From c1613be214aaf431ffc77ebf36fbd471103e6b46 Mon Sep 17 00:00:00 2001 From: enggnr <129082112+enggnr@users.noreply.github.com> Date: Fri, 26 May 2023 20:16:51 +0530 Subject: [PATCH 1/8] Netdata Alert configs --- home/dot_config/netdata/health.d/cpu.conf | 32 +++++++++++++++++++ home/dot_config/netdata/health.d/disks.conf | 7 ++++ home/dot_config/netdata/health.d/network.conf | 6 ++++ home/dot_config/netdata/health.d/ram.conf | 8 +++++ 4 files changed, 53 insertions(+) create mode 100644 home/dot_config/netdata/health.d/cpu.conf create mode 100644 home/dot_config/netdata/health.d/disks.conf create mode 100644 home/dot_config/netdata/health.d/network.conf create mode 100644 home/dot_config/netdata/health.d/ram.conf diff --git a/home/dot_config/netdata/health.d/cpu.conf b/home/dot_config/netdata/health.d/cpu.conf new file mode 100644 index 00000000..af46be20 --- /dev/null +++ b/home/dot_config/netdata/health.d/cpu.conf @@ -0,0 +1,32 @@ +alarm: cpu_usage +on: system.cpu +lookup: average -1m percentage foreach user,system +units: % +every: 5m +warn: $this > 50 +crit: $this > 70 +info: CPU utilization of users or the system + +template: ml_5min_cpu_dims +on: system.cpu +os: linux +hosts: * +lookup: average -5m anomaly-bit foreach * +calc: $this +units: % +every: 30s +warn: $this > (($status >= $WARNING) ? (5) : (20)) +crit: $this > (($status == $CRITICAL) ? (20) : (100)) +info: Rolling 5min anomaly rate for each system.cpu dimension + +template: ml_5min_cpu_chart +on: system.cpu +os: linux +hosts: * +lookup: average -5m anomaly-bit of * +calc: $this +units: % +every: 30s +warn: $this > (($status >= $WARNING) ? (5) : (20)) +crit: $this > (($status == $CRITICAL) ? (20) : (100)) +info: Rolling 5min anomaly rate for system.cpu chart diff --git a/home/dot_config/netdata/health.d/disks.conf b/home/dot_config/netdata/health.d/disks.conf new file mode 100644 index 00000000..12a3c805 --- /dev/null +++ b/home/dot_config/netdata/health.d/disks.conf @@ -0,0 +1,7 @@ +template: disk_full_percent +on: disk.space +calc: $used * 100 / ($avail + $used) +every: 60m +warn: $this > 70 +crit: $this > 85 +info: Disk usage on the system diff --git a/home/dot_config/netdata/health.d/network.conf b/home/dot_config/netdata/health.d/network.conf new file mode 100644 index 00000000..ca64ffe2 --- /dev/null +++ b/home/dot_config/netdata/health.d/network.conf @@ -0,0 +1,6 @@ +template: 30min_packet_drops +on: net.drops +lookup: sum -30m unaligned absolute +every: 10s +crit: $this > 0 +info: Dropper network packets diff --git a/home/dot_config/netdata/health.d/ram.conf b/home/dot_config/netdata/health.d/ram.conf new file mode 100644 index 00000000..7721472b --- /dev/null +++ b/home/dot_config/netdata/health.d/ram.conf @@ -0,0 +1,8 @@ +alarm: ram_usage +on: system.ram +lookup: average -1m percentage foreach user,system +units: % +every: 5m +warn: $this > 50 +crit: $this > 90 +info: RAM utilization of users or the system From d131688b55db3054e9c86dbf26b022616a670b2b Mon Sep 17 00:00:00 2001 From: enggnr <129082112+enggnr@users.noreply.github.com> Date: Mon, 29 May 2023 15:59:41 +0530 Subject: [PATCH 2/8] Additional alerts and notifications in Netdata --- home/.chezmoi.yaml.tmpl | 12 + .../run_onchange_after_57-netdata.sh.tmpl | 60 + home/dot_config/netdata/health.d/apps.conf | 26 + home/dot_config/netdata/health.d/network.conf | 2 +- .../netdata/health_alarm_notify.conf.tmpl | 1320 +++++++++++++++++ software.yml | 11 +- 6 files changed, 1429 insertions(+), 2 deletions(-) create mode 100644 home/dot_config/netdata/health.d/apps.conf create mode 100644 home/dot_config/netdata/health_alarm_notify.conf.tmpl diff --git a/home/.chezmoi.yaml.tmpl b/home/.chezmoi.yaml.tmpl index 53e39260..14d09307 100644 --- a/home/.chezmoi.yaml.tmpl +++ b/home/.chezmoi.yaml.tmpl @@ -12,8 +12,13 @@ {{- $locale := (output "echo" "$LANG") }} {{- $name := (default "Brian Zalewski" (env "FULL_NAME")) -}} {{- $restricted := (default false (env "WORK_ENVIRONMENT")) -}} +{{- $slack_webhook_url := (default "" (env "SLACK_WEBHOOK_URL")) -}} +{{- $slack_netdata_alarms_channel := (default "" (env "SLACK_NETDATA_ALARMS_CHANNEL")) -}} {{- $snapcraftEmail := (default "brian@megabyte.space" (env "SNAPCRAFT_EMAIL"))}} {{- $surgeshUsername := (default "brian@megabyte.space" (env "SURGESH_USERNAME")) -}} +{{- $syslog_netdata_enable := (default false (env "SYSLOG_NETDATA_ENABLE")) -}} +{{- $syslog_netdata_facility := (default "local6" (env "SYSLOG_NETDATA_FACILITY")) -}} +{{- $syslog_netdata_recipients := (default "" (env "SYSLOG_NETDATA_RECIPIENTS")) -}} {{- $timezone := (default "America/New_York" (env "TIMEZONE")) -}} {{- $toolchains := list "CLI-Extras" "Docker" "Go" "Kubernetes" "Web-Development" -}} {{- $work := (default false (env "WORK_ENVIRONMENT")) -}} @@ -159,7 +164,14 @@ data: - 192.168.1.0/24 qubes: {{ ne (stat (joinPath "usr" "bin" "qubes-session")) false }} restricted: {{ $restricted }} + slack: + webhook_url: "{{ $slack_webhook_url }}" + netdata_alarms_channel: "{{ $slack_netdata_alarms_channel }}" softwareGroup: "{{ $softwareGroup }}" + syslog: + config: {{ $syslog_netdata_enable }} + netdata_facility: "{{ $syslog_netdata_facility }}" + netdata_recipients: "{{ $syslog_netdata_recipients }}" type: "{{ $chassisType }}" work: {{ $work }} toolchains: diff --git a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl index a6699b4f..b74668da 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl @@ -1,3 +1,63 @@ +{{- if ne .host.distro.family "windows" -}} +#!/usr/bin/env bash +# @file Netdata +# @brief Configures Netdata alerts and notifications +# @description +# This script installs additional alerts and enables notifications if Netdata is installed. Email notifications are configured +# using the provided email address. Slack notifications are configured if `SLACK_WEBHOOK_URL` and `SLACK_NETDATA_ALARMS_CHANNEL` +# are provided. Syslog integration is configured if `SYSLOG_NETDATA_ENABLE` and `SYSLOG_NETDATA_RECIPIENTS` are provided. +# If the OS is Debian based, Netdata shows the number of CVEs in currently installed packages. + +{{ includeTemplate "universal/profile" }} +{{ includeTemplate "universal/logg" }} + +### Install additional alerts and enable notifications +if command -v netdata > /dev/null; then + # Copy the additional alert definitions + logg info 'Copying $HOME/.config/netdata/health.d/ to /etc/netdata/' + sudo cp -rf "$HOME/.config/netdata/health.d/" /etc/netdata/ + + logg info 'Copying $HOME/.config/netdata/health_alarm_notify.conf to /usr/lib/netdata/conf.d/health_alarm_notify.conf' + sudo cp -f /usr/lib/netdata/conf.d/health_alarm_notify.conf /usr/lib/netdata/conf.d/health_alarm_notify.conf.bak + sudo cp -f "$HOME/.config/netdata/health_alarm_notify.conf" /usr/lib/netdata/conf.d/health_alarm_notify.conf +else + logg warn '`netdata` is not available in the PATH or is not installed' +fi + +### Configure Netdata to gather information about CVEs in the installed packages +if command -v debsecan > /dev/null; then + + # Installing the script to generate report on CVEs in installed packages + logg info 'Installing script to generate on CVEs in installed packages' + sudo curl -sSL https://raw.githubusercontent.com/nodiscc/netdata-debsecan/master/usr_local_bin_debsecan-by-type -o /usr/local/bin/debsecan-by-type + + # Generate initial debsecan reports in /var/log/debsecan/ + logg info 'Generating initial debsecan reports in /var/log/debsecan/' + /usr/local/bin/debsecan-by-type + + # Configure dpkg to refresh the file after each run + logg info 'Configuring dpkg to refresh the file after each run' + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_apt_apt.conf.d_99debsecan -o /etc/apt/apt.conf.d/99debsecan + + # Add a cron job to refresh the file every hour + logg info 'Adding a cron job to refresh the file every hour' + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_cron.d_debsecan -o /etc/cron.d/debsecan + + # Install the module/configuration file + logg info 'Installing the module and configuration file + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.chart.py -o /usr/libexec/netdata/python.d/ + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.conf -o /etc/netdata/python.d/ + + # Restart Netdata service + logg info 'Restarting netdata service' + sudo systemctl restart netdata +else + logg warn '`debsecan` is not available in the PATH or is not installed' +fi + + +{{ end -}} + {{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (or (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_TOKEN")) (env "NETDATA_TOKEN")) (or (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_ROOM")) (env "NETDATA_ROOM")) -}} #!