> On 29 Aug 2017, at 20:13, Cyril M. <mirt...@mirtouf.fr> wrote:
>
> Hi,
>
> On Mon, 28 Aug 2017 13:53:16 +0300 Sergey B Kirpichev
> <skirpic...@gmail.com> wrote:
>> fixed 868778 monit/1:5.21.0-1
>> tags 868778 +upstream
>> thanks
>>
>> On Tue, 18 Jul 2017 14:48:30 +0200 Cyril Mertens <mirt...@mirtouf.fr> wrote:
>>> As a quick and dirty workaround, I installed monit package from Sid,
>>> reverted to the monit package from Stretch and then the problem was no
>>> more longer present, web controls of monit were made useable again.
>>>
>>> Here are the usual lines automatically added by reportbug.
>>
>> Most importand part (monitrc content) wasn't included, so I can't
>> help too much. Monit's bugtracker suggests that there are other
>> workarrounds, without need for upgrade.
>>
>> BTW, problem is fixed in sid/testing.
>>
>>
> Here are the needed files:
>
> - /etc/monit/monitrc
>
> set daemon 120 # check services at 2-minute intervals
> set log /var/log/monit.log
>
> set idfile /var/lib/monit/id
> set statefile /var/lib/monit/state
>
>
> set eventqueue
> basedir /var/lib/monit/events # set the base directory where
> events will be stored
> slots 100 # optionally limit the queue size
>
> include /etc/monit/conf.d/*
> include /etc/monit/conf-enabled/*
>
> - All files in /etc/monit/conf.d/ (each blank line indicates a separate
> file)
>
> check process apache with pidfile /var/run/apache2/apache2.pid
> group www-data
> group apache
> start program = "/etc/init.d/apache2 start"
> stop program = "/etc/init.d/apache2 stop"
> if 4 restarts within 20 cycles then timeout
> depend apache_bin
> depend apache_rc
>
> check file apache_bin with path /usr/sbin/apache2
> group apache
>
> check file apache_rc with path /etc/init.d/apache2
> group apache
>
> check process lufi
> matching "lufi"
> start program = "/bin/systemctl start lufi"
> stop program = "/bin/systemctl stop lufi"
> if failed port 7777 type tcp then restart
>
> check process murmurd with pidfile /var/run/mumble-server/mumble-server.pid
> group mumble-server
> start program = "/etc/init.d/mumble-server start"
> stop program = "/etc/init.d/mumble-server stop"
> if failed host localhost port 64738 type tcp then restart
> if failed host localhost port 64738 type udp then restart
> if 5 restarts within 5 cycles then timeout
>
> check process munin with pidfile /run/munin/munin-node.pid
> start program = "/etc/init.d/munin-node start"
> stop program = "/etc/init.d/munin-node stop"
> if failed port 4949 type tcp then restart
>
> check process nsd with pidfile /run/nsd/nsd.pid
> noalert x...@mirtouf.fr
> start program = "/etc/init.d/nsd start"
> stop program = "/etc/init.d/nsd stop"
> if failed host localhost port 53 type udp then restart
> if failed host localhost port 53 type tcp then restart
>
> check process ntpd with pidfile /run/ntpd.pid
> group system
> group ntpd
> start program = "/etc/init.d/ntp start"
> stop program = "/etc/init.d/ntp stop"
> if 4 restarts within 12 cycles then timeout
> depend ntpd_bin
> depend ntpd_rc
>
> check file ntpd_bin with path /usr/sbin/ntpd
> group ntpd
> include /etc/monit/templates/rootbin
>
> check file ntpd_rc with path /etc/init.d/ntp
> group ntpd
> include /etc/monit/templates/rootbin
>
> check process sshd with pidfile /var/run/sshd.pid
> group system
> group sshd
> start program = "/etc/init.d/ssh start"
> stop program = "/etc/init.d/ssh stop"
> if failed host localhost port 22 with proto ssh then restart
> if 5 restarts with 5 cycles then timeout
> depend on sshd_bin
