Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 819389c8c3
Branches Tags
xdr-terraform-m...
/
base
/
sensu-configuration
/
checks.tf

checks.tf 10 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267 
  1. locals {
    2. 

  2.   splunk_hot = var.environment == "test" ? "10000" : "50000"
    3. 

  3.   #interconnect-0 = var.environment == "test" ? ["169.254.230.197", "169.254.142.233", "169.254.221.229", "169.254.145.141"] : ["169.254.152.217", "169.254.88.105", "169.254.253.45", "169.254.91.129"]
    4. 

  4.   #interconnect-1 = var.environment == "test" ? ["169.254.186.189", "169.254.119.73", "169.254.20.161", "169.254.128.189"] : ["169.254.247.157", "169.254.246.157", "169.254.22.21", "169.254.38.13"]
    5. 

  5.   dns_checks_all = var.environment == "test" ? {
    6. 

  6.     "dnstest.accenturefederalcyber.com": "203.0.113.1",
    7. 

  7.     "dnstest.xdrtest.accenturefederalcyber.com": "203.0.113.1",
    8. 

  8.   } : { 
    9. 

  9.     "dnstest.accenturefederalcyber.com": "203.0.113.1",
    10. 

  10.     "dnstest.xdr.accenturefederalcyber.com": "203.0.113.1",
    11. 

  11.   }
    12. 

  12.   dns_checks_private = var.environment == "test" ? {
    13. 

  13.     "dnstest.pvt.xdrtest.accenturefederalcyber.com": "10.10.10.10",
    14. 

  14.     "10.10.10.10": "dnstest.pvt.xdrtest.accenturefederalcyber.com.",
    15. 

  15.   } : {
    16. 

  16.     "dnstest.pvt.xdr.accenturefederalcyber.com": "10.10.10.10",
    17. 

  17.     "10.10.10.10": "dnstest.pvt.xdr.accenturefederalcyber.com.",
    18. 

  18.   }
    19. 

  19. 

  20.   # To ensure this list is complete:
    21. 

  21.   #   salt \* grains.get partitions | grep "^    /" | sort | uniq | grep -v snap
    22. 

  22.   disk_thresholds = {
    23. 

  23.     "/root": "20%", # This is the / partition
    24. 

  24.     "/boot": "20%",
    25. 

  25.     "/home": "20%",
    26. 

  26.     "/opt": "20%",
    27. 

  27.     "/tmp": "20%",
    28. 

  28.     "/var": "20%",
    29. 

  29.     "/var/log": "20%"
    30. 

  30.     "/var/log/audit": "20%",
    31. 

  31.     "/var/tmp": "20%",
    32. 

  32.     "/var/www/html": "20%",
    33. 

  33.     # Indexers:
    34. 

  34.     "/opt/splunk": 5500,
    35. 

  35.     "/opt/splunkdata/hot": local.splunk_hot,
    36. 

  36.     # Syslog Servers
    37. 

  37.     "/mnt/resource": "20%",
    38. 

  38.     "/opt/syslog-ng": 7000,
    39. 

  39.     # Docker Hosts
    40. 

  40.     "/opt/docker/containers": "20%",
    41. 

  41.     "/opt/docker/overlay": "20%",
    42. 

  42.     "/opt/docker/overlay2": "20%",
    43. 

  43.     # VMRay
    44. 

  44.     "/opt/vmray": "20%"
    45. 

  45.   }
    46. 

  46. }
    47. 

  47. 

  48. resource "sensu_check" "check_dns_all" {
    49. 

  49.   for_each       = local.dns_checks_all
    50. 

  50.   name           = "check_dns_${ each.key }"
    51. 

  51.   command        = "check_dns --hostname=${ each.key } --expected-address=${ each.value } --warning=${ var.sensu_checks["dns"]["warning"] }  --critical=${ var.sensu_checks["dns"]["critical"] }"
    52. 

  52.   namespace      = "default"
    53. 

  53.   subscriptions  = [ "linux", ]
    54. 

  54.   handlers       = [ "victorops", "logfile", ]
    55. 

  55.   interval       = 60
    56. 

  56.   publish        = "true"
    57. 