/usr/bin/env bash # @file Netdata diff --git a/home/dot_config/netdata/health.d/apps.conf b/home/dot_config/netdata/health.d/apps.conf new file mode 100644 index 00000000..3aee06f4 --- /dev/null +++ b/home/dot_config/netdata/health.d/apps.conf @@ -0,0 +1,26 @@ +alarm: apps_cpu_usage +on: apps.cpu +lookup: average -1m percentage * +units: % +every: 5m +warn: $this > 50 +crit: $this > 70 +info: CPU utilization of Applications + +alarm: apps_ram_usage +on: apps.mem +lookup: average -1m percentage * +units: % +every: 5m +warn: $this > 65 +crit: $this > 80 +info: RAM utilization of Applications + +alarm: apps_swap_usage +on: apps.swap +lookup: average -1m percentage * +units: % +every: 5m +warn: $this > 50 +crit: $this > 70 +info: Swap utilization of Applications diff --git a/home/dot_config/netdata/health.d/network.conf b/home/dot_config/netdata/health.d/network.conf index ca64ffe2..14fefc33 100644 --- a/home/dot_config/netdata/health.d/network.conf +++ b/home/dot_config/netdata/health.d/network.conf @@ -3,4 +3,4 @@ on: net.drops lookup: sum -30m unaligned absolute every: 10s crit: $this > 0 -info: Dropper network packets +info: Dropped network packets diff --git a/home/dot_config/netdata/health_alarm_notify.conf.tmpl b/home/dot_config/netdata/health_alarm_notify.conf.tmpl new file mode 100644 index 00000000..b05c8760 --- /dev/null +++ b/home/dot_config/netdata/health_alarm_notify.conf.tmpl @@ -0,0 +1,1320 @@ +# Configuration for alarm notifications +# +# This configuration is used by: alarm-notify.sh +# changes take effect immediately (the next alarm will use them). +# +# alarm-notify.sh can send: +# - e-mails (using the sendmail command), +# - push notifications to your mobile phone (pushover.net), +# - messages to your slack team (slack.com), +# - messages to your alerta server (alerta.io), +# - messages to your flock team (flock.com), +# - messages to your discord guild (discord.com), +# - messages to your telegram chat / group chat (telegram.org) +# - sms messages to your cell phone or any sms enabled device (twilio.com) +# - sms messages to your cell phone or any sms enabled device (messagebird.com) +# - sms messages to your cell phone or any sms enabled device (smstools3) +# - notifications to users on pagerduty.com +# - push notifications to iOS devices (via prowlapp.com) +# - notifications to Amazon SNS topics (aws.amazon.com) +# - messages to your irc channel on your selected network +# - messages to a local or remote syslog daemon +# - message to Microsoft Teams (through webhook) +# - message to Rocket.Chat (through webhook) +# - message to Google Hangouts Chat (through webhook) +# - push notifications to your mobile phone or desktop (ntfy.sh) +# +# The 'to' line given at netdata alarms defines a *role*, so that many +# people can be notified for each role. +# +# This file is a BASH script itself. +# +# +#------------------------------------------------------------------------------ +# proxy configuration +# +# If you need to send curl based notifications (pushover, pushbullet, slack, alerta, +# flock, discord, telegram) via a proxy, set these to your proxy address: +#export http_proxy="http://10.0.0.1:3128/" +#export https_proxy="http://10.0.0.1:3128/" + + +#------------------------------------------------------------------------------ +# notifications images +# +# Images in notifications need to be downloaded from an Internet facing site. +# To allow notification providers fetch the icons/images, by default we set +# the URL of the global public netdata registry. +# If you have an Internet facing netdata (or you have copied the images/ folder +# of netdata to your web server), set its URL here, to fetch the notification +# images from it. +#images_base_url="http://my.public.netdata.server:19999" + + +#------------------------------------------------------------------------------ +# date handling +# +# You can configure netdata alerts to send dates in any format you want. +# This uses standard `date` command format strings. See `man date` for +# more info on what you can put in here. Note that this has to start with a '+', otherwise it won't work. +# +# For ISO 8601 dates, use '+%FT%T%z' +# For RFC 5322 dates, use '+%a, %d %b %Y %H:%M:%S %z' +# For RFC 3339 dates, use '+%F %T%:z' +# For RFC 1123 dates, use '+%a, %d %b %Y %H:%M:%S %Z' +# For RFC 1036 dates, use '+%A, %d-%b-%y %H:%M:%S %Z' +# For a reasonably local date and time (in that order), use '+%x %X' +# For the old default behavior (compatible with ANSI C's asctime() function), leave this empty. +date_format='' + + +#------------------------------------------------------------------------------ +# hostname handling +# +# By default, Netdata will use the simple hostname for the system (the +# hostname with everything after the first `.` removed) when displaying +# the hostname in alert notifications. If you prefer, you can uncomment +# the line below to have Netdata instead use the host's fully qualified +# domain name. +# +# This does not report correct FQDN's for child systems for which this +# system is a parent. +# +# Additionally, if the system host name is overridden in /etc/netdata.conf +# with the `hostname` option, that name will be used unconditionally +# instead of this. +#use_fqdn='YES' + + +#------------------------------------------------------------------------------ +# external commands + +# The full path to the sendmail command. +# If empty, the system $PATH will be searched for it. +# If not found, email notifications will be disabled (silently). +sendmail="" + +# The full path of the curl command. +# If empty, the system $PATH will be searched for it. +# If not found, most notifications will be silently disabled. +curl="" + +# The full path of the nc command. +# If empty, the system $PATH will be searched for it. +# If not found, irc notifications will be silently disabled. +nc="" + +# The full path of the logger command. +# If empty, the system $PATH will be searched for it. +# If not found, syslog notifications will be silently disabled. +logger="" + +# The full path of the aws command. +# If empty, the system $PATH will be searched for it. +# If not found, Amazon SNS notifications will be silently disabled. +aws="" + +# The full path of the sendsms command (smstools3). +# If empty, the system $PATH will be searched for it. +# If not found, SMS notifications will be silently disabled. +sendsms="" + +#------------------------------------------------------------------------------ +# extra options for external commands +# +# In some cases, you may need to change what options get passed to an +# external command. Such cases are covered here. + +# Extra options to pass to curl. In most cases, you shouldn't need to add anything +# to this. If you're having issues with HTTPS connections, you might try adding +# '--insecure' here, but be warned that it will make it much easier for +# third-parties to block notification delivery, and may allow disclosure +# of potentially sensitive information. +#curl_options="--insecure" + +# Extra options to pass to logger. You shouldn't have to specify anything +# here in most cases. +#logger_options="" + +#------------------------------------------------------------------------------ +# extra options + +# By default don't do anything if this is CLEAR, but it was not WARNING or CRITICAL. +# You can send it always if your system makes deduplication for alarms. +#clear_alarm_always='YES' + +# +#------------------------------------------------------------------------------ +# NOTE ABOUT RECIPIENTS +# +# When you define recipients (all types): +# +# - emails addresses +# - pushover user tokens +# - telegram chat ids +# - slack channels +# - alerta environment +# - flock rooms +# - discord channels +# - hipchat rooms +# - sms phone numbers +# - pagerduty.com (pd) services +# - irc channels +# +# You can append modifiers to limit the notifications to be sent: +# |critical - Send critical notifications and following status changes until +# the alarm is cleared. +# |nowarn - Do not send warning notifications. +# |noclear - Do not send clear notifications. +# +# In these examples, the first recipient receives all the alarms +# while the second one receives only notifications for alarms that +# have at some point become critical. The second user may still receive +# warning and clear notifications, but only for the event that previously +# caused a critical alarm. +# +# email : "user1@example.com user2@example.com|critical" +# pushover : "2987343...9437837 8756278...2362736|critical" +# telegram : "111827421 112746832|critical" +# slack : "alarms disasters|critical" +# alerta : "alarms disasters|critical" +# flock : "alarms disasters|critical" +# discord : "alarms disasters|critical" +# twilio : "+15555555555 +17777777777|critical" +# messagebird: "+15555555555 +17777777777|critical" +# kavenegar : "09155555555 09177777777|critical" +# pd : " |critical" +# irc : " |critical" +# hangouts : "alarms disasters|critical" +# +# You can append multiple modifiers. In this example, recipient receives +# notifications for critical alarms and following status changes except clear +# notifications. +# email : "user1@example.com|critical|noclear" +# +# If a recipient is set to empty string, the default recipient of the given +# notification method (email, pushover, telegram, slack, alerta, etc) will be used. +# To disable a notification, use the recipient called: disabled +# This works for all notification methods (including the default recipients). + + +#------------------------------------------------------------------------------ +# email global notification options + +# multiple recipients can be given like this: +# "admin1@example.com admin2@example.com ..." + +# the email address sending email notifications +# the default is the system user netdata runs as (usually: netdata) +# The following formats are supported: +# EMAIL_SENDER="user@domain" +# EMAIL_SENDER="User Name " +# EMAIL_SENDER="'User Name' " +# EMAIL_SENDER="\"User Name\" " +EMAIL_SENDER="" + +# enable/disable sending emails +SEND_EMAIL="YES" + +# if a role recipient is not configured, an email will be send to: +DEFAULT_RECIPIENT_EMAIL="{{ .user.email }}" +# to receive only critical alarms, set it to "root|critical" + +# Optionally specify the encoding to list in the Content-Type header. +# This doesn't change what encoding the e-mail is sent with, just what +# the headers say it was encoded as. +# This shouldn't need to be changed as it will almost always be +# autodetected from the environment. +#EMAIL_CHARSET="UTF-8" + +# You can also have netdata add headers to the message that will +# cause most e-mail clients to treat all notifications for a given +# chart+alarm+host combination as a single thread. This can help +# simplify tracking of alarms, as it provides an easy way for scripts +# to correlate messages and also will cause most clients to group all the +# messages together. This is enabled by default, uncomment the line +# below if you want to disable