> depend on sftp_bin
> depend on sshd_rc
> depend on sshd_rsa_key
> depend on sshd_dsa_key
>
> check file sshd_bin with path /usr/sbin/sshd
> group sshd
> include /etc/monit/templates/rootbin
>
> check file sftp_bin with path /usr/lib/openssh/sftp-server
> group sshd
> include /etc/monit/templates/rootbin
>
> check file sshd_rsa_key with path /etc/ssh/ssh_host_rsa_key
> group sshd
> include /etc/monit/templates/rootstrict
>
> check file sshd_dsa_key with path /etc/ssh/ssh_host_dsa_key
> group sshd
> include /etc/monit/templates/rootstrict
>
> check file sshd_rc with path /etc/ssh/sshd_config
> group sshd
> include /etc/monit/templates/rootrc
>
> set httpd port 2812 and
> use address localhost
> allow localhost
> allow admin:MY_PASSWORD
> check device root with path /
> if space usage > 75% for 5 times within 15 cycles then alert
> if space usage > 90% then alert
>
> check process postgres with pidfile /run/postgresql/9.6-main.pid
> group database
> start program = "/etc/init.d/postgresql start"
> stop program = "/etc/init.d/postgresql stop"
> if failed host 127.0.0.1 port 5432 protocol pgsql then restart
>
> check process redis-server
> with pidfile "/run/redis/redis-server.pid"
> start program = "/etc/init.d/redis-server start"
> stop program = "/etc/init.d/redis-server stop"
> if 2 restarts within 3 cycles then timeout
> if totalmem > 100 Mb then alert
> if children > 255 for 5 cycles then stop
> if cpu usage > 95% for 3 cycles then restart
> if failed host 127.0.0.1 port 6379 then restart
> if 5 restarts within 5 cycles then timeout
>
> check process sendmail with pidfile /run/sendmail/mta/sendmail.pid
> group mail
> start program = "/etc/init.d/sendmail start"
> stop program = "/etc/init.d/sendmail stop"
> if failed port 25 protocol smtp then restart
> if failed port 587 protocol smtp then restart
> depends on sendmail_bin
> depends on sendmail_rc
>
> check file sendmail_bin with path /usr/lib/sm.bin/sendmail
> group mail
> if failed checksum then unmonitor
> if failed permission 2755 then unmonitor
> if failed uid root then unmonitor
> if failed gid smmsp then unmonitor
>
> check file sendmail_rc with path /etc/init.d/sendmail
> group mail
> if failed checksum then unmonitor
> if failed permission 755 then unmonitor
> if failed uid root then unmonitor
> if failed gid root then unmonitor
>
> check process strongswan with pidfile /run/starter.charon.pid
> group ipsec
> start program = "/bin/systemctl start strongswan.service"
> stop program = "/bin/systemctl stop strongswan.service"
> if failed host localhost port 500 type udp then restart
> if failed host localhost port 4500 type udp then restart
> if 5 restarts within 5 cycles then timeout
>
> check process xl2tpd with pidfile /run/xl2tpd.pid
> group ipsec
> start program = "/bin/systemctl start xl2tpd.service"
> stop program = "/bin/systemctl stop xl2tpd.service"
> if failed host 10.10.23.59 port 1701 type udp then restart
> if 5 restarts within 5 cycles then timeout
>
>
> As you noticed, I am also using the templates being shipped with the
> package with no changes.
>
> Hope this helps.
>
> Cheers,
> Cyril
>
Hello Cyril,
please make sure your monit CLI matches the monit daemon version - some users
had multiple Monit installations (for example one via debian package, second
compiled from the source code directly). If the client or server version is <
5.21.0, the CSRF protection will reject the client:
find / -name monit -type f -ls -exec {} -V \; 2>/dev/null
Best regards,
Martin