  57.   runtime_assets = [ "sensu-plugins-monitoring", ]
    58. 

  58. }
    59. 

  59. 

  60. resource "sensu_check" "check_dns_private" {
    61. 

  61.   for_each       = local.dns_checks_private
    62. 

  62.   name           = "check_dns_${ each.key }"
    63. 

  63.   command        = "check_dns --hostname=${ each.key } --expected-address=${ each.value } --warning=${ var.sensu_checks["dns"]["warning"] }  --critical=${ var.sensu_checks["dns"]["critical"] }"
    64. 

  64.   namespace      = "default"
    65. 

  65.   subscriptions  = [ "private_dns_client", ]
    66. 

  66.   handlers       = [ "victorops", "logfile", ]
    67. 

  67.   interval       = 60
    68. 

  68.   publish        = "true"
    69. 

  69.   runtime_assets = [ "sensu-plugins-monitoring", ]
    70. 

  70. }
    71. 

  71. 

  72. # Systems that can't enumerate their mount points get
    73. 

  73. # a single 'check all' disk space option
    74. 

  74. resource "sensu_check" "check_disks_all" {
    75. 

  75.   name           = "check_disk_all"
    76. 

  76.   # Checks all partitions except /snap/*
    77. 

  77.   command        = "check_disk -c 20% -A --ignore-eregi-path '/snap/' --ignore-eregi-path '/opt/docker/.*' --ignore-eregi-path '/(sys|proc)/'"
    78. 

  78.   namespace      = "default"
    79. 

  79.   subscriptions  = [ "check_disk_all" ]
    80. 

  80.   handlers       = [ "victorops", "logfile", ]
    81. 

  81.   interval       = 300
    82. 

  82.   publish        = "true"
    83. 

  83.   runtime_assets = [ "sensu-plugins-monitoring", ]
    84. 

  84. }
    85. 

  85. 

  86. # Systems that enumerate their mount points subscribe to
    87. 

  87. # particular checks with thresholds defined above.
    88. 

  88. resource "sensu_check" "check_disks" {
    89. 

  89.   for_each       = local.disk_thresholds
    90. 

  90.   name           = "check_disk${ replace(each.key, "/", "_") }"
    91. 

  91.   command        = "check_disk -c ${ each.value } -p ${ replace(each.key, "root", "/") }"
    92. 

  92.   namespace      = "default"
    93. 

  93.   subscriptions  = [ "check_disk${ replace(each.key, "/", "_") }" ]
    94. 

  94.   handlers       = [ "victorops", "logfile", ]
    95. 

  95.   interval       = 300
    96. 

  96.   publish        = "true"
    97. 

  97.   runtime_assets = [ "sensu-plugins-monitoring", ]
    98. 

  98. }
    99. 

  99. 

  100. #resource "sensu_check" "check_ping_interconnect-0" {
    101. 

  101. #  for_each       = toset(local.interconnect-0)
    102. 

  102. #  name           = "ping_interconnect-0-${index(local.interconnect-0, each.value) +1}"
    103. 

  103. #  command        = "check_ping -H ${each.value} -w 500,80% -c 500,80% -4"
    104. 

  104. #  namespace      = "default"
    105. 

  105. #  subscriptions  = [ "interconnect-0", ]
    106. 

  106. #  handlers       = [ "victorops", "logfile", ]
    107. 

  107. #  interval       = 60
    108. 

  108. #  publish        = "true"
    109. 

  109. #  runtime_assets = [ "sensu-plugins-monitoring", ]
    110. 

  110. #}
    111. 

  111. #
    112. 

  112. #resource "sensu_check" "check_ping_interconnect-1" {
    113. 

  113. #  for_each       = toset(local.interconnect-1)
    114. 

  114. #  name           = "ping_interconnect-1-${index(local.interconnect-1, each.value) +1}"
    115. 

  115. #  command        = "check_ping -H ${each.value} -w 500,80% -c 500,80% -4"
    116. 

  116. #  namespace      = "default"
    117. 

  117. #  subscriptions  = [ "interconnect-1", ]
    118. 

  118. #  handlers       = [ "victorops", "logfile", ]
    119. 

  119. #  interval       = 60
    120. 