it. +#EMAIL_THREADING="NO" + +# By default, netdata sends HTML and Plain Text emails, some clients +# do not parse HTML emails such as command line clients. +# To make emails readable in these clients, you can configure netdata +# to not send HTML but Plain Text only emails. +#EMAIL_PLAINTEXT_ONLY="YES" + +#------------------------------------------------------------------------------ +# Dynatrace global notification options +#------------------------------------------------------------------------------ +# enable/disable sending Dynatrace notifications +SEND_DYNATRACE="YES" + +# The Dynatrace server with protocol prefix (http:// or https://), example https://monitor.illumineit.com +# Required +DYNATRACE_SERVER="" + +# Generate a Dynatrace API authentication token +# Read https://www.dynatrace.com/support/help/extend-dynatrace/dynatrace-api/basics/dynatrace-api-authentication/ +# On Dynatrace server goto Settings --> Integration --> Dynatrace API --> Generate token +# Required +DYNATRACE_TOKEN="" + +# Beware: Space is taken from dynatrace URL from browser when you create the TOKEN +# Required +DYNATRACE_SPACE="" + +# Generate a Server Tag. On the Dynatrace Server go to Settings --> Tags --> Manually applied tags create the Tag +# The Netdata alarm will be sent as a Dynatrace Event to be correlated with all those hosts tagged with this Tag +# you created. +# Required +DYNATRACE_TAG_VALUE="" + +# Change this to what you want +DYNATRACE_ANNOTATION_TYPE="Netdata Alarm" + +# This can be CUSTOM_INFO, CUSTOM_ANNOTATION, CUSTOM_CONFIGURATION, CUSTOM_DEPLOYMENT +# Applying default value +# Required +DYNATRACE_EVENT="CUSTOM_INFO" + + +DEFAULT_RECIPIENT_DYNATRACE="" + +#------------------------------------------------------------------------------ +# Stackpulse global notification options +SEND_STACKPULSE="YES" + +# Webhook +STACKPULSE_WEBHOOK="" + +DEFAULT_RECIPIENT_STACKPULSE="" + +#------------------------------------------------------------------------------ +# gotify global notification options +SEND_GOTIFY="YES" + +# App token and url +GOTIFY_APP_TOKEN="" +GOTIFY_APP_URL="" + +DEFAULT_RECIPIENT_GOTIFY="" + +#------------------------------------------------------------------------------ +# opsgenie global notification options +SEND_OPSGENIE="YES" + +# Api key +OPSGENIE_API_KEY="" +OPSGENIE_API_URL="" + +DEFAULT_RECIPIENT_OPSGENIE="" + +#------------------------------------------------------------------------------ +# hangouts (google hangouts chat) global notification options + +# enable/disable sending hangouts notifications +SEND_HANGOUTS="YES" + +# On Hangouts, in the room you choose, create an incoming webhook, +# copy the link and paste it below and also give it a room name. +# Without it, netdata cannot send hangouts notifications to that room. +# You will then use the same room name in your recipients list. For each URI, you need +# HANGOUTS_WEBHOOK_URI[room_name]="WEBHOOK_URI" +# e.g. to define systems and development rooms/recipients: +# HANGOUTS_WEBHOOK_URI[systems]="URLforroom1" +# HANGOUTS_WEBHOOK_URI[development]="URLforroom2" + +# if a DEFAULT_RECIPIENT_HANGOUTS is not configured, +# notifications won't be send to hangouts rooms. For the example above, +# a valid recipients list is the following +# DEFAULT_RECIPIENT_HANGOUTS="systems development|critical" +DEFAULT_RECIPIENT_HANGOUTS="" + +#------------------------------------------------------------------------------ +# pushover (pushover.net) global notification options + +# multiple recipients can be given like this: +# "USERTOKEN1 USERTOKEN2 ..." + +# enable/disable sending pushover notifications +SEND_PUSHOVER="YES" + +# Login to pushover.net to get your pushover app token. +# You need only one for all your netdata servers (or you can have one for +# each of your netdata - your call). +# Without an app token, netdata cannot send pushover notifications. +PUSHOVER_APP_TOKEN="" + +# if a role's recipients are not configured, a notification will be send to +# this pushover user token (empty = do not send a notification for unconfigured +# roles): +DEFAULT_RECIPIENT_PUSHOVER="" + + +#------------------------------------------------------------------------------ +# pushbullet (pushbullet.com) push notification options + +# multiple recipients can be given like this: +# "user1@email.com user2@mail.com" + +# enable/disable sending pushbullet notifications +SEND_PUSHBULLET="YES" + +# Signup and Login to pushbullet.com +# To get your Access Token, go to https://www.pushbullet.com/#settings/account +# Create a new access token and paste it below. +# Then just set the recipients' emails. +# Please note that the if the email in the DEFAULT_RECIPIENT_PUSHBULLET does +# not have a pushbullet account, the pushbullet service will send an email +# to that address instead. + +# Without an access token, netdata cannot send pushbullet notifications. +PUSHBULLET_ACCESS_TOKEN="" +DEFAULT_RECIPIENT_PUSHBULLET="" + +# Device iden of the sending device. Optional. +PUSHBULLET_SOURCE_DEVICE="" + + +#------------------------------------------------------------------------------ +# Twilio (twilio.com) SMS options + +# multiple recipients can be given like this: +# "+15555555555 +17777777777" + +# enable/disable sending twilio SMS +SEND_TWILIO="YES" + +# Signup for free trial and select a SMS capable Twilio Number +# To get your Account SID and Token, go to https://www.twilio.com/console +# Place your sid, token and number below. +# Then just set the recipients' phone numbers. +# The trial account is only allowed to use the number specified when set up. + +# Without an account sid and token, netdata cannot send Twilio text messages. +TWILIO_ACCOUNT_SID="" +TWILIO_ACCOUNT_TOKEN="" +TWILIO_NUMBER="" +DEFAULT_RECIPIENT_TWILIO="" + + +#------------------------------------------------------------------------------ +# Messagebird (messagebird.com) SMS options + +# multiple recipients can be given like this: +# "+15555555555 +17777777777" + +# enable/disable sending messagebird SMS +SEND_MESSAGEBIRD="YES" + +# to get an access key, create a free account at https://www.messagebird.com +# verify and activate the account (no CC info needed) +# login to your account and enter your phonenumber to get some free credits +# to get the API key, click on 'API' in the sidebar, then 'API Access (REST)' +# click 'Add access key' and fill in data (you want a live key to send SMS) + +# Without an access key, netdata cannot send Messagebird text messages. +MESSAGEBIRD_ACCESS_KEY="" +MESSAGEBIRD_NUMBER="" +DEFAULT_RECIPIENT_MESSAGEBIRD="" + + +#------------------------------------------------------------------------------ +# Kavenegar (Kavenegar.com) SMS options + +# multiple recipients can be given like this: +# "09155555555 09177777777" + +# enable/disable sending kavenegar SMS +SEND_KAVENEGAR="YES" + +# to get an access key, after selecting and purchasing your desired service +# at http://kavenegar.com/pricing.html +# login to your account, go to your dashboard and my account are +# https://panel.kavenegar.com/Client/setting/account from API Key +# copy your api key. You can generate new API Key too. +# You can find and select kevenegar sender number from this place. + +# Without an API key, netdata cannot send KAVENEGAR text messages. +KAVENEGAR_API_KEY="" +KAVENEGAR_SENDER="" +DEFAULT_RECIPIENT_KAVENEGAR="" + + +#------------------------------------------------------------------------------ +# telegram (telegram.org) global notification options + +# multiple recipients can be given like this: +# "CHAT_ID_1 CHAT_ID_2 ..." + +# enable/disable sending telegram messages +SEND_TELEGRAM="YES" + +# Contact the bot @BotFather to create a new bot and receive a bot token. +# Without it, netdata cannot send telegram messages. +TELEGRAM_BOT_TOKEN="" + +# If an API limit error is returned on sending a message, Netdata will retry this number of times before giving up. +# Setting the number to 0 makes Netdata do no retries (which is the default). +# See https://core.telegram.org/bots/faq#my-bot-is-hitting-limits-how-do-i-avoid-this +TELEGRAM_RETRIES_ON_LIMIT="0" + +# To get your chat ID send the command /getid to telegram bot @myidbot +# (https://t.me/myidbot). Each user also needs to open a conversation with the +# bot that will be sending notifications. +# If a role's recipients are not configured, a message will be sent to +# this chat id (empty = do not send a notification for unconfigured roles): +DEFAULT_RECIPIENT_TELEGRAM="" + + +#------------------------------------------------------------------------------ +# slack (slack.com) global notification options + +# multiple recipients can be given like this: +# "RECIPIENT1 RECIPIENT2 ..." + +# enable/disable sending slack notifications +SEND_SLACK="YES" + +# Login to your slack.com workspace and create an incoming webhook, using the "Incoming Webhooks" App: https://slack.com/apps/A0F7XDUAZ-incoming-webhooks +# Do not use the instructions in https://api.slack.com/incoming-webhooks#enable_webhooks, as those webhooks work only for a single channel. +# You need only one for all your netdata servers (or you can have one for each of your netdata). +# Without the app and a webhook, netdata cannot send slack notifications. +SLACK_WEBHOOK_URL="{{ .host.slack.webhook_url }}" + +# if a role's recipients are not configured, a notification will be send to: +# - A slack channel (syntax: '#channel' or 'channel') +# - A slack user (syntax: '@user') +# - The channel or user defined in slack for the webhook (syntax: '#') +# empty = do not send a notification for unconfigured roles +DEFAULT_RECIPIENT_SLACK="{{ .host.slack.netdata_alarms_channel }}" + +#------------------------------------------------------------------------------ +# Microsoft Teams (office.com) global notification options +# More details are available here regarding the