687,7 @@ servers: grieg: address: 194.177.211.200 parents: gw-grnet - hostgroups: computers, apache2-hosts, acpid-hosts, megaraid, heavy-exim, postgres84-hosts, service + hostgroups: computers, apache2-hosts, acpid-hosts, megaraid, heavy-exim, postgres84-hosts, service, apache-https rautavaara: address: 194.177.211.199 parents: gw-grnet @@ -935,6 +935,9 @@ hostgroups: bosserver: alias: hosts running bosserver private: 1 + apache-https: + alias: hosts with https services + private: 1 nfs-client: alias: hosts mounting filesystems using NFS @@ -1970,24 +1973,23 @@ services: - name: network service - https check: check_https - hosts: franck, chopin, draghi, liszt, spohr, widor, tchaikovsky, grieg, vivaldi, nono + hostgroups: apache-https depends: "process - apache2 - master" normal_check_interval: 120 - name: network service - https cert check: dsa_check_cert!443 - # ries ftp-master.debian.org - # chopin security-master.debian.org - # spohr rt.debian.org - # tchaikovsky nagios.debian.org - # draghi db.debian.org - # nono nm.debian.org - # liszt lists.debian.org - # grieg buildd.debian.org - # vivaldi fossology.debian.org - hosts: franck, chopin, spohr, tchaikovsky, draghi, nono, liszt, widor, grieg, vivaldi + hostgroups: apache-https depends: network service - https normal_check_interval: 60 + - + name: unwanted network service - https + check: dsa_check_port_closed!443 + hostgroups: apache2-hosts + excludehostgroups: apache-https + # ravel does ssh on port 443 + excludehosts: ravel + normal_check_interval: 60 #### - diff --git a/config/static/checkcommands.cfg b/config/static/checkcommands.cfg index 4126961..1591f52 100644 --- a/config/static/checkcommands.cfg +++ b/config/static/checkcommands.cfg @@ -67,3 +67,7 @@ define command{ command_name dsa_check_ntp command_line /usr/lib/nagios/plugins/check_ntp_time -H '$HOSTADDRESS$' } +define command{ + command_name dsa_check_port_closed + command_line /usr/lib/nagios/plugins/dsa-check-port-closed -H '$HOSTADDRESS$' -p $ARG1$ +} -- 2.20.1