  120. #  publish        = "true"
    121. 

  121. #  runtime_assets = [ "sensu-plugins-monitoring", ]
    122. 

  122. #}
    123. 

  123. 

  124. resource "sensu_check" "check_phantom_ports" {
    125. 

  125.   name           = "phantom_ports"
    126. 

  126.   command        = "check-ports.rb -h 0.0.0.0 -p 443"
    127. 

  127.   namespace      = "default"
    128. 

  128.   subscriptions  = [ "phantom_ports", ]
    129. 

  129.   handlers       = [ "victorops", "logfile", ]
    130. 

  130.   interval       = 60
    131. 

  131.   publish        = "true"
    132. 

  132.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    133. 

  133. }
    134. 

  134. 

  135. resource "sensu_check" "check_portal_http" {
    136. 

  136.   name           = "portal_http"
    137. 

  137.   command        = "check-http.rb -u https://portal.${var.dns_info["public"]["zone"]}/api/health/ --response-code 200"
    138. 

  138.   namespace      = "default"
    139. 

  139.   subscriptions  = [ "portal", ]
    140. 

  140.   handlers       = [ "victorops", "logfile", ]
    141. 

  141.   interval       = 60
    142. 

  142.   publish        = "true"
    143. 

  143.   runtime_assets = [ "sensu-plugins-http", "sensu-ruby-runtime", ]
    144. 

  144. }
    145. 

  145. 

  146. resource "sensu_check" "check_salt_master_ports" {
    147. 

  147.   name           = "salt_master_ports"
    148. 

  148.   command        = "check-ports.rb -h 0.0.0.0 -p 4505,4506"
    149. 

  149.   namespace      = "default"
    150. 

  150.   subscriptions  = [ "salt_master_ports", ]
    151. 

  151.   handlers       = [ "victorops", "logfile", ]
    152. 

  152.   interval       = 60
    153. 

  153.   publish        = "true"
    154. 

  154.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    155. 

  155. }
    156. 

  156. 

  157. resource "sensu_check" "check_splunk_cm_ports" {
    158. 

  158.   name           = "splunk_cm_ports"
    159. 

  159.   command        = "check-ports.rb -h 0.0.0.0 -p 8089"
    160. 

  160.   namespace      = "default"
    161. 

  161.   subscriptions  = [ "splunk_cm_ports", ]
    162. 

  162.   handlers       = [ "victorops", "logfile", ]
    163. 

  163.   interval       = 60
    164. 

  164.   publish        = "true"
    165. 

  165.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    166. 

  166. }
    167. 

  167. 

  168. resource "sensu_check" "check_splunk_ds_ports" {
    169. 

  169.   name           = "splunk_ds_ports"
    170. 

  170.   command        = "check-ports.rb -h 0.0.0.0 -p 8089"
    171. 

  171.   namespace      = "default"
    172. 

  172.   subscriptions  = [ "splunk_ds_ports", ]
    173. 

  173.   handlers       = [ "victorops", "logfile", ]
    174. 

  174.   interval       = 60
    175. 

  175.   publish        = "true"
    176. 

  176.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    177. 

  177. }
    178. 

  178. 

  179. resource "sensu_check" "check_splunk_hf_ports" {
    180. 

  180.   name           = "splunk_hf_ports"
    181. 

  181.   command        = "check-ports.rb -h 0.0.0.0 -p 8089,8000"
    182. 

  182.   namespace      = "default"
    183. 

  183.   subscriptions  = [ "splunk_hf_ports", ]
    184. 

  184.   handlers       = [ "victorops", "logfile", ]
    185. 

  185.   interval       = 60
    186. 

  186.   publish        = "true"
    187. 

  187.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    188. 

  188. }
    189. 

  189. 

  190. resource "sensu_check" "check_splunk_indexer_ports_moose" {
    191. 

  191.   name           = "splunk_indexer_ports_moose"
    192. 

  192.   command        = "check-ports.rb -h 0.0.0.0 -p 8089,9998,9887,8088"
    193. 

  193.   namespace      = "default"
    194. 

  194.   subscriptions  = [ "splunk_indexer_ports_moose", ]
    195. 