payload syntax options: +# https://docs.microsoft.com/en-us/outlook/actionable-messages/message-card-reference +# Online designer : https://adaptivecards.io/designer/ +# multiple recipients can be given like this: +# "CHANNEL1 CHANNEL2 ..." + +# enable/disable sending teams notifications +SEND_MSTEAMS="YES" + +# In Microsoft Teams the channel name is encoded in the URI after +# .../IncomingWebhook/... +# You have to replace the encoded channel name by the placeholder `CHANNEL` +# in `MSTEAMS_WEBHOOK_URL`. The placeholder `CHANNEL` will be replaced by the +# actual encoded channel name before sending the notification. +MSTEAMS_WEBHOOK_URL="" + +# if a role's recipients are not configured, a notification will be send to +# this Teams channel (empty = do not send a notification for unconfigured +# roles): +# Put the different encoded channel names here like : "CHANNEL1 CHANNEL2 ..." +# AT LEAST ONE CHANNEL IS MANDATORY +DEFAULT_RECIPIENT_MSTEAMS="" + +# Define the default color scheme for alert to MS Teams - icon and color +# Icons - go to https://emojipedia.org/bomb/ +MSTEAMS_ICON_DEFAULT="♡" +MSTEAMS_ICON_CLEAR="💚" +MSTEAMS_ICON_WARNING="⚠️" +MSTEAMS_ICON_CRITICAL="🔥" + +# Colors +MSTEAMS_COLOR_DEFAULT="0076D7" +MSTEAMS_COLOR_CLEAR="65A677" +MSTEAMS_COLOR_WARNING="FFA500" +MSTEAMS_COLOR_CRITICAL="D93F3C" + + +#------------------------------------------------------------------------------ +# rocketchat (rocket.chat) global notification options + +# multiple recipients can be given like this: +# "CHANNEL1 CHANNEL2 ..." + +# enable/disable sending rocketchat notifications +SEND_ROCKETCHAT="YES" + +# Login to rocket.chat and create an incoming webhook. You need only one for all +# your netdata servers (or you can have one for each of your netdata). +# Without it, netdata cannot send rocketchat notifications. +ROCKETCHAT_WEBHOOK_URL="" + +# if a role's recipients are not configured, a notification will be send to +# this rocketchat channel (empty = do not send a notification for unconfigured +# roles): +DEFAULT_RECIPIENT_ROCKETCHAT="" + + +#------------------------------------------------------------------------------ +# alerta (alerta.io) global notification options + +# multiple recipients (Environments) can be given like this: +# "Production Development ..." + +# enable/disable sending alerta notifications +SEND_ALERTA="YES" + +# here set your alerta server API url +# this is the API url you defined when installed Alerta server, +# it is the same for all users. Do not include last slash. +# ALERTA_WEBHOOK_URL="https:///alerta/api" +ALERTA_WEBHOOK_URL="" + +# Login with an administrative user to you Alerta server and create an API KEY +# with write permissions. +ALERTA_API_KEY="" + +# you can define environments in /etc/alertad.conf option ALLOWED_ENVIRONMENTS +# standard environments are Production and Development +# if a role's recipients are not configured, a notification will be send to +# this Environment (empty = do not send a notification for unconfigured roles): +DEFAULT_RECIPIENT_ALERTA="" + + +#------------------------------------------------------------------------------ +# flock (flock.com) global notification options + +# enable/disable sending flock notifications +SEND_FLOCK="YES" + +# Login to flock.com and create an incoming webhook. You need only one for all +# your netdata servers (or you can have one for each of your netdata). +# Without it, netdata cannot send flock notifications. +FLOCK_WEBHOOK_URL="" + +# if a role recipient is not configured, no notification will be sent +DEFAULT_RECIPIENT_FLOCK="" + + +#------------------------------------------------------------------------------ +# discord (discord.com) global notification options + +# multiple recipients can be given like this: +# "CHANNEL1 CHANNEL2 ..." + +# enable/disable sending discord notifications +SEND_DISCORD="YES" + +# Create a webhook by following the official documentation - +# https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks +DISCORD_WEBHOOK_URL="" + +# if a role's recipients are not configured, a notification will be send to +# this discord channel (empty = do not send a notification for unconfigured +# roles): +DEFAULT_RECIPIENT_DISCORD="" + + +#------------------------------------------------------------------------------ +# hipchat global notification options + +# multiple recipients can be given like this: +# "ROOM1 ROOM2 ..." + +# enable/disable sending hipchat notifications +SEND_HIPCHAT="YES" + +# define hipchat server +HIPCHAT_SERVER="api.hipchat.com" + +# api.hipchat.com authorization token +# Without this, netdata cannot send hipchat notifications. +HIPCHAT_AUTH_TOKEN="" + +# if a role's recipients are not configured, a notification will be send to +# this hipchat room (empty = do not send a notification for unconfigured +# roles): +DEFAULT_RECIPIENT_HIPCHAT="" + + +#------------------------------------------------------------------------------ +# kafka notification options + +# enable/disable sending kafka notifications +SEND_KAFKA="YES" + +# The URL to POST kafka alarm data to. It should be the full URL. +KAFKA_URL="" + +# The IP to be used in the kafka message as the sender. +KAFKA_SENDER_IP="" + + +#------------------------------------------------------------------------------ +# pagerduty.com notification options +# +# pagerduty.com notifications require a "Generic API" (Events v1) +# pagerduty service. +# https://support.pagerduty.com/docs/services-and-integrations + +# multiple recipients can be given like this: +# " ..." + +# enable/disable sending pagerduty notifications +SEND_PD="YES" + +# if a role's recipients are not configured, a notification will be sent to +# the "General API" pagerduty.com service that uses this service key. +# (empty = do not send a notification for unconfigured roles): +DEFAULT_RECIPIENT_PD="" + +# Which PD API are we going to use? For version 2 or newer, it is necessary to do a request for Pagerduty +# before to set the version(https://developer.pagerduty.com/docs/events-api-v2/overview/). +USE_PD_VERSION="1" + +#------------------------------------------------------------------------------ +# fleep notification options +# +# To send fleep.io notifications, you will need a webhook for the +# conversation you want to send to. + +# Fleep recipients are specified as the last part of the webhook URL. +# So, for a webhook URL of: https://fleep.io/hook/IJONmBuuSlWlkb_ttqyXJg, the +# recipient name would be: 'IJONmBuuSlWlkb_ttqyXJg'. + +# enable/disable sending fleep notifications +SEND_FLEEP="YES" + +# if a role's recipients are not configured, a notification will not be sent. +# (empty = do not send a notification for unconfigured roles): +DEFAULT_RECIPIENT_FLEEP="" + +# The user name to label the messages with. If this is unset, +# the hostname of the system the notification is for will be used. +FLEEP_SENDER="" + + +#------------------------------------------------------------------------------ +# irc notification options +# +# irc notifications require only the nc utility to be installed. + +# multiple recipients can be given like this: +# " ..." + +# enable/disable sending irc notifications +SEND_IRC="YES" + +# if a role's recipients are not configured, a notification will not be sent. +# (empty = do not send a notification for unconfigured roles): +DEFAULT_RECIPIENT_IRC="" + +# The irc network to which the recipients belong. It must be the full network. +# e.g. "irc.freenode.net" +IRC_NETWORK="" + +# The irc port to which a connection will occur. +# e.g. 6667 (the default one), 6697 (a TLS/SSL one) +IRC_PORT=6667 + +# The irc nickname which is required to send the notification. It must not be +# an already registered name as the connection's MODE is defined as a 'guest'. +IRC_NICKNAME="" + +# The irc realname which is required in order to make the connection and is an +# extra identifier. +IRC_REALNAME="" + + +#------------------------------------------------------------------------------ +# syslog notifications +# +# syslog notifications only need you to have a working logger command, which +# should be the case on pretty much any Linux system. + +# enable/disable sending syslog notifications +# NOTE: make sure you have everything else configured the way you want +# it _before_ turning this on. +SEND_SYSLOG="{{ if eq true .host.syslog.config }}YES{{ else }}NO{{ end }}" + +# A note on log levels and facilities: +# +# The traditional UNIX syslog mechanism has the concept of both log +# levels and facilities. A log level indicates the relative severity of +# the message, while a facility specifies a generic source for the message +# (for example, the `mail` facility is where sendmail and postfix log +# their messages). All major syslog daemons have the ability to filter +# messages based on both log level and facility, and can often also make +# routing decisions for messages based on both factors. +# +# On Linux, the eight log levels in decreasing order of severity are: +# emerg, alert, crit, err, warning, notice, info, debug +# +# By default, warnings will be logged at the warning level, critical +# alerts at the crit level, and clear notifications at the invo level. +# +# And the 19 facilities you can log to are: +# auth, authpriv, cron, daemon, ftp, lpr, mail, news, syslog, user, +# uucp, local0, local1, local2, local3, local4, local5, local6, and local7 +# +# By default, netdata alerts will be logged to the local6 facility. +# +# Depending on your distribution, this means that either all your +# netdata alerts will by default end up in the main system log (usually +# /var/log/messages), or they won't be logged to a file at all. +# Neither of these are likely to be what you actually want, but any +# configuration to change that needs to happen in the syslog daemon +# configuration, not here. + +# This controls which facility is used by default for logging. Defaults +# to local6. +SYSLOG_FACILITY='{{ if eq true .host.syslog.config }}{{ .host.syslog.netdata_facility }}{{ else }}local6{{ end }}' + +# If a role's recipients are not configured, use the following. +# (empty = do not send a notification for unconfigured roles) +# +# The recipient format for syslog uses the following format: +# [[facility.level][@host[:port]]/]prefix +# +# `prefix` gets appended to the front of all log messages generated for +# that recipient. The prefix is mandatory. +# 'host' and 'port' can be used to specify a remote syslog server to +# send messages to. Leave these out if you want messages to be delivered +# locally. 