Extmon¶
Purpose¶
Extmon is used as an external Icinga2 agent that monitors the availability of CAcert service from the Internet. The system is sponsored by Jan Dittberner and is running on a Hetzner cloud instance in Germany.
Application Links¶
Administration¶
System Administration¶
Primary: Jan Dittberner
Secondary: None
Application Administration¶
Application |
Administrator(s) |
---|---|
Icinga 2 agent |
Contact¶
Additional People¶
No other people have sudo access on that machine.
Basics¶
Physical Location¶
This system is a virtual KVM machine hosted on a Hetzner cloud server in Nürnberg, Germany.
Physical Configuration¶
1 VCPU
2 GB RAM
20 GB local disc
Logical Location¶
- IP Internet:
- IPv6:
- MAC address:
96:00:00:2c:89:82
(eth0)
See also
See Network
Monitoring¶
- internal checks:
DNS¶
The system has no DNS entries.
Operating System¶
Debian GNU/Linux 10.9
Services¶
Listening services¶
Port |
Service |
Origin |
Purpose |
---|---|---|---|
22/tcp |
ssh |
ANY |
admin console access |
25/tcp |
smtp |
local |
mail delivery to local MTA |
68/udp |
dhcp |
hetzner |
dynamic network configuration |
5665/tcp |
icinga2 |
monitor |
remote monitoring service |
Running services¶
Service |
Usage |
Start mechanism |
---|---|---|
cron |
job scheduler |
systemd unit |
dbus-daemon |
System message bus daemon |
systemd unit |
Exim |
SMTP server for local mail submission |
systemd unit |
icinga2 |
Icinga2 monitoring agent |
systemd unit |
openssh server |
ssh daemon for remote administration |
systemd unit |
Puppet agent |
configuration management agent |
systemd unit |
rsyslog |
syslog daemon |
systemd unit |
Databases¶
None
Connected Systems¶
Outbound network connections¶
DNS (53) Hetzner cloud nameservers
Puppet (tcp/8140) as Puppet master
checked CAcert systems on publicly opened ports
Security¶
SSH host keys¶
Algorithm |
Fingerprints |
---|---|
RSA |
|
DSA |
|
ECDSA |
|
ED25519 |
|
See also
Dedicated user roles¶
None
Non-distribution packages and modifications¶
The Puppet agent package and a few dependencies are installed from the official Puppet APT repository because the versions in Debian are too old to use modern Puppet features.
Risk assessments on critical packages¶
The system provides no public services besides an Icinga2 agent that executes commands sent from Monitor.
Critical Configuration items¶
The system configuration is managed via Puppet profiles. There should be no configuration items outside of the CAcert Git repository cacert-puppet.
Keys and X.509 certificates¶
None
Tasks¶
Add a service to be checked by extmon¶
Service monitoring is configured in the CAcert Git repository cacert-icinga2-conf_d.
All checks for services on hosts with the following block will be executed by extmon:
vars.external = true
Changes¶
Planned¶
None
System Future¶
No plans
Additional documentation¶
None