icinga-zones/global-templates/commands.conf

462 lines
13 KiB
Text
Raw Permalink Normal View History

2023-08-18 12:15:32 +00:00
// vim: set ft=icinga2 et sw=2 ts=2 si ai:
2023-08-18 13:03:06 +00:00
/*
* Checks the validity of a custom CA certificate (like a Icinga or Puppet CA).
*/
object CheckCommand "custom_ca_cert" {
command = [ PluginContribDir + "/check_ssl_cert" ]
2023-08-18 14:21:48 +00:00
arguments = {
2023-08-18 13:03:06 +00:00
"-f" = {
value = "$ssl_cert_file$"
description = "Local file path (works with -H localhost only)"
}
"-s" = {
set_if = "$ssl_cert_selfsigned$"
description = "Allow self-signed certificate"
}
"-A" = {
set_if = "$ssl_cert_noauth$"
description = "Ignore authority warnings (expiration only)"
}
"--ignore-maximum-validity" = {
set_if = "$ssl_cert_ignore_maximum_validity$"
description = "Ignore the certificate maximum validity"
}
"--allow-empty-san" = {
2023-08-18 14:28:04 +00:00
set_if = "$ssl_cert_allow_empty_san$"
2023-08-18 13:03:06 +00:00
description = "Allow certificates without Subject Alternative Names (SANs)"
}
"-w" = {
value = "$ssl_cert_warn$"
description = "Minimum number of days a certificate has to be valid"
}
"-c" = {
value = "$ssl_cert_critical$"
description = "Minimum number of days a certificate has to be valid to issue a critical status"
}
2023-08-18 14:21:48 +00:00
}
2023-08-18 13:03:06 +00:00
vars.ssl_cert_selfsigned = true
vars.ssl_cert_noauth = true
vars.ssl_cert_ignore_maximum_validity = true
vars.ssl_cert_allow_empty_san = true
2023-08-19 09:59:32 +00:00
vars.ssl_cert_warn = 456
vars.ssl_cert_critical = 396
2023-08-18 13:03:06 +00:00
}
object CheckCommand "custom_ssl_cert" {
import "ipv4-or-ipv6"
command = [ PluginContribDir + "/check_ssl_cert" ]
arguments = {
"-H" = {
value = "$ssl_cert_address$"
description = "The host's address"
required = true
}
"-p" = {
value = "$ssl_cert_port$"
description = "TCP port number (default: 443)"
}
"-f" = {
value = "$ssl_cert_file$"
description = "Local file path (works with -H localhost only)"
}
"-w" = {
value = "$ssl_cert_warn$"
description = "Minimum number of days a certificate has to be valid"
}
"-c" = {
value = "$ssl_cert_critical$"
description = "Minimum number of days a certificate has to be valid to issue a critical status"
}
"-m" = {
value = "$ssl_cert_cn$"
description = "Pattern to match the CN of the certificate"
}
"--altnames" = {
set_if = "$ssl_cert_altnames$"
description = "Matches the pattern specified in -n with alternate"
}
"-i" = {
value = "$ssl_cert_issuer$"
description = "Pattern to match the issuer of the certificate"
}
"-o" = {
value = "$ssl_cert_org$"
description = "Pattern to match the organization of the certificate"
}
"-e" = {
value = "$ssl_cert_email$"
description = "Pattern to match the email address contained in the certificate"
}
"-N" = {
set_if = "$ssl_cert_match_host$"
description = "Match CN with the host name"
}
"--serial" = {
value = "$ssl_cert_serial$"
description = "Pattern to match the serial number"
}
"-A" = {
set_if = "$ssl_cert_noauth$"
description = "Ignore authority warnings (expiration only)"
}
"-s" = {
set_if = "$ssl_cert_selfsigned$"
description = "Allow self-signed certificate"
}
"--sni" = {
value = "$ssl_cert_sni$"