'host' can be either a hostname or an IP address. +# IPv6 addresses must have square around them. +# 'facility' and 'level' are used to override the default logging facility +# set above and the log level. If one is specified, both must be present. +# +# For example, to send messages with a 'netdata' prefix to a syslog +# daemon listening on port 514 on 'loghost' using the daemon facility and +# notice log level: +# DEFAULT_RECIPIENT_SYSLOG='daemon.notice@loghost:514/netdata' +# +DEFAULT_RECIPIENT_SYSLOG="{{ if eq true .host.syslog.config }}{{ .host.syslog.netdata_recipients }}{{ else }}netdata{{ end }}" + +#------------------------------------------------------------------------------ +# iOS Push Notifications + +# enable/disable sending iOS push notifications +SEND_PROWL="YES" + +# If a role's recipients are not configured, use the following, +# (empty = do not send a notification for unconfigured roles) +# +# Recipients for iOS push notifications are Prowl API keys. +# +# A recipient may also consist of multiple Prowl API keys separated by +# commas, in which case notifications will be simultaneously sent for all +# of those API keys. +DEFAULT_RECIPIENT_PROWL="" + +#------------------------------------------------------------------------------ +# Amazon SNS notifications +# +# This method requires potentially complex manual configuration. See the +# netdata wiki for information on what is needed. + +# enable/disable sending Amazon SNS notifications +SEND_AWSSNS="YES" + +# Specify a template for the Amazon SNS notifications. This supports +# the same set of variables that are usable in the `custom_sender()` +# function in the custom notification configuration below. +# +AWSSNS_MESSAGE_FORMAT="${status} on ${host} at ${date}: ${chart} ${value_string}" + +# If a role's recipients are not configured, use the following. +# (empty = do not send a notification for unconfigured roles) +# +# Recipients for AWS SNS notifications are specified as topic ARN's. +# +DEFAULT_RECIPIENT_AWSSNS="" + +#------------------------------------------------------------------------------ +# SMS Server Tools 3 (smstools3) global notification options + +# enable/disable sending SMS Server Tools 3 SMS notifications +SEND_SMS="YES" + +# if a role's recipients are not configured, a notification will be sent to +# this SMS channel (empty = do not send a notification for unconfigured +# roles). Multiple recipients can be given like this: "PHONE1 PHONE2 ..." + +DEFAULT_RECIPIENT_SMS="" + +# Matrix notifications +# + +# enable/disable Matrix notifications +SEND_MATRIX="YES" + +# The url of the Matrix homeserver +# e.g https://matrix.org:8448 +MATRIX_HOMESERVER= + +# An access token from a valid Matrix account. Tokens usually don't expire, +# can be controlled from a Matrix client. +# See https://matrix.org/docs/guides/client-server.html +MATRIX_ACCESSTOKEN= + +# Specify the default rooms to receive the notification if no rooms are provided +# in a role's recipients. +# The format is !roomid:homeservername +DEFAULT_RECIPIENT_MATRIX="" + +#------------------------------------------------------------------------------ +# ntfy.sh global notification options + +# enable/disable sending ntfy notifications +SEND_NTFY="YES" + +# if a role's recipients are not configured, a notification will be sent to +# this ntfy server / topic combination (empty = do not send a notification for +# unconfigured roles). +# Multiple recipients can be given like this: "https://SERVER1/TOPIC1 https://SERVER2/TOPIC2 ..." +DEFAULT_RECIPIENT_NTFY="" + +#------------------------------------------------------------------------------ +# custom notifications +# + +# enable/disable sending custom notifications +SEND_CUSTOM="YES" + +# if a role's recipients are not configured, use the following. +# (empty = do not send a notification for unconfigured roles) +DEFAULT_RECIPIENT_CUSTOM="" + +# The custom_sender() is a custom function to do whatever you need to do +custom_sender() { + # variables you can use: + # ${host} the host generated this event + # ${url_host} same as ${host} but URL encoded + # ${unique_id} the unique id of this event + # ${alarm_id} the unique id of the alarm that generated this event + # ${event_id} the incremental id of the event, for this alarm id + # ${when} the timestamp this event occurred + # ${name} the name of the alarm, as given in netdata health.d entries + # ${url_name} same as ${name} but URL encoded + # ${chart} the name of the chart (type.id) + # ${url_chart} same as ${chart} but URL encoded + # ${family} the family of the chart + # ${url_family} same as ${family} but URL encoded + # ${status} the current status : REMOVED, UNINITIALIZED, UNDEFINED, CLEAR, WARNING, CRITICAL + # ${old_status} the previous status: REMOVED, UNINITIALIZED, UNDEFINED, CLEAR, WARNING, CRITICAL + # ${value} the current value of the alarm + # ${old_value} the previous value of the alarm + # ${src} the line number and file the alarm has been configured + # ${duration} the duration in seconds of the previous alarm state + # ${duration_txt} same as ${duration} for humans + # ${non_clear_duration} the total duration in seconds this is/was non-clear + # ${non_clear_duration_txt} same as ${non_clear_duration} for humans + # ${units} the units of the value + # ${info} a short description of the alarm + # ${value_string} friendly value (with units) + # ${old_value_string} friendly old value (with units) + # ${image} the URL of an image to represent the status of the alarm + # ${color} a color in #AABBCC format for the alarm + # ${goto_url} the URL the user can click to see the netdata dashboard + # ${calc_expression} the expression evaluated to provide the value for the alarm + # ${calc_param_values} the value of the variables in the evaluated expression + # ${total_warnings} the total number of alarms in WARNING state on the host + # ${total_critical} the total number of alarms in CRITICAL state on the host + + # these are more human friendly: + # ${alarm} like "name = value units" + # ${status_message} like "needs attention", "recovered", "is critical" + # ${severity} like "Escalated to CRITICAL", "Recovered from WARNING" + # ${raised_for} like "(alarm was raised for 10 minutes)" + + # example human readable SMS + local msg="${host} ${status_message}: ${alarm} ${raised_for}" + + # limit it to 160 characters and encode it for use in a URL + urlencode "${msg:0:160}" >/dev/null; msg="${REPLY}" + + # a space separated list of the recipients to send alarms to + to="${1}" + + # Sample send SMS to an imaginary SMS gateway accessible via HTTPS + #for phone in ${to}; do + # httpcode=$(docurl -X POST \ + # --data-urlencode "From=XXX" \ + # --data-urlencode "To=${phone}" \ + # --data-urlencode "Body=${msg}" \ + # -u "${accountsid}:${accounttoken}" \ + # https://domain.website.com/) + # + # if [ "${httpcode}" = "200" ]; then + # info "sent custom notification ${msg} to ${phone}" + # sent=$((sent + 1)) + # else + # error "failed to send custom notification ${msg} to ${phone} with HTTP error code ${httpcode}." + # fi + #done + + info "not sending custom notification to ${to}, for ${status} of '${host}.${chart}.${name}' - custom_sender() is not configured." +} + + +############################################################################### +# RECIPIENTS PER ROLE + +# ----------------------------------------------------------------------------- +# generic system alarms +# CPU, disks, network interfaces, entropy, etc + +# role_recipients_email[sysadmin]="${DEFAULT_RECIPIENT_EMAIL}" + +# role_recipients_hangouts[sysadmin]="${DEFAULT_RECIPIENT_HANGOUTS}" + +# role_recipients_pushover[sysadmin]="${DEFAULT_RECIPIENT_PUSHOVER}" + +# role_recipients_pushbullet[sysadmin]="${DEFAULT_RECIPIENT_PUSHBULLET}" + +# role_recipients_telegram[sysadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" + +# role_recipients_slack[sysadmin]="${DEFAULT_RECIPIENT_SLACK}" + +# role_recipients_alerta[sysadmin]="${DEFAULT_RECIPIENT_ALERTA}" + +# role_recipients_flock[sysadmin]="${DEFAULT_RECIPIENT_FLOCK}" + +# role_recipients_discord[sysadmin]="${DEFAULT_RECIPIENT_DISCORD}" + +# role_recipients_hipchat[sysadmin]="${DEFAULT_RECIPIENT_HIPCHAT}" + +# role_recipients_twilio[sysadmin]="${DEFAULT_RECIPIENT_TWILIO}" + +# role_recipients_messagebird[sysadmin]="${DEFAULT_RECIPIENT_MESSAGEBIRD}" + +# role_recipients_kavenegar[sysadmin]="${DEFAULT_RECIPIENT_KAVENEGAR}" + +# role_recipients_pd[sysadmin]="${DEFAULT_RECIPIENT_PD}" + +# role_recipients_fleep[sysadmin]="${DEFAULT_RECIPIENT_FLEEP}" + +# role_recipients_irc[sysadmin]="${DEFAULT_RECIPIENT_IRC}" + +# role_recipients_syslog[sysadmin]="${DEFAULT_RECIPIENT_SYSLOG}" + +# role_recipients_prowl[sysadmin]="${DEFAULT_RECIPIENT_PROWL}" + +# role_recipients_awssns[sysadmin]="${DEFAULT_RECIPIENT_AWSSNS}" + +# role_recipients_custom[sysadmin]="${DEFAULT_RECIPIENT_CUSTOM}" + +# role_recipients_msteams[sysadmin]="${DEFAULT_RECIPIENT_MSTEAMS}" + +# role_recipients_rocketchat[sysadmin]="${DEFAULT_RECIPIENT_ROCKETCHAT}" + +# role_recipients_dynatrace[sysadmin]="${DEFAULT_RECIPIENT_DYNATRACE}" + +# role_recipients_opsgenie[sysadmin]="${DEFAULT_RECIPIENT_OPSGENIE}" + +# role_recipients_matrix[sysadmin]="${DEFAULT_RECIPIENT_MATRIX}" + +# role_recipients_stackpulse[sysadmin]="${DEFAULT_RECIPIENT_STACKPULSE}" + +# role_recipients_gotify[sysadmin]="${DEFAULT_RECIPIENT_GOTIFY}" + +# role_recipients_ntfy[sysadmin]="${DEFAULT_RECIPIENT_NTFY}" + +# ----------------------------------------------------------------------------- +# DNS