diff options
| -rw-r--r-- | monit/dovecot.conf | 13 | ||||
| -rw-r--r-- | monit/mailman.conf | 5 | ||||
| -rw-r--r-- | monit/memcached.conf | 8 | ||||
| -rw-r--r-- | monit/mysql.conf | 4 | ||||
| -rw-r--r-- | monit/nginx-vhost.conf | 25 | ||||
| -rw-r--r-- | monit/passwd.conf | 2 | ||||
| -rw-r--r-- | monit/postfix.conf | 12 | ||||
| -rw-r--r-- | monit/tor.conf | 4 |
8 files changed, 70 insertions, 3 deletions
diff --git a/monit/dovecot.conf b/monit/dovecot.conf new file mode 100644 index 0000000..3aab9e4 --- /dev/null +++ b/monit/dovecot.conf @@ -0,0 +1,13 @@ +check process dovecot with pidfile /var/run/dovecot/master.pid + GROUP mail + start program = "/etc/init.d/dovecot start" + stop program = "/etc/init.d/dovecot stop" + if failed host localhost port 993 type tcpssl sslauto protocol imap for 5 cycles then restart + if 3 restarts within 5 cycles then timeout + depends dovecot_init + depends dovecot_bin + +check file dovecot_init with path /etc/init.d/dovecot + GROUP mail +check file dovecot_bin with path /usr/sbin/dovecot + GROUP mail diff --git a/monit/mailman.conf b/monit/mailman.conf new file mode 100644 index 0000000..6b07dd3 --- /dev/null +++ b/monit/mailman.conf @@ -0,0 +1,5 @@ +check process mailman with pidfile /var/run/mailman/mailman.pid + GROUP mail + start program = "/etc/init.d/mailman start" + stop program = "/etc/init.d/mailman stop" + # if failed unixsocket /var/run/mailman/mailman.sock then alert diff --git a/monit/memcached.conf b/monit/memcached.conf new file mode 100644 index 0000000..49f8875 --- /dev/null +++ b/monit/memcached.conf @@ -0,0 +1,8 @@ +check process with pidfile /var/run/memcached.pid + start program = "/etc/init.d/memcached start" + stop program = "/etc/init.d/memcached stop" + if failed host localhost port 11211 protocol MEMCACHE then restart + if cpu > 70% for 2 cycles then alert + if cpu > 98% for 5 cycles then restart + if 2 restarts within 3 cycles then timeout + diff --git a/monit/mysql.conf b/monit/mysql.conf index 96f0f8d..5492823 100644 --- a/monit/mysql.conf +++ b/monit/mysql.conf @@ -1,6 +1,6 @@ check process mysqld with pidfile /var/run/mysqld/mysqld.pid - start program = "/etc/init.d/mysqld start" - stop program = "/etc/init.d/mysqld stop" + start program = "/etc/init.d/mysql start" + stop program = "/etc/init.d/mysql stop" if failed host 127.0.0.1 port 3306 then restart if 3 restarts within 3 cycles then alert if 5 restarts within 5 cycles then timeout diff --git a/monit/nginx-vhost.conf b/monit/nginx-vhost.conf new file mode 100644 index 0000000..1a33323 --- /dev/null +++ b/monit/nginx-vhost.conf @@ -0,0 +1,25 @@ +server { + listen 443 ssl; + server_name monit.example.org + + ssl_certificate /etc/nginx/ssl/example.crt; + ssl_certificate_key /etc/nginx/ssl/example.key; + + ssl_prefer_server_ciphers On; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; + add_header Strict-Transport-Security max-age=15768000; + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 10m; + + location / { + proxy_pass http://127.0.0.1:2812; + proxy_set_header Host 127.0.0.1; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + add_header Front-End-Https on; + } + +} + diff --git a/monit/passwd.conf b/monit/passwd.conf index 0040495..6df53fb 100644 --- a/monit/passwd.conf +++ b/monit/passwd.conf @@ -1,6 +1,6 @@ check file passwd with path /etc/passwd if failed checksum and - expect the 1a4749a0f41e47eb9339da32adbbcf14 sum then alert + expect the INSERTMD5CHECKSUMHERE sum then alert if failed permission 644 then alert if failed uid root then alert if failed gid root then alert diff --git a/monit/postfix.conf b/monit/postfix.conf new file mode 100644 index 0000000..83ec467 --- /dev/null +++ b/monit/postfix.conf @@ -0,0 +1,12 @@ +check process postfix with pidfile /var/spool/postfix/pid/master.pid + GROUP mail + start program = "/etc/init.d/postfix start" + stop program = "/etc/init.d/postfix stop" + if cpu > 60% for 2 cycles then alert + if cpu > 80% for 5 cycles then restart + if totalmem > 200.0 MB for 5 cycles then restart + if children > 250 then restart + if loadavg(5min) greater than 2 for 8 cycles then stop + if failed host localhost port 25 type tcp protocol smtp + with timeout 15 seconds then alert + if 3 restarts within 5 cycles then timeout diff --git a/monit/tor.conf b/monit/tor.conf new file mode 100644 index 0000000..2eec4f9 --- /dev/null +++ b/monit/tor.conf @@ -0,0 +1,4 @@ +check process tor with pidfile /var/run/tor/tor.pid + start program = "/etc/init.d/tor start" + stop program = "/etc/init.d/tor stop" + if mem > 512 MB for 3 cycles then restart |