description = "Sets the TLS SNI (Server Name Indication) extension"
}
"-t" = {
value = "$ssl_cert_timeout$"
description = "Seconds before connection times out (default: 15)"
}
"-P" = {
value = "$ssl_cert_protocol$"
description = "Use the specific protocol {http|smtp|pop3|imap|ftp|xmpp|irc|ldap} (default: http)"
}
"--clientcert" = {
value = "$ssl_cert_clientcert$"
description = "Use client certificate to authenticate"
}
"--clientpass" = {
value = "$ssl_cert_clientpass$"
description = "Set passphrase for client certificate (for PKCS#12)"
}
"--clientkey" = {
value = "$ssl_cert_clientkey$"
description = "Use private key for client certificate to authenticate"
}
"-L" = {
value = "$ssl_cert_ssllabs$"
description = "SSL Labs assestment"
}
"--ignore-ssl-labs-cache" = {
set_if = "$ssl_cert_ssllabs_nocache$"
description = "Forces a new check by SSL Labs"
}
"-r" = {
value = "$ssl_cert_rootssl_cert$"
description = "Root certificate or directory to be used for certificate validation"
}
"--ssl2" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "ssl2"
}}
}
"--ssl3" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "ssl3"
}}
}
"--tls1" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "tls1"
}}
}
"--tls1_1" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "tls1_1"
}}
}
"--tls1_2" = {
set_if = {{
return macro("$ssl_cert_ssl_version$") == "tls1_2"
}}
}
"--no_ssl2" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "ssl2" in disable_versions
}}
}
"--no_ssl3" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "ssl3" in disable_versions
}}
}
"--no_tls1" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "tls1" in disable_versions
}}
}
"--no_tls1_1" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "tls1_1" in disable_versions
}}
}
"--no_tls1_2" = {
set_if = {{
var disable_versions = macro("$ssl_cert_disable_ssl_versions$")
if (typeof(disable_versions) == String) {
disable_versions = [ disable_versions ]
}
return "tls1_2" in disable_versions
}}
}
"--ecdsa" = {
set_if = {{
return macro("$ssl_cert_cipher$") == "ecdsa"
}}
description = "Cipher selection: force ECDSA authentication"
}
"--rsa" = {
set_if = {{
return macro("$ssl_cert_cipher$") == "rsa"
}}
description = "Cipher selection: force RSA authentication"
}
"--ignore-sig-alg" = {
set_if = "$ssl_cert_ignore_signature$"
description = "Do not check if the certificate was signed with SHA1 od MD5"
}
"--ignore-exp" = {
set_if = "$ssl_cert_ignore_expiration$"
description = "Ignore expiration date"
}
"--ignore-ocsp" = {
set_if = "$ssl_cert_ignore_ocsp$"
description = "Do not check revocation with OCSP"
}
"--ignore-sct" = {
set_if = "$ssl_cert_ignore_sct$"
description = "Do not check for signed certificate timestamps"
}
}
vars.ssl_cert_address = "$check_address$"
vars.ssl_cert_port = 443
}
2023-08-18 13:03:06 +00:00
/*
* Local command to check whether the current kernel is the latest installed
* kernel.
*/
object CheckCommand "kernel_status" {
command = [ LocalPluginDir + "/check_kernel_status" ]
}
2023-08-18 12:15:32 +00:00
/*
* Checks a local PostgreSQL database. You need to grant the given user
* (normally nagios, which is what Icinga is running as) privileges to connect
* the specified database (or 'template1') and optionally execute the specified
* query.