related alarms + +# role_recipients_email[domainadmin]="${DEFAULT_RECIPIENT_EMAIL}" + +# role_recipients_hangouts[domainadmin]="${DEFAULT_RECIPIENT_HANGOUTS}" + +# role_recipients_pushover[domainadmin]="${DEFAULT_RECIPIENT_PUSHOVER}" + +# role_recipients_pushbullet[domainadmin]="${DEFAULT_RECIPIENT_PUSHBULLET}" + +# role_recipients_telegram[domainadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" + +# role_recipients_slack[domainadmin]="${DEFAULT_RECIPIENT_SLACK}" + +# role_recipients_alerta[domainadmin]="${DEFAULT_RECIPIENT_ALERTA}" + +# role_recipients_flock[domainadmin]="${DEFAULT_RECIPIENT_FLOCK}" + +# role_recipients_discord[domainadmin]="${DEFAULT_RECIPIENT_DISCORD}" + +# role_recipients_hipchat[domainadmin]="${DEFAULT_RECIPIENT_HIPCHAT}" + +# role_recipients_twilio[domainadmin]="${DEFAULT_RECIPIENT_TWILIO}" + +# role_recipients_messagebird[domainadmin]="${DEFAULT_RECIPIENT_MESSAGEBIRD}" + +# role_recipients_kavenegar[domainadmin]="${DEFAULT_RECIPIENT_KAVENEGAR}" + +# role_recipients_pd[domainadmin]="${DEFAULT_RECIPIENT_PD}" + +# role_recipients_fleep[domainadmin]="${DEFAULT_RECIPIENT_FLEEP}" + +# role_recipients_irc[domainadmin]="${DEFAULT_RECIPIENT_IRC}" + +# role_recipients_syslog[domainadmin]="${DEFAULT_RECIPIENT_SYSLOG}" + +# role_recipients_prowl[domainadmin]="${DEFAULT_RECIPIENT_PROWL}" + +# role_recipients_awssns[domainadmin]="${DEFAULT_RECIPIENT_AWSSNS}" + +# role_recipients_custom[domainadmin]="${DEFAULT_RECIPIENT_CUSTOM}" + +# role_recipients_msteams[domainadmin]="${DEFAULT_RECIPIENT_MSTEAMS}" + +# role_recipients_rocketchat[domainadmin]="${DEFAULT_RECIPIENT_ROCKETCHAT}" + +# role_recipients_sms[domainadmin]="${DEFAULT_RECIPIENT_SMS}" + +# role_recipients_dynatrace[domainadmin]="${DEFAULT_RECIPIENT_DYNATRACE}" + +# role_recipients_opsgenie[domainadmin]="${DEFAULT_RECIPIENT_OPSGENIE}" + +# role_recipients_matrix[domainadmin]="${DEFAULT_RECIPIENT_MATRIX}" + +# role_recipients_stackpulse[domainadmin]="${DEFAULT_RECIPIENT_STACKPULSE}" + +# role_recipients_gotify[domainadmin]="${DEFAULT_RECIPIENT_GOTIFY}" + +# role_recipients_ntfy[domainadmin]="${DEFAULT_RECIPIENT_NTFY}" + +# ----------------------------------------------------------------------------- +# database servers alarms +# mysql, redis, memcached, postgres, etc + +# role_recipients_email[dba]="${DEFAULT_RECIPIENT_EMAIL}" + +# role_recipients_hangouts[dba]="${DEFAULT_RECIPIENT_HANGOUTS}" + +# role_recipients_pushover[dba]="${DEFAULT_RECIPIENT_PUSHOVER}" + +# role_recipients_pushbullet[dba]="${DEFAULT_RECIPIENT_PUSHBULLET}" + +# role_recipients_telegram[dba]="${DEFAULT_RECIPIENT_TELEGRAM}" + +# role_recipients_slack[dba]="${DEFAULT_RECIPIENT_SLACK}" + +# role_recipients_alerta[dba]="${DEFAULT_RECIPIENT_ALERTA}" + +# role_recipients_flock[dba]="${DEFAULT_RECIPIENT_FLOCK}" + +# role_recipients_discord[dba]="${DEFAULT_RECIPIENT_DISCORD}" + +# role_recipients_hipchat[dba]="${DEFAULT_RECIPIENT_HIPCHAT}" + +# role_recipients_twilio[dba]="${DEFAULT_RECIPIENT_TWILIO}" + +# role_recipients_messagebird[dba]="${DEFAULT_RECIPIENT_MESSAGEBIRD}" + +# role_recipients_kavenegar[dba]="${DEFAULT_RECIPIENT_KAVENEGAR}" + +# role_recipients_pd[dba]="${DEFAULT_RECIPIENT_PD}" + +# role_recipients_fleep[dba]="${DEFAULT_RECIPIENT_FLEEP}" + +# role_recipients_irc[dba]="${DEFAULT_RECIPIENT_IRC}" + +# role_recipients_syslog[dba]="${DEFAULT_RECIPIENT_SYSLOG}" + +# role_recipients_prowl[dba]="${DEFAULT_RECIPIENT_PROWL}" + +# role_recipients_awssns[dba]="${DEFAULT_RECIPIENT_AWSSNS}" + +# role_recipients_custom[dba]="${DEFAULT_RECIPIENT_CUSTOM}" + +# role_recipients_msteams[dba]="${DEFAULT_RECIPIENT_MSTEAMS}" + +# role_recipients_rocketchat[dba]="${DEFAULT_RECIPIENT_ROCKETCHAT}" + +# role_recipients_sms[dba]="${DEFAULT_RECIPIENT_SMS}" + +# role_recipients_dynatrace[dba]="${DEFAULT_RECIPIENT_DYNATRACE}" + +# role_recipients_opsgenie[dba]="${DEFAULT_RECIPIENT_OPSGENIE}" + +# role_recipients_matrix[dba]="${DEFAULT_RECIPIENT_MATRIX}" + +# role_recipients_stackpulse[dba]="${DEFAULT_RECIPIENT_STACKPULSE}" + +# role_recipients_gotify[dba]="${DEFAULT_RECIPIENT_GOTIFY}" + +# role_recipients_ntfy[dba]="${DEFAULT_RECIPIENT_NTFY}" + +# ----------------------------------------------------------------------------- +# web servers alarms +# apache, nginx, lighttpd, etc + +# role_recipients_email[webmaster]="${DEFAULT_RECIPIENT_EMAIL}" + +# role_recipients_hangouts[webmaster]="${DEFAULT_RECIPIENT_HANGOUTS}" + +# role_recipients_pushover[webmaster]="${DEFAULT_RECIPIENT_PUSHOVER}" + +# role_recipients_pushbullet[webmaster]="${DEFAULT_RECIPIENT_PUSHBULLET}" + +# role_recipients_telegram[webmaster]="${DEFAULT_RECIPIENT_TELEGRAM}" + +# role_recipients_slack[webmaster]="${DEFAULT_RECIPIENT_SLACK}" + +# role_recipients_alerta[webmaster]="${DEFAULT_RECIPIENT_ALERTA}" + +# role_recipients_flock[webmaster]="${DEFAULT_RECIPIENT_FLOCK}" + +# role_recipients_discord[webmaster]="${DEFAULT_RECIPIENT_DISCORD}" + +# role_recipients_hipchat[webmaster]="${DEFAULT_RECIPIENT_HIPCHAT}" + +# role_recipients_twilio[webmaster]="${DEFAULT_RECIPIENT_TWILIO}" + +# role_recipients_messagebird[webmaster]="${DEFAULT_RECIPIENT_MESSAGEBIRD}" + +# role_recipients_kavenegar[webmaster]="${DEFAULT_RECIPIENT_KAVENEGAR}" + +# role_recipients_pd[webmaster]="${DEFAULT_RECIPIENT_PD}" + +# role_recipients_fleep[webmaster]="${DEFAULT_RECIPIENT_FLEEP}" + +# role_recipients_irc[webmaster]="${DEFAULT_RECIPIENT_IRC}" + +# role_recipients_syslog[webmaster]="${DEFAULT_RECIPIENT_SYSLOG}" + +# role_recipients_prowl[webmaster]="${DEFAULT_RECIPIENT_PROWL}" + +# role_recipients_awssns[webmaster]="${DEFAULT_RECIPIENT_AWSSNS}" + +# role_recipients_custom[webmaster]="${DEFAULT_RECIPIENT_CUSTOM}" + +# role_recipients_msteams[webmaster]="${DEFAULT_RECIPIENT_MSTEAMS}" + +# role_recipients_rocketchat[webmaster]="${DEFAULT_RECIPIENT_ROCKETCHAT}" + +# role_recipients_sms[webmaster]="${DEFAULT_RECIPIENT_SMS}" + +# role_recipients_dynatrace[webmaster]="${DEFAULT_RECIPIENT_DYNATRACE}" + +# role_recipients_opsgenie[webmaster]="${DEFAULT_RECIPIENT_OPSGENIE}" + +# role_recipients_matrix[webmaster]="${DEFAULT_RECIPIENT_MATRIX}" + +# role_recipients_stackpulse[webmaster]="${DEFAULT_RECIPIENT_STACKPULSE}" + +# role_recipients_gotify[webmaster]="${DEFAULT_RECIPIENT_GOTIFY}" + +# role_recipients_ntfy[webmaster]="${DEFAULT_RECIPIENT_NTFY}" + +# ----------------------------------------------------------------------------- +# proxy servers alarms +# squid, etc + +# role_recipients_email[proxyadmin]="${DEFAULT_RECIPIENT_EMAIL}" + +# role_recipients_hangouts[proxyadmin]="${DEFAULT_RECIPIENT_HANGOUTS}" + +# role_recipients_pushover[proxyadmin]="${DEFAULT_RECIPIENT_PUSHOVER}" + +# role_recipients_pushbullet[proxyadmin]="${DEFAULT_RECIPIENT_PUSHBULLET}" + +# role_recipients_telegram[proxyadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" + +# role_recipients_slack[proxyadmin]="${DEFAULT_RECIPIENT_SLACK}" + +# role_recipients_alerta[proxyadmin]="${DEFAULT_RECIPIENT_ALERTA}" + +# role_recipients_flock[proxyadmin]="${DEFAULT_RECIPIENT_FLOCK}" + +# role_recipients_discord[proxyadmin]="${DEFAULT_RECIPIENT_DISCORD}" + +# role_recipients_hipchat[proxyadmin]="${DEFAULT_RECIPIENT_HIPCHAT}" + +# role_recipients_twilio[proxyadmin]="${DEFAULT_RECIPIENT_TWILIO}" + +# role_recipients_messagebird[proxyadmin]="${DEFAULT_RECIPIENT_MESSAGEBIRD}" + +# role_recipients_kavenegar[proxyadmin]="${DEFAULT_RECIPIENT_KAVENEGAR}" + +# role_recipients_pd[proxyadmin]="${DEFAULT_RECIPIENT_PD}" + +# role_recipients_fleep[proxyadmin]="${DEFAULT_RECIPIENT_FLEEP}" + +# role_recipients_irc[proxyadmin]="${DEFAULT_RECIPIENT_IRC}" + +# role_recipients_syslog[proxyadmin]="${DEFAULT_RECIPIENT_SYSLOG}" + +# role_recipients_prowl[proxyadmin]="${DEFAULT_RECIPIENT_PROWL}" + +# role_recipients_awssns[proxyadmin]="${DEFAULT_RECIPIENT_AWSSNS}" + +# role_recipients_custom[proxyadmin]="${DEFAULT_RECIPIENT_CUSTOM}" + +# role_recipients_msteams[proxyadmin]="${DEFAULT_RECIPIENT_MSTEAMS}" + +# role_recipients_rocketchat[proxyadmin]="${DEFAULT_RECIPIENT_ROCKETCHAT}" + +# role_recipients_sms[proxyadmin]="${DEFAULT_RECIPIENT_SMS}" + +# role_recipients_dynatrace[proxyadmin]="${DEFAULT_RECIPIENT_DYNATRACE}" + +# role_recipients_opsgenie[proxyadmin]="${DEFAULT_RECIPIENT_OPSGENIE}" + +# role_recipients_matrix[proxyadmin]="${DEFAULT_RECIPIENT_MATRIX}" + +# role_recipients_stackpulse[proxyadmin]="${DEFAULT_RECIPIENT_STACKPULSE}" + +# role_recipients_gotify[proxyadmin]="${DEFAULT_RECIPIENT_GOTIFY}" + +# role_recipients_ntfy[proxyadmin]="${DEFAULT_RECIPIENT_NTFY}" + +# ----------------------------------------------------------------------------- +# peripheral devices +# UPS, photovoltaics, etc + +# role_recipients_email[sitemgr]="${DEFAULT_RECIPIENT_EMAIL}" + +# role_recipients_hangouts[sitemgr]="${DEFAULT_RECIPIENT_HANGOUTS}" + +# role_recipients_pushover[sitemgr]="${DEFAULT_RECIPIENT_PUSHOVER}" + +# role_recipients_pushbullet[sitemgr]="${DEFAULT_RECIPIENT_PUSHBULLET}" + +# role_recipients_telegram[sitemgr]="${DEFAULT_RECIPIENT_TELEGRAM}" + +# role_recipients_slack[sitemgr]="${DEFAULT_RECIPIENT_SLACK}" + +# role_recipients_alerta[sitemgr]="${DEFAULT_RECIPIENT_ALERTA}" + +# role_recipients_flock[sitemgr]="${DEFAULT_RECIPIENT_FLOCK}" + +# role_recipients_discord[sitemgr]="${DEFAULT_RECIPIENT_DISCORD}" + +# role_recipients_hipchat[sitemgr]="${DEFAULT_RECIPIENT_HIPCHAT}" + +# role_recipients_twilio[sitemgr]="${DEFAULT_RECIPIENT_TWILIO}" + +# role_recipients_messagebird[sitemgr]="${DEFAULT_RECIPIENT_MESSAGEBIRD}" + +# role_recipients_kavenegar[sitemgr]="${DEFAULT_RECIPIENT_KAVENEGAR}" + +# role_recipients_pd[sitemgr]="${DEFAULT_RECIPIENT_PD}" + +# role_recipients_fleep[sitemgr]="${DEFAULT_RECIPIENT_FLEEP}" + +# role_recipients_syslog[sitemgr]="${DEFAULT_RECIPIENT_SYSLOG}" + +# role_recipients_prowl[sitemgr]="${DEFAULT_RECIPIENT_PROWL}" + +# role_recipients_awssns[sitemgr]="${DEFAULT_RECIPIENT_AWSSNS}" + +# role_recipients_custom[sitemgr]="${DEFAULT_RECIPIENT_CUSTOM}" + +# role_recipients_msteams[sitemgr]="${DEFAULT_RECIPIENT_MSTEAMS}" + +# role_recipients_rocketchat[sitemgr]="${DEFAULT_RECIPIENT_ROCKETCHAT}" + +# role_recipients_sms[sitemgr]="${DEFAULT_RECIPIENT_SMS}" + +# role_recipients_dynatrace[sitemgr]="${DEFAULT_RECIPIENT_DYNATRACE}" + +# role_recipients_opsgenie[sitemgr]="${DEFAULT_RECIPIENT_OPSGENIE}" + +# role_recipients_matrix[sitemgr]="${DEFAULT_RECIPIENT_MATRIX}" + +# role_recipients_stackpulse[sitemgr]="${DEFAULT_RECIPIENT_STACKPULSE}" + +# role_recipients_gotify[sitemgr]="${DEFAULT_RECIPIENT_GOTIFY}" + +# role_recipients_ntfy[sitemgr]="${DEFAULT_RECIPIENT_NTFY}" diff --git a/software.yml b/software.yml index 874f991e..6df1eb45 100644 --- a/software.yml +++ b/software.yml @@ -1749,6 +1749,15 @@ softwarePackages: _name: Debloat Windows ansible: professormanhattan.debloat _type: cli + debsecan: + _bin: null + _desc: `debsecan` analyzes the list of installed packages on the current host and reports vulnerabilities found on the system. + _docs: null + _github: null + _home: null + _name: Debian Security Analyzer + apt: debsecan + _type: cli defaultbrowser: _bin: null _desc: This role performs the necessary logic to set the default browser on nearly any platform. @@ -2637,7 +2646,7 @@ softwarePackages: cask: xcodes nitroshare: _bin: nitroshare - _desc: Network file transfer application for Windows, OS X, & Linux + _desc: Network file transfer application for Windows, OS X, & Linux _docs: https://nitroshare.net/ _github: https://github.com/nitroshare/nitroshare-desktop _home: https://nitroshare.net/ From f4e58774823eacf9c1c7cb628b6d9bd9b6f4aeca Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Thu, 1 Jun 2023 02:49:11 +0000 Subject: [PATCH 3/8] Simplifying default configuration. --- home/.chezmoi.yaml.tmpl | 12 ------------ .../netdata/health_alarm_notify.conf.tmpl | 14 ++++++-------- 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/home/.chezmoi.yaml.tmpl b/home/.chezmoi.yaml.tmpl index 14d09307..53e39260 100644 --- a/home/.chezmoi.yaml.tmpl +++ b/home/.chezmoi.yaml.tmpl @@ -12,13 +12,8 @@ {{- $locale := (output "echo" "$LANG") }} {{- $name := (default "Brian Zalewski" (env "FULL_NAME")) -}} {{- $restricted := (default false (env "WORK_ENVIRONMENT")) -}} -{{- $slack_webhook_url := (default "" (env "SLACK_WEBHOOK_URL")) -}} -{{- $slack_netdata_alarms_channel := (default "" (env "SLACK_NETDATA_ALARMS_CHANNEL")) -}} {{- $snapcraftEmail := (default "brian@megabyte.space" (env "SNAPCRAFT_EMAIL"))}} {{- $surgeshUsername := (default "brian@megabyte.space" (env "SURGESH_USERNAME")) -}} -{{- $syslog_netdata_enable := (default false (env "SYSLOG_NETDATA_ENABLE")) -}} -{{- $syslog_netdata_facility := (default "local6" (env "SYSLOG_NETDATA_FACILITY")) -}} -{{- $syslog_netdata_recipients := (default "" (env "SYSLOG_NETDATA_RECIPIENTS")) -}} {{- $timezone := (default "America/New_York" (env "TIMEZONE")) -}} {{- $toolchains := list "CLI-Extras" "Docker" "Go" "Kubernetes" "Web-Development" -}} {{- $work := (default false (env "WORK_ENVIRONMENT")) -}} @@ -164,14 +159,7 @@ data: - 192.168.1.0/24 qubes: {{ ne (stat (joinPath "usr" "bin" "qubes-session")) false }} restricted: {{ $restricted }} - slack: - webhook_url: "{{ $slack_webhook_url }}" - netdata_alarms_channel: "{{ $slack_netdata_alarms_channel }}" softwareGroup: "{{ $softwareGroup }}" - syslog: - config: {{ $syslog_netdata_enable }} - netdata_facility: "{{ $syslog_netdata_facility }}" - netdata_recipients: "{{ $syslog_netdata_recipients }}" type: "{{ $chassisType }}" work: {{ $work }} toolchains: diff --git a/home/dot_config/netdata/health_alarm_notify.conf.tmpl b/home/dot_config/netdata/health_alarm_notify.conf.tmpl index b05c8760..828e2d18 100644 --- a/home/dot_config/netdata/health_alarm_notify.conf.tmpl +++ b/home/dot_config/netdata/health_alarm_notify.conf.tmpl @@ -211,7 +211,7 @@ sendsms="" # EMAIL_SENDER="User Name " # EMAIL_SENDER="'User Name' " # EMAIL_SENDER="\"User Name\" " -EMAIL_SENDER="" +EMAIL_SENDER="'Netdata Notifications Date: Thu, 1 Jun 2023 02:52:07 +0000 Subject: [PATCH 4/8] Updated literals of notifications for Netdata --- home/dot_config/netdata/health.d/apps.conf | 6 +++--- home/dot_config/netdata/health.d/cpu.conf | 6 +++--- home/dot_config/netdata/health.d/disks.conf | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/home/dot_config/netdata/health.d/apps.conf b/home/dot_config/netdata/health.d/apps.conf index 3aee06f4..f7295003 100644 --- a/home/dot_config/netdata/health.d/apps.conf +++ b/home/dot_config/netdata/health.d/apps.conf @@ -5,7 +5,7 @@ units: % every: 5m warn: $this > 50 crit: $this > 70 -info: CPU utilization of Applications +info: CPU utilization of applications alarm: apps_ram_usage on: apps.mem @@ -14,7 +14,7 @@ units: % every: 5m warn: $this > 65 crit: $this > 80 -info: RAM utilization of Applications +info: RAM utilization of applications alarm: apps_swap_usage on: apps.swap @@ -23,4 +23,4 @@ units: % every: 5m warn: $this > 50 crit: $this > 70 -info: Swap utilization of Applications +info: Swap utilization of applications diff --git a/home/dot_config/netdata/health.d/cpu.conf b/home/dot_config/netdata/health.d/cpu.conf index af46be20..3cccbbc2 100644 --- a/home/dot_config/netdata/health.d/cpu.conf +++ b/home/dot_config/netdata/health.d/cpu.conf @@ -5,7 +5,7 @@ units: % every: 5m warn: $this > 50 crit: $this > 70 -info: CPU utilization of users or the system +info: CPU utilization of user or the system template: ml_5min_cpu_dims on: system.cpu @@ -17,7 +17,7 @@ units: % every: 30s warn: $this > (($status >= $WARNING) ? (5) : (20)) crit: $this > (($status == $CRITICAL) ? (20) : (100)) -info: Rolling 5min anomaly rate for each system.cpu dimension +info: Rolling 5 minute anomaly rate for each CPU dimension template: ml_5min_cpu_chart on: system.cpu @@ -29,4 +29,4 @@ units: % every: 30s warn: $this > (($status >= $WARNING) ? (5) : (20)) crit: $this > (($status == $CRITICAL) ? (20) : (100)) -info: Rolling 5min anomaly rate for system.cpu chart +info: Rolling 5 minute anomaly rate for CPU chart diff --git a/home/dot_config/netdata/health.d/disks.conf b/home/dot_config/netdata/health.d/disks.conf index 12a3c805..1666c9d2 100644 --- a/home/dot_config/netdata/health.d/disks.conf +++ b/home/dot_config/netdata/health.d/disks.conf @@ -4,4 +4,4 @@ calc: $used * 100 / ($avail + $used) every: 60m warn: $this > 70 crit: $this > 85 -info: Disk usage on the system +info: System disk usage From c199bdccabb9ee4664e0bdd152788dbb7c3eaadb Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Thu, 1 Jun 2023 03:10:23 +0000 Subject: [PATCH 5/8] Fixed up script --- .../run_onchange_after_57-netdata.sh.tmpl | 123 +++++++++--------- 1 file changed, 63 insertions(+), 60 deletions(-) diff --git a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl index b74668da..34787721 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl @@ -1,63 +1,3 @@ -{{- if ne .host.distro.family "windows" -}} -#!/usr/bin/env bash -# @file Netdata -# @brief Configures Netdata alerts and notifications -# @description -# This script installs additional alerts and enables notifications if Netdata is installed. Email notifications are configured -# using the provided email address. Slack notifications are configured if `SLACK_WEBHOOK_URL` and `SLACK_NETDATA_ALARMS_CHANNEL` -# are provided. Syslog integration is configured if `SYSLOG_NETDATA_ENABLE` and `SYSLOG_NETDATA_RECIPIENTS` are provided. -# If the OS is Debian based, Netdata shows the number of CVEs in currently installed packages. - -{{ includeTemplate "universal/profile" }} -{{ includeTemplate "universal/logg" }} - -### Install additional alerts and enable notifications -if command -v netdata > /dev/null; then - # Copy the additional alert definitions - logg info 'Copying $HOME/.config/netdata/health.d/ to /etc/netdata/' - sudo cp -rf "$HOME/.config/netdata/health.d/" /etc/netdata/ - - logg info 'Copying $HOME/.config/netdata/health_alarm_notify.conf to /usr/lib/netdata/conf.d/health_alarm_notify.conf' - sudo cp -f /usr/lib/netdata/conf.d/health_alarm_notify.conf /usr/lib/netdata/conf.d/health_alarm_notify.conf.bak - sudo cp -f "$HOME/.config/netdata/health_alarm_notify.conf" /usr/lib/netdata/conf.d/health_alarm_notify.conf -else - logg warn '`netdata` is not available in the PATH or is not installed' -fi - -### Configure Netdata to gather information about CVEs in the installed packages -if command -v debsecan > /dev/null; then - - # Installing the script to generate report on CVEs in installed packages - logg info 'Installing script to generate on CVEs in installed packages' - sudo curl -sSL https://raw.githubusercontent.com/nodiscc/netdata-debsecan/master/usr_local_bin_debsecan-by-type -o /usr/local/bin/debsecan-by-type - - # Generate initial debsecan reports in /var/log/debsecan/ - logg info 'Generating initial debsecan reports in /var/log/debsecan/' - /usr/local/bin/debsecan-by-type - - # Configure dpkg to refresh the file after each run - logg info 'Configuring dpkg to refresh the file after each run' - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_apt_apt.conf.d_99debsecan -o /etc/apt/apt.conf.d/99debsecan - - # Add a cron job to refresh the file every hour - logg info 'Adding a cron job to refresh the file every hour' - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_cron.d_debsecan -o /etc/cron.d/debsecan - - # Install the module/configuration file - logg info 'Installing the module and configuration file - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.chart.py -o /usr/libexec/netdata/python.d/ - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.conf -o /etc/netdata/python.d/ - - # Restart Netdata service - logg info 'Restarting netdata service' - sudo systemctl restart netdata -else - logg warn '`debsecan` is not available in the PATH or is not installed' -fi - - -{{ end -}} - {{- if and (ne .host.distro.family "windows") (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (or (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_TOKEN")) (env "NETDATA_TOKEN")) (or (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_ROOM")) (env "NETDATA_ROOM")) -}} #!