FYI, attached are my monit systemd units.
They are definitely "too hardened" for some users.
You can PROBABLY just take everything before the hardening part, and use that
as-is.
In particular, I deliberately prevent monit running as root
(I want systemd to restart units; I just want monit to check the availability
of remote hosts).
This required some kludges because (IIRC) monit wants to have write access to
its own config (like cupsd, or a crappy PHP webapp).
The NRPE replacement's "server" side should be here:
https://github.com/cyberitsolutions/die-nrpe-die
but I never got around to git filter-repo'ing the publishable parts out, so
I've attached a minified version of that as well.
[Unit]
Description=Pro-active monitoring utility for unix systems
After=network-online.target
Documentation=man:monit(1) https://mmonit.com/wiki/Monit/HowTo
# NOTE: "monit --interactive" means Run_Foreground and skips daemonize()
(Type=simple).
# This prevents systemd distinguishing "starting" from "started"
(Type=forking). Meh?
# This DOES NOT prevent monit doing a weird "if monit is already running,
just kill -USR1 it, and exit(0)"!
#
https://bitbucket.org/tildeslash/monit/src/release-5-32-0/src/monit.c#lines-195:205
#
https://bitbucket.org/tildeslash/monit/src/release-5-32-0/src/monit.c#lines-563:584
# Overall, I think Type=forking gives systemd slightly better information.
# Type=forking is required if you want to e.g. Before=nginx.service.
#
# NOTE: "monit reload" is basically "kill -HUP $MAINPID", but
# it doesn't require "apt install procps".
[Service]
Type=forking
ExecStartPre=monit --test
ExecStart=monit
ExecReload=monit reload
# FIXME: sometimes on "systemctl start monit" or "systemctl restart monit",
#monit simply exits immediately.
#This can happen after unattended-upgrades + needrestart restart monit
#due to a library getting a security patch!
#
#
# /join irc://irc.cyber.com.au/#cyber
# 11:11 Why is monit down
# 11:12 Something stopped it at 6:25 which is when cron.daily runs
# 11:16 2022-11-20T06:25:01.984164+11:00 heavy systemd[1]:
cron-daily.service: Succeeded.
# 11:16 2022-11-20T06:25:05.905322+11:00 heavy systemd[1]: Stopping
Apt-Cacher NG software download proxy...
# 11:16 2022-11-20T06:25:05.906880+11:00 heavy systemd[1]: Stopping
Statistics collection and monitoring daemon...
# 11:16 2022-11-20T06:25:05.910253+11:00 heavy systemd[1]: Stopping
Pro-active monitoring utility for unix systems...
# 11:16 ...why?
# 11:17 Maybe needrestart did it in response to a package upgrade
# 11:17 2022-11-20T06:25:08.540726+11:00 heavy systemd[1]: Starting
Statistics collection and monitoring daemon...
# 11:17 ...but then
# 11:17 it doesn't actually start properly
# 11:17 So I think there's two things here:
# 11:18 1) something in morning cron restarted a bunch of services
# 11:18 2) sometimes monit doesn't restart properly, and instead simply
exits
# 11:18 I had seen (2) before not after I stopped messing with it
# 11:18 Same thing again when I run it by hand just now
# 11:20 monit is doing something like exit(0) for no reason
# 11:20 but not deterministically
# 11:20 An ugly workaround might be to set 'restart=always' instead of
just on-error
# 12:06 mike: I've gotten nowhere debugging this
# 12:07 mike: I'm going to do what you suggest
#
# /join ircs://irc.libera.chat/#monit
# 11:21 So I have this problem where SOMETIMES monit when told to start
as a daemon, will instead just exit immediately
# 11:21 http://ix.io/4gHg
#
# twb@heavy:~$ sudo systemctl start monit
# [sudo] password for twb:
# twb@heavy:~$ sudo systemctl status monit
# ● monit.service - Pro-active monitoring utility for unix systems
#Loaded: loaded (/etc/systemd/system/monit.service;
enabled; vendor preset: enabled)
#Active: inactive (dead) since Thu 2022-11-24 11:18:40
AEDT; 3s ago
# Docs: man:monit(1)
#https://mmonit.com/wiki/Monit/HowTo
# Process: 2059508 ExecStartPre=chown -h monit:
/etc/monit/monitrc (code=exited, status=0/SUCCESS)
# Process: 2059509 ExecStartPre=chmod 0600 /etc/monit/monitrc
(code=exited, status=0/SUCCESS)
# Process: 2059510 ExecStart=monit (code=exited,
status=0/SUCCESS)
# Main PID: 2059512 (code=exited, status=0/SUCCESS)
# CPU: 272ms
#
# Nov 24 11:18:40 heavy systemd[1]: Starting Pro-active
monitoring utility for unix systems...
# Nov 24 11:18:40 heavy monit[2059510]: Starting Monit 5.27.2
daemon with http interface at [*]:2812
# Nov 24 11:18:40 heavy monit[2059510]: Starting Monit 5.27.2
daemon with http interface at [*]:2812
# Nov 24 11:18:40 heavy systemd[1]: Started Pro-active monitoring
utility for unix systems.
