monitoring-plugins icon indicating copy to clipboard operation
monitoring-plugins copied to clipboard

Published 20 hours ago verified publisher icon Linuxfabrik

Monitoring Check Plugin Wishlist

Open NavidSassan opened this issue 3 years ago • 12 comments

What might come next? Some ideas.

Poll: Will be available on TypeForm

Template:

  • [ ] certs (connecting and checking expiry date): also check CRLs; have a look at https://github.com/matteocorti/check_ssl_cert; make use of TLS 1.3
  • [ ] check_http from nagios-plugins: replace because of missing TLS 1.3 and http/2
  • [ ] CIS: chage --list (without --user for all), Password expires, Account expires (CRIT for root, WARN otherwise)
  • [ ] CIS: chmods
  • [ ] clamav: age of signatur (version number)
  • [ ] collabora, lool, cool: License usage cannot be tracked, as the server is not tracking it for the time being, either. For the other metrics, Collabora Online has a REST endpoint that can be used to retrieve those metrics in Prometheus format, and then they can be viewed in the environment of your choice. The available metrics can be checked here: https://github.com/CollaboraOnline/online/blob/master/wsd/metrics.txt The endpoint for the metrics is http(s)://<Collabora Online server+port>/lool/getMetrics
  • [ ] cpu-delay: https://coroot.com/blog/linux-delay-accounting
  • [ ] docker-stats (refactor)
  • [ ] file-ownership: rename it to file-stat, and also check permissions according to CIS
  • [ ] CIS: find unowned files: find / -nouser -o -nogroup (stay local)
  • [ ] graylog in any way
  • [ ] hashicorp-vault: check vault seal status
  • [ ] icinga: Check the age of the last check result via API. Newest Last Service Check: WARN if > 10min. Newest Last Host Check: WARN if > 10min. curl -k -s -u 'icinga-director-api:user' -H 'Accept: application/json' -H 'X-HTTP-Method-Override: GET' -X POST 'https://host:5665/v1/objects/services' -d '{ "filter": "service.last_check<1588178000", "attrs": [ "__name", "check_interval", "retry_interval", last_check" ], "pretty": true }'
  • [ ] influxdb
  • [ ] java: https://github.com/prometheus/client_java (JVM memory is filling up (> 80%))
  • [ ] libreoffice headless: /usr/bin/libreoffice --headless --convert-to pdf --outdir /tmp/ /data/test.docx (create a testdocument and delete it)
  • [ ] mongodb: https://github.com/percona/mongodb_exporter
  • [ ] netfilter nf_conntrack; see https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt, https://wiki.khnet.info/index.php/Conntrack_tuning, https://voipmagazine.wordpress.com/tag/nf_conntrack_buckets/
  • [ ] network-link: ls /sys/class/net, ethtool <ifname> 2> /dev/null | grep 'Link'
  • [ ] Nextcloud: report, if an App was disabled (after an update)
  • [ ] ngnix-stats: move to http://nginx.org/en/docs/http/ngx_http_api_module.html
  • [ ] openstack: Usages from Project Dashboard > Limit Summary, Usage Summary
  • [ ] pihole
  • [ ] postgresql
  • [ ] rabbitmq-monitoring (over all queues: more than 10 messages since 24h+ => alarm; report queue errors and count), https://github.com/kbudde/rabbitmq_exporter
  • [ ] rkhunter
  • [ ] securityheaders using sslyze (sslyze --tlsv1 --robot --http_headers --early_data --resum_rate --compression --fallback --openssl_ccs --reneg --certinfo --tlsv1_2 --resum --sslv2 --heartbleed --sslv3 --tlsv1_3 --tlsv1_1 --json_out=/tmp/json example.com:443)
  • [ ] run_remote: run a command on the remote host, just like Ansible plugins/connection/ssh.py:exec_command()
  • [ ] ssllabs: if sslyze, then like so: sslyze --tlsv1 --robot --http_headers --early_data --resum_rate --compression --fallback --openssl_ccs --reneg --certinfo --tlsv1_2 --resum --sslv2 --heartbleed --sslv3 --tlsv1_3 --tlsv1_1 --json_out=/tmp/json example.com:443
  • [ ] stratis pool list
  • [ ] ulimits
  • [ ] vdostats --verbose
  • [ ] wordpress-security-scan (wpscan)

NavidSassan avatar Dec 18 '21 18:12 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #130

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #125

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #131

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #122

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #128

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #129

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #126

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:50

marked this issue as related to #123

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 16, 2022, 21:54

marked this issue as related to #124

NavidSassan avatar Feb 16 '22 20:02 NavidSassan

In GitLab by @markuslf on Feb 19, 2022, 14:58

marked the task networking-bonding as completed

NavidSassan avatar Feb 19 '22 13:02 NavidSassan

In GitLab by @markuslf on Feb 19, 2022, 15:20

changed due date to February 28, 2022

NavidSassan avatar Feb 19 '22 14:02 NavidSassan

In GitLab by @markuslf on Feb 28, 2022, 11:20

changed due date to June 30, 2022

NavidSassan avatar Feb 28 '22 10:02 NavidSassan