/usr/bin/env bash # @file Netdata @@ -66,6 +6,9 @@ fi # This script connects Netdata with Netdata Cloud if Netdata is installed, the `NETDATA_TOKEN` is provided, and the # `NETDATA_ROOM` is defined. This allows you to graphically browse through system metrics on all your connected devices # from a single free web application. +# +# This script installs additional alerts and enables notifications if Netdata is installed. Email notifications are configured +# using the provided primary email address. If the OS is Debian based, Netdata shows the number of CVEs in currently installed packages. {{ includeTemplate "universal/profile" }} {{ includeTemplate "universal/logg" }} @@ -93,6 +36,66 @@ if command -v netdata-claim.sh > /dev/null; then logg info 'The `/sys/kernel/mm/ksm` directory does not exist so Netdata kernel optimizations are not being applied' fi fi + + ### Install additional alerts and enable notifications + if command -v netdata > /dev/null; then + # Copy the additional alert definitions + if [ -d /usr/local/etc/netdata ]; then + NETDATA_ETC='/usr/local/etc/netdata/' + elif [ -d /etc/netdata ]; then + NETDATA_EDC='/etc/netdata' + else + logg error 'No etc location found for netdata' && exit 1 + fi + logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/ to $NETDATA_ETC" + sudo cp -rf "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/" "$NETDATA_ETC" + + # Backup current health alarm configuration and apply new one + if [ -d /usr/local/lib/netdata ]; then + NETDATA_LIB='/usr/local/lib/netdata' + elif [ -d /usr/lib/netdata ]; then + NETDATA_LIB='/usr/lib/netdata' + else + logg error 'No lib location found for netdata' && exit 1 + fi + logg info "Copying $${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health_alarm_notify.conf to $NETDATA_LIB/conf.d/health_alarm_notify.conf" + sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health_alarm_notify.conf" "$NETDATA_LIB/conf.d/health_alarm_notify.conf" + else + logg warn '`netdata` is not available in the PATH or is not installed' + fi + + ### Ensure the apt command is available before running `debsecan` logic + if command -v apt > /dev/null; then + ### Configure Netdata to gather information about CVEs in the installed packages + if command -v debsecan > /dev/null; then + # Installing the script to generate report on CVEs in installed packages + logg info 'Installing script to generate on CVEs in installed packages' + sudo curl -sSL https://raw.githubusercontent.com/nodiscc/netdata-debsecan/master/usr_local_bin_debsecan-by-type -o /usr/local/bin/debsecan-by-type + + # Generate initial debsecan reports in /var/log/debsecan/ + logg info 'Generating initial debsecan reports in /var/log/debsecan/' + /usr/local/bin/debsecan-by-type + + # Configure dpkg to refresh the file after each run + logg info 'Configuring dpkg to refresh the file after each run' + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_apt_apt.conf.d_99debsecan -o /etc/apt/apt.conf.d/99debsecan + + # Add a cron job to refresh the file every hour + logg info 'Adding a cron job to refresh the file every hour' + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_cron.d_debsecan -o /etc/cron.d/debsecan + + # Install the module/configuration file + logg info 'Installing the module and configuration file + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.chart.py -o /usr/libexec/netdata/python.d/ + sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.conf -o /etc/netdata/python.d/ + + # Restart Netdata service + logg info 'Restarting netdata service' + sudo systemctl restart netdata + else + logg warn '`debsecan` is not available in the PATH or is not installed' + fi + fi else logg warn '`netdata-claim.sh` is not available in the PATH' fi From ee9d58896064f0b49e5cd95a228c75a0cc82c81f Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Thu, 1 Jun 2023 03:48:22 +0000 Subject: [PATCH 6/8] Modified Netdata script --- home/.chezmoidata.yaml | 1 + home/.chezmoiexternal.toml.tmpl | 10 ++++++++++ .../run_onchange_after_57-netdata.sh.tmpl | 14 ++++++++------ software.yml | 2 +- 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/home/.chezmoidata.yaml b/home/.chezmoidata.yaml index dc5816a5..b2b13728 100644 --- a/home/.chezmoidata.yaml +++ b/home/.chezmoidata.yaml @@ -718,6 +718,7 @@ softwareGroups: Security: &Security - bitwarden-cli - boringtun + - debsecan - envchain - envconsul - pony diff --git a/home/.chezmoiexternal.toml.tmpl b/home/.chezmoiexternal.toml.tmpl index fa202ddd..7dd0f358 100644 --- a/home/.chezmoiexternal.toml.tmpl +++ b/home/.chezmoiexternal.toml.tmpl @@ -131,6 +131,16 @@ pull.args = ["--ff-only"] {{- end }} +{{- if (and (lookPath "apt") (lookPath "debsecan")) }} +### Netdata Debsecan +[".local/share/netdata-debsecan"] + type = "git-repo" + url = "https://gitlab.com/nodiscc/netdata-debsecan.git" + refreshPeriod = "{{ $refreshPeriod }}" + clone.args = ["--depth", "1"] + pull.args = ["--ff-only"] +{{- end }} + ### Git Template # [".config/git/template/_/husky.sh"] # type = "file" diff --git a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl index 34787721..390d4812 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_57-netdata.sh.tmpl @@ -68,26 +68,28 @@ if command -v netdata-claim.sh > /dev/null; then if command -v apt > /dev/null; then ### Configure Netdata to gather information about CVEs in the installed packages if command -v debsecan > /dev/null; then + DEBSECAN_GIT="${XDG_DATA_HOME:-$HOME/.local/share}/netdata-debsecan" + # Installing the script to generate report on CVEs in installed packages logg info 'Installing script to generate on CVEs in installed packages' - sudo curl -sSL https://raw.githubusercontent.com/nodiscc/netdata-debsecan/master/usr_local_bin_debsecan-by-type -o /usr/local/bin/debsecan-by-type + sudo cp -f "$DEBSECAN_GIT/usr_local_bin_debsecan-by-type" /usr/local/bin/debsecan-by-type # Generate initial debsecan reports in /var/log/debsecan/ logg info 'Generating initial debsecan reports in /var/log/debsecan/' - /usr/local/bin/debsecan-by-type + debsecan-by-type # Configure dpkg to refresh the file after each run logg info 'Configuring dpkg to refresh the file after each run' - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_apt_apt.conf.d_99debsecan -o /etc/apt/apt.conf.d/99debsecan + sudo cp -f "$DEBSECAN_GIT/etc_apt_apt.conf.d_99debsecan" /etc/apt/apt.conf.d/99-debsecan # Add a cron job to refresh the file every hour logg info 'Adding a cron job to refresh the file every hour' - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/etc_cron.d_debsecan -o /etc/cron.d/debsecan + sudo cp -f "$DEBSECAN_GIT/etc_cron.d_debsecan" /etc/cron.d/debsecan # Install the module/configuration file logg info 'Installing the module and configuration file - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.chart.py -o /usr/libexec/netdata/python.d/ - sudo curl -sSL https://github.com/nodiscc/netdata-debsecan/raw/master/debsecan.conf -o /etc/netdata/python.d/ + sudo "$DEBSECAN_GIT/debsecan.chart.py" /usr/libexec/netdata/python.d/debsecan.chart.py + sudo "$DEBSECAN_GIT/debsecan.conf" /etc/netdata/python.d/debsecan.conf # Restart Netdata service logg info 'Restarting netdata service' diff --git a/software.yml b/software.yml index 6df1eb45..9a0925aa 100644 --- a/software.yml +++ b/software.yml @@ -1750,7 +1750,7 @@ softwarePackages: ansible: professormanhattan.debloat _type: cli debsecan: - _bin: null + _bin: debsecan-by-type _desc: `debsecan` analyzes the list of installed packages on the current host and reports vulnerabilities found on the system. _docs: null _github: null From 591a12e4b5599f32cad3a05a49b2c563bd417daa Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Thu, 1 Jun 2023 03:53:53 +0000 Subject: [PATCH 7/8] Modified software.yml --- software.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/software.yml b/software.yml index 9a0925aa..23eac67c 100644 --- a/software.yml +++ b/software.yml @@ -1754,10 +1754,10 @@ softwarePackages: _desc: `debsecan` analyzes the list of installed packages on the current host and reports vulnerabilities found on the system. _docs: null _github: null - _home: null + _gitlab: https://gitlab.com/fweimer/debsecan + _home: https://wiki.debian.org/DebianSecurity/debsecan _name: Debian Security Analyzer apt: debsecan - _type: cli defaultbrowser: _bin: null _desc: This role performs the necessary logic to set the default browser on nearly any platform. From 233589fac7b40a4e88f53d164f0f027fde5bdb57 Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Thu, 1 Jun 2023 03:55:35 +0000 Subject: [PATCH 8/8] Modified chezmoiexternal. --- home/.chezmoiexternal.toml.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/.chezmoiexternal.toml.tmpl b/home/.chezmoiexternal.toml.tmpl index 7dd0f358..5db1eea6 100644 --- a/home/.chezmoiexternal.toml.tmpl +++ b/home/.chezmoiexternal.toml.tmpl @@ -131,7 +131,7 @@ pull.args = ["--ff-only"] {{- end }} -{{- if (and (lookPath "apt") (lookPath "debsecan")) }} +{{- if (lookPath "apt") }} ### Netdata Debsecan [".local/share/netdata-debsecan"] type = "git-repo"