*/
object CheckCommand "pgsql_socket" {
command = [ PluginDir + "/check_pgsql" ]
arguments = {
"-d" = {
value = "$pgsql_database$"
description = "Database to check (default: template1)"
}
"-l" = {
value = "$pgsql_username$"
description = "Login name of user"
}
"-o" = {
value = "$pgsql_options$"
description = "Connection parameters (keyword = value), see below"
}
"-w" = {
value = "$pgsql_warning$"
description = "Response time to result in warning status (seconds)"
}
"-c" = {
value = "$pgsql_critical$"
description = "Response time to result in critical status (seconds)"
}
"-t" = {
value = "$pgsql_timeout$"
description = "Seconds before connection times out (default: 10)"
}
"-q" = {
value = "$pgsql_query$"
description = "SQL query to run. Only first column in first row will be read"
}
"-W" = {
value = "$pgsql_query_warning$"
description = "SQL query value to result in warning status (double)"
}
"-C" = {
value = "$pgsql_query_critical$"
description = "SQL query value to result in critical status (double)"
}
}
vars.pgsql_username = "nagios"
}
object CheckCommand "custom_systemd" {
command = [ PluginContribDir + "/check_systemd" ]
}
/* Notification Commands
*
* Please check the documentation for all required and
* optional parameters.
*/
object NotificationCommand "matrix-host-notification" {
import "plugin-notification-command"
command = [ PluginDir + "/matrix-host-notification" ]
arguments += {
"-4" = "$notification_address$"
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-m" = {
required = true
value = "$notification_matrix_room_id$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_hostoutput$"
}
"-s" = {
required = true
value = "$notification_hoststate$"
}
"-t" = {
required = true
value = "$notification_type$"
}
"-x" = {
required = true
value = "$notification_matrix_server$"
}
"-y" = {
required = true
value = "$notification_matrix_token$"
}
}
vars.notification_address = "$address$"
vars.notification_address6 = "$address6$"
vars.notification_author = "$notification.author$"
vars.notification_comment = "$notification.comment$"
vars.notification_date = "$icinga.long_date_time$"
vars.notification_hostdisplayname = "$host.display_name$"
vars.notification_hostname = "$host.name$"
vars.notification_hostoutput = "$host.output$"
vars.notification_hoststate = "$host.state$"
vars.notification_type = "$notification.type$"
vars.notification_icingaweb2url = Icingaweb2URL
vars.notification_matrix_server = MatrixBotServer
vars.notification_matrix_token = MatrixBotToken
vars.notification_matrix_room_id = "$user.vars.matrix_room_id$"
}
object NotificationCommand "matrix-service-notification" {
import "plugin-notification-command"
command = [ PluginDir + "/matrix-service-notification" ]
arguments += {
"-4" = {
required = true
value = "$notification_address$"
}
"-6" = "$notification_address6$"
"-b" = "$notification_author$"
"-c" = "$notification_comment$"
"-d" = {
required = true
value = "$notification_date$"
}
"-e" = {
required = true
value = "$notification_servicename$"
}
"-i" = "$notification_icingaweb2url$"
"-l" = {
required = true
value = "$notification_hostname$"
}
"-m" = {
required = true
value = "$notification_matrix_room_id$"
}
"-n" = {
required = true
value = "$notification_hostdisplayname$"
}
"-o" = {
required = true
value = "$notification_serviceoutput$"
}
"-s" = {
required = true
value = "$notification_servicestate$"
}
"-t" = {
required = true
value = "$notification_type$"
}
"-u" = {
required = true
value = "$notification_servicedisplayname$"
}
"-x" = {
required = true
value = "$notification_matrix_server$"
}
"-y" = {
required = true
value = "$notification_matrix_token$"
}
}
vars.notification_address = "$address$"
vars.notification_address6 = "$address6$"
vars.notification_author = "$notification.author$"
vars.notification_comment = "$notification.comment$"
vars.notification_date = "$icinga.long_date_time$"
vars.notification_hostdisplayname = "$host.display_name$"
vars.notification_hostname = "$host.name$"
vars.notification_servicedisplayname = "$service.display_name$"
vars.notification_servicename = "$service.name$"
vars.notification_serviceoutput = "$service.output$"
vars.notification_servicestate = "$service.state$"
vars.notification_type = "$notification.type$"
vars.notification_icingaweb2url = Icingaweb2URL
vars.notification_matrix_server = MatrixBotServer
vars.notification_matrix_token = MatrixBotToken
vars.notification_matrix_room_id = "$user.vars.matrix_room_id$"
}