  195.   handlers       = [ "victorops", "logfile", ]
    196. 

  196.   interval       = 60
    197. 

  197.   publish        = "true"
    198. 

  198.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    199. 

  199. }
    200. 

  200. 

  201. resource "sensu_check" "check_splunk_indexer_ports" {
    202. 

  202.   name           = "splunk_indexer_ports"
    203. 

  203.   command        = "check-ports.rb -h 0.0.0.0 -p 8089,9998,9887"
    204. 

  204.   namespace      = "default"
    205. 

  205.   subscriptions  = [ "splunk_indexer_ports", ]
    206. 

  206.   handlers       = [ "victorops", "logfile", ]
    207. 

  207.   interval       = 60
    208. 

  208.   publish        = "true"
    209. 

  209.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    210. 

  210. }
    211. 

  211. 

  212. resource "sensu_check" "check_splunk_sh_ports" {
    213. 

  213.   name           = "splunk_sh_ports"
    214. 

  214.   command        = "check-ports.rb -h 0.0.0.0 -p 8089,8000"
    215. 

  215.   namespace      = "default"
    216. 

  216.   subscriptions  = [ "splunk_sh_ports", ]
    217. 

  217.   handlers       = [ "victorops", "logfile", ]
    218. 

  218.   interval       = 60
    219. 

  219.   publish        = "true"
    220. 

  220.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    221. 

  221. }
    222. 

  222. 

  223. resource "sensu_check" "check_splunk_uf_ports" {
    224. 

  224.   name           = "splunk_uf_ports"
    225. 

  225.   command        = "check-ports.rb -h 0.0.0.0 -p 8089"
    226. 

  226.   namespace      = "default"
    227. 

  227.   subscriptions  = [ "splunk", ]
    228. 

  228.   handlers       = [ "victorops", "logfile", ]
    229. 

  229.   interval       = 60
    230. 

  230.   publish        = "true"
    231. 

  231.   runtime_assets = [ "sensu-plugins-network-checks", "sensu-ruby-runtime", ]
    232. 

  232. }
    233. 

  233. 

  234. resource "sensu_check" "check_syslog-ng_service" {
    235. 

  235.   name           = "syslog-ng_service"
    236. 

  236.   command        = "check-process.rb -p syslog-ng"
    237. 

  237.   namespace      = "default"
    238. 

  238.   subscriptions  = [ "syslog-ng_service", ]
    239. 

  239.   handlers       = [ "victorops", "logfile", ]
    240. 

  240.   interval       = 60
    241. 

  241.   publish        = "true"
    242. 

  242.   runtime_assets = [ "sensu-plugins-process-checks", "sensu-ruby-runtime", ]
    243. 

  243. }
    244. 

  244. 

  245. resource "sensu_check" "check_salt-minion_service" {
    246. 

  246.   name           = "salt-minion_service"
    247. 

  247.   command        = "check-process.rb -p salt-minion --critical-under 1 --critical-over 5"
    248. 

  248.   namespace      = "default"
    249. 

  249.   subscriptions  = [ "salt-minion_service", ]
    250. 

  250.   handlers       = [ "victorops", "logfile", ]
    251. 

  251.   interval       = 60
    252. 

  252.   publish        = "true"
    253. 

  253.   runtime_assets = [ "sensu-plugins-process-checks", "sensu-ruby-runtime", ]
    254. 

  254. }
    255. 

  255. 

  256. # Don't detect the Splunk Universal Forwarder running as root. 
    257. 

  257. # Only look for Splunk Enterprise running as splunk user.  
    258. 

  258. resource "sensu_check" "check_splunk_service" {
    259. 

  259.   name           = "splunk_service"
    260. 

  260.   command        = "check-process.rb -p 'splunkd -p' --user splunk -C 2"
    261. 

  261.   namespace      = "default"
    262. 

  262.   subscriptions  = [ "splunk_service", ]
    263. 

  263.   handlers       = [ "victorops", "logfile", ]
    264. 

  264.   interval       = 60
    265. 

  265.   publish        = "true"
    266. 

  266.   runtime_assets = [ "sensu-plugins-process-checks", "sensu-ruby-runtime", ]
    267. 

  267. }
    268.