diff --git a/installer.sh b/installer.sh index bffae4f..1c13338 100644 --- a/installer.sh +++ b/installer.sh @@ -859,41 +859,66 @@ set logfile syslog facility log_daemon check process postfix with pidfile /var/spool/postfix/pid/master.pid start program = "/bin/systemctl start postfix" stop program = "/bin/systemctl stop postfix" - if failed port 25 protocol smtp then restart + if failed host 127.0.0.1 port 25 protocol smtp for 3 cycles then restart + if 5 restarts within 10 cycles then alert -check process dovecot with pidfile /var/run/dovecot/master.pid +check process dovecot with pidfile /run/dovecot/master.pid start program = "/bin/systemctl start dovecot" stop program = "/bin/systemctl stop dovecot" - if failed port 143 type tcp then restart - if failed port 993 type tcp ssl then restart + if failed host 127.0.0.1 port 143 type tcp for 3 cycles then restart + if failed host 127.0.0.1 port 993 type tcpssl for 3 cycles then restart + if 5 restarts within 10 cycles then alert -check process mariadb with pidfile /var/run/mysqld/mysqld.pid +check process mariadb with pidfile /run/mysqld/mysqld.pid start program = "/bin/systemctl start mariadb" stop program = "/bin/systemctl stop mariadb" - if failed port 3306 type tcp then restart + if failed host 127.0.0.1 port 3306 type tcp for 2 cycles then restart + if 5 restarts within 10 cycles then alert check process redis with pidfile /run/redis/redis-server.pid start program = "/bin/systemctl start redis-server" stop program = "/bin/systemctl stop redis-server" - if failed port 6379 type tcp then restart + if failed host 127.0.0.1 port 6379 type tcp for 2 cycles then restart + if 5 restarts within 10 cycles then alert -check process rspamd with pidfile /run/rspamd/rspamd.pid - start program = "/bin/systemctl start rspamd" +check process rspamd matching "rspamd: main process" + start program = "/bin/systemctl start rspamd" with timeout 60 seconds stop program = "/bin/systemctl stop rspamd" - if failed port 11332 type tcp then restart + if failed host 127.0.0.1 port 11332 type tcp for 3 cycles then restart + if failed host 127.0.0.1 port 11334 type tcp for 3 cycles then restart + if 5 restarts within 10 cycles then alert check process opendkim with pidfile /run/opendkim/opendkim.pid start program = "/bin/systemctl start opendkim" stop program = "/bin/systemctl stop opendkim" - if failed port 8891 type tcp then restart + if failed host 127.0.0.1 port 8891 type tcp for 2 cycles then restart + if 5 restarts within 10 cycles then alert + +check process opendmarc with pidfile /run/opendmarc/opendmarc.pid + start program = "/bin/systemctl start opendmarc" + stop program = "/bin/systemctl stop opendmarc" + if 5 restarts within 10 cycles then alert check process nginx with pidfile /run/nginx.pid start program = "/bin/systemctl start nginx" stop program = "/bin/systemctl stop nginx" - if failed port 80 type tcp then restart - if failed port 443 type tcp ssl then restart + if failed host 127.0.0.1 port 80 type tcp for 2 cycles then restart + if failed host 127.0.0.1 port 443 type tcpssl for 2 cycles then restart + if 5 restarts within 10 cycles then alert + +check process fail2ban with pidfile /run/fail2ban/fail2ban.pid + start program = "/bin/systemctl start fail2ban" + stop program = "/bin/systemctl stop fail2ban" + if 5 restarts within 10 cycles then alert + +check process clamav matching "clamd" + start program = "/bin/systemctl start clamav-daemon" + stop program = "/bin/systemctl stop clamav-daemon" + if failed unixsocket /run/clamav/clamd.ctl for 3 cycles then restart + if 5 restarts within 10 cycles then unmonitor EOF chmod 600 /etc/monit/monitrc +monit -t || { warn "Monit-Config ungültig — prüfe /etc/monit/monitrc"; } try_quiet systemctl enable --now monit # ===== Smoke-Test =====