Fix: Monit-Config vollständig und robust
- Alle Dienste überwacht: postfix, dovecot, mariadb, redis, rspamd, opendkim, opendmarc, nginx, fail2ban, clamav - rspamd via process-matching statt pidfile (zuverlässiger) - SSL-Checks mit for 3 cycles (kein Sofort-Restart bei Init) - /var/run/ → /run/ Pfade korrigiert (moderne Debian-Konvention) - monit -t vor dem Start (Konfig-Fehler werden sichtbar) - 5 restarts within 10 cycles alert bei allen Diensten Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>main v1.1.162
parent
4fd37985b3
commit
ed176ec243
51
installer.sh
51
installer.sh
|
|
@ -859,41 +859,66 @@ set logfile syslog facility log_daemon
|
|||
check process postfix with pidfile /var/spool/postfix/pid/master.pid
|
||||
start program = "/bin/systemctl start postfix"
|
||||
stop program = "/bin/systemctl stop postfix"
|
||||
if failed port 25 protocol smtp then restart
|
||||
if failed host 127.0.0.1 port 25 protocol smtp for 3 cycles then restart
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process dovecot with pidfile /var/run/dovecot/master.pid
|
||||
check process dovecot with pidfile /run/dovecot/master.pid
|
||||
start program = "/bin/systemctl start dovecot"
|
||||
stop program = "/bin/systemctl stop dovecot"
|
||||
if failed port 143 type tcp then restart
|
||||
if failed port 993 type tcp ssl then restart
|
||||
if failed host 127.0.0.1 port 143 type tcp for 3 cycles then restart
|
||||
if failed host 127.0.0.1 port 993 type tcpssl for 3 cycles then restart
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process mariadb with pidfile /var/run/mysqld/mysqld.pid
|
||||
check process mariadb with pidfile /run/mysqld/mysqld.pid
|
||||
start program = "/bin/systemctl start mariadb"
|
||||
stop program = "/bin/systemctl stop mariadb"
|
||||
if failed port 3306 type tcp then restart
|
||||
if failed host 127.0.0.1 port 3306 type tcp for 2 cycles then restart
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process redis with pidfile /run/redis/redis-server.pid
|
||||
start program = "/bin/systemctl start redis-server"
|
||||
stop program = "/bin/systemctl stop redis-server"
|
||||
if failed port 6379 type tcp then restart
|
||||
if failed host 127.0.0.1 port 6379 type tcp for 2 cycles then restart
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process rspamd with pidfile /run/rspamd/rspamd.pid
|
||||
start program = "/bin/systemctl start rspamd"
|
||||
check process rspamd matching "rspamd: main process"
|
||||
start program = "/bin/systemctl start rspamd" with timeout 60 seconds
|
||||
stop program = "/bin/systemctl stop rspamd"
|
||||
if failed port 11332 type tcp then restart
|
||||
if failed host 127.0.0.1 port 11332 type tcp for 3 cycles then restart
|
||||
if failed host 127.0.0.1 port 11334 type tcp for 3 cycles then restart
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process opendkim with pidfile /run/opendkim/opendkim.pid
|
||||
start program = "/bin/systemctl start opendkim"
|
||||
stop program = "/bin/systemctl stop opendkim"
|
||||
if failed port 8891 type tcp then restart
|
||||
if failed host 127.0.0.1 port 8891 type tcp for 2 cycles then restart
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process opendmarc with pidfile /run/opendmarc/opendmarc.pid
|
||||
start program = "/bin/systemctl start opendmarc"
|
||||
stop program = "/bin/systemctl stop opendmarc"
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process nginx with pidfile /run/nginx.pid
|
||||
start program = "/bin/systemctl start nginx"
|
||||
stop program = "/bin/systemctl stop nginx"
|
||||
if failed port 80 type tcp then restart
|
||||
if failed port 443 type tcp ssl then restart
|
||||
if failed host 127.0.0.1 port 80 type tcp for 2 cycles then restart
|
||||
if failed host 127.0.0.1 port 443 type tcpssl for 2 cycles then restart
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process fail2ban with pidfile /run/fail2ban/fail2ban.pid
|
||||
start program = "/bin/systemctl start fail2ban"
|
||||
stop program = "/bin/systemctl stop fail2ban"
|
||||
if 5 restarts within 10 cycles then alert
|
||||
|
||||
check process clamav matching "clamd"
|
||||
start program = "/bin/systemctl start clamav-daemon"
|
||||
stop program = "/bin/systemctl stop clamav-daemon"
|
||||
if failed unixsocket /run/clamav/clamd.ctl for 3 cycles then restart
|
||||
if 5 restarts within 10 cycles then unmonitor
|
||||
EOF
|
||||
chmod 600 /etc/monit/monitrc
|
||||
monit -t || { warn "Monit-Config ungültig — prüfe /etc/monit/monitrc"; }
|
||||
try_quiet systemctl enable --now monit
|
||||
|
||||
# ===== Smoke-Test =====
|
||||
|
|
|
|||
Loading…
Reference in New Issue