Got rkhunter working for HIDS; operational fixes for Sharingan

roles/Sharingan/files/monit/checks/system

@@ -0,0 +1,33 @@
+###############################################################################
+## Services
+###############################################################################
+#
+## Check general system resources such as load average, cpu and memory
+## usage. Each test specifies a resource, conditions and the action to be
+## performed should a test fail.
+check system $HOST
+  if loadavg (1min) per core > 2 for 5 cycles then exec "/etc/monit.d/scripts/critical Load average is high"
+  if memory usage > 75% then exec "/etc/monit.d/scripts/critical Memory is overused."
+  if swap usage > 25% then exec "/etc/monit.d/scripts/critical Swap is overused."
+  group system
+#
+## Check filesystem permissions, uid, gid, space usage, inode usage and disk I/O.
+## Other services, such as databases, may depend on this resource and an automatically
+## graceful stop may be cascaded to them before the filesystem will become full and data
+## lost.
+check filesystem rootfs with path /
+  if space usage > 80% for 5 times within 15 cycles then exec "/etc/monit.d/scripts/critical Root filesystem is too full."
+  if read rate > 500 operations/s for 5 cycles then exec "/etc/monit.d/scripts/critical Too many reads on root filesystem."
+  if write rate > 500 operations/s for 5 cycles then exec "/etc/monit.d/scripts/critical Too many writes on root filesystem."
+  if service time > 50 milliseconds for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical Root filesystem performing slowly -- check iostat."
+  group system
+#
+## Check a network link status (up/down), link capacity changes, saturation
+## and bandwidth usage.
+#
+#  check network public with interface eth0
+#    if failed link then alert
+#    if changed link then alert
+#    if saturation > 90% then alert
+#    if download > 10 MB/s then alert
+#    if total uploaded > 1 GB in last hour then alert

roles/Sharingan/files/monit/checks/vips

@@ -0,0 +1,29 @@
+check program https_aninix with path "/usr/lib/monitoring-plugins/check_http --ssl -H aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical aninix.net not reporting OK"
+
+check program https_foundation with path "/usr/lib/monitoring-plugins/check_http --ssl -H foundation.aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical foundation.aninix.net not reporting OK"
+
+check program https_geth with path "/usr/lib/monitoring-plugins/check_http --ssl -H geth.aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical geth.aninix.net not reporting OK"
+
+check program https_lykos with path "/usr/lib/monitoring-plugins/check_http --ssl -H lykos.aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical lykos.aninix.net not reporting OK"
+
+check program https_maat with path "/usr/lib/monitoring-plugins/check_http --ssl -H maat.aninix.net -r PASS"
+    if status != 0 then exec "/etc/monit.d/scripts/critical maat.aninix.net not reporting OK"
+
+check program https_password with path "/usr/lib/monitoring-plugins/check_http --ssl -H password.aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical password.aninix.net not reporting OK"
+
+check program https_sharingan with path "/usr/lib/monitoring-plugins/check_http --ssl -H sharingan.aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical sharingan.aninix.net not reporting OK"
+
+check program https_singularity with path "/usr/lib/monitoring-plugins/check_http --ssl -H singularity.aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical singularity.aninix.net not reporting OK"
+
+check program https_wolfpack with path "/usr/lib/monitoring-plugins/check_http --ssl -H wolfpack.aninix.net"
+    if status != 0 then exec "/etc/monit.d/scripts/critical wolfpack.aninix.net not reporting OK"
+
+#check program https_yggdrasil with path "/usr/lib/monitoring-plugins/check_http --ssl -u /web/index.html -H yggdrasil.aninix.net"
+#    if status != 0 then exec "/etc/monit.d/scripts/critical yggdrasil.aninix.net not reporting OK"

roles/Sharingan/files/monit/hostdefs/Core

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/DarkNet

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Geth-Hub-1

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Geth-Hub-2

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Geth-Hub-3

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Maat

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Nazara

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Node0

@@ -0,0 +1 @@
+include "/etc/monit.d/checks/system"

roles/Sharingan/files/monit/hostdefs/Sharingan

@@ -0,0 +1,3 @@
+include "/etc/monit.d/checks/system"
+include "/etc/monit.d/checks/vips"
+

roles/Sharingan/files/monit/scripts/critical

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/bin/systemd-cat -t sharingan-eval echo CRITICAL: "$@"

roles/Sharingan/files/monit/scripts/notify

@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/bin/systemd-cat -t sharingan-eval echo INFO: "$@"

roles/Sharingan/files/monit/sharingan-eval.service

@@ -0,0 +1,33 @@
+# This file is systemd template for monit service. To
+# register monit with systemd, place the monit.service file
+# to the /lib/systemd/system/ directory and then start it
+# using systemctl (see bellow).
+#
+# Enable monit to start on boot:
+#         systemctl enable monit.service
+#
+# Start monit immediately:
+#         systemctl start monit.service
+#
+# Stop monit:
+#         systemctl stop monit.service
+#
+# Status:
+#         systemctl status monit.service
+
+[Unit]
+Description=AniNIX/Sharingan | Evaluation service, powered by monit
+After=network-online.target
+Documentation=man:monit(1) https://mmonit.com/wiki/Monit/HowTo
+
+[Service]
+Type=simple
+KillMode=process
+ExecStart=/usr/bin/monit -I
+ExecStop=/usr/bin/monit quit
+ExecReload=/usr/bin/monit reload
+Restart=on-abnormal
+StandardOutput=null
+
+[Install]
+WantedBy=multi-user.target