# -*- coding: utf-8 -*-
import pyroutinecheck.checks as checks
import pyroutinecheck.custom_checks as custom_checks

# detect DB-Utils version by calling url
pfinfourl = 'http://localhost:9081/PerFact/DB_Utils/VERSION'

# checks to perform
# add new to checks to list if needed
# read lib/checks.py and lib/custom_checks.py for cheks available
listOfChecks = [
    checks.Send_Spool_Mail,
    checks.Check_Sysinfo,
    checks.Check_Top,
    checks.Check_Monit,
    checks.Check_Firewall,
    checks.Check_Syslog,
    checks.Check_Old_Syslogs,
    checks.Check_Authlog,
    checks.Check_Monitlog,
    checks.Check_Varlog,
    # checks.Check_Measurelog,
    # checks.Check_Postgreslog,
    # checks.Check_Long_PSQL_Durations,
    checks.Check_spoolMail,
    checks.Check_Packages,
    # checks.Check_SpecialPrograms,
    # checks.Check_Zope,
    checks.Check_Open_Ports,
    checks.Check_Open_Filehandles,
    checks.Check_SystemBackupConfig,
    checks.Check_CheckBackupCount,
    checks.Check_Timesyncd,
    checks.Check_Logrotate_Rework,
    # checks.Check_Cert,
    # checks.Check_Cert_General,
    # checks.Check_HAProxy_Cert,
    checks.Check_Mailing_Functionality,
    checks.Check_Crontab_Monitchecks,
    # checks.Check_localBackup,
    # checks.Check_Cluster_Heartbeat,
    # checks.Check_Drbd,
    # checks.Check_Raid,
]

# packages routinecheck has to look for using package-manager
#list_of_packages = [
#    'rinetd', 'apache', 'apache2', 'bind', 'bind9',
#    'cups', 'dhcp-server', 'dhcp3-server', 'samba', 'squid',
#    'ldap', 'spamassassin', 'openldap', 'openldap2', 'clamav',
#    'amavis', 'postfix', 'openvpn', 'postgresql', 'swan',
#    'amavisd-new', 'openswan', 'freeswan', 'zope', 'zope2.13',
#    'monit', 'dovecot', 'dovecot2', 'dovecot20',
#    'dovecot-common', 'python', 'python-perfact',
#    'pffirewall', 'pfbackup',
#]
list_of_packages = [
    'clamav',
    'postfix',
    'monit',
    'python',
    # 'python-perfact',
    'pffirewall', 'pfbackup',
]

# file paths used to check the installation of non-dpkg packages
# first item in the list of the value is the directory from where the search starts
# second item in the list is the file/folder that will be searched for
# you can also use a tuple of lists to search for as the value
# note: if one of the paths is found the program counts as installed and the next program will be checked immediately
special_programs = {
    # Possibility 1:
    # 'zope': ['/opt/zope', 'zope2.13/bin/python'],
    # Possibility 2:
    # 'zope': (['/opt/zope', 'zope2.13/bin/python'],
    #          ['/usr/share/perfact', 'zope2.13/bin/python2.7'])
}

# Inventory-mail
# activate / deactivate sending mail when running
# mail can be sent manually by calling Routinecheck.write_mail()
# configure mail server
mail = True
mail_from = 'noreply@perfact.de'
mail_to = 'monitoring@perfact.de'
mail_server = {
    'host': 'localhost',
    'port': 25
}
# change format of inventory port in mail
# current possible values are : 'tables' and 'json'
mail_format = 'json'

# Cluster
# activate / deactivate jumping to othernode after check
# configure hostname of othernode
cluster = False
cluster_othernode = None

# apache ssl configuration path
# in order to exclude paths, add the file name (not the absolute path) as a string
# i.e.: 'perfact-balancer.conf'
apache2_certcheck_exclude_sites = [
    # 'perfact-balancer.conf',
    # 'perfact-ema-httpredir.conf',
]

# authorized keys file to check during routinecheck
authorized_keys_path = '/home/perfact/.ssh/authorized_keys'

# check following items in /etc/logrotate.d/
check_logrotate = [
    'perfact-measure', 'monit',
    'rsyslog'
]

# the limit is used for the "Check_Varlog Check" in checks.py for a
# better detection of a suspicious number of logrotation files.
varlog_filelimit = 100

# backup check configuration
backup_configpath = '/etc/perfact/backup/'
backup_path = '/vol/backup/'
# config files to check, key is used as subpath from backup_path
# If old backups are not being used, comment out all key-value pairs
backup_mapping = {
#    'postgresql': 'dump_db.conf',
#    'system': 'dump_system.conf',
#    'zope': 'dump_zope.conf',
}

# Name of config files used for borg backups
# do NOT add the .py extension here!
# If borg is not being used, comment out the values of this list
backup_borg = [
    'system',
#    'db'
]

# paths to check during Check_General_Certs
general_cert_paths = [
#    '/etc/openvpn/cacert.pem',
#    '/etc/openvpn/OpenVPN-Server_public.pem'
]

# URL that is used to update the date of the last routinecheck
routinecheck_date_url = 'http://localhost:9081/routinecheck'

# Desired amount of kernels to be present on the system
kernel_amount = 2

# Quickchecks to disable on this system
# Names have to match EXACTLY, i.e. qck_my_check
disabled_quickchecks = [
  'qck_zoperecord',
  'qck_check_pg_same_sizes',
  'qck_check_password_strength',
  'qck_clear_tmp',
  'qck_check_package_monit'
]

# Keywords to limit the output of log files.
# Only lines that include any of the keywords mentioned here will appear.
# If not keywords are configured for a logfile, the log will appear as usual.
logfile_filter_keywords = {
    'syslog': [
        # kernel and error are configured by default
        'kernel', 'error',
    ],
    'authlog': [
        # ssh and root are configured by default
        'ssh', 'root',
    ],
    'monitlog': [],
    'measurelog': [],
    # WARN: Use postgres filters WITH CAUTION as they get rid of logged queries
    'postgreslog': [],
    'longpsqllog': ['duration']
}

# Regex patterns used to exclude lines in the log files
# Meaning that if the pattern matches, the matched text is omitted in the output
# Remember to use raw strings with these!
# If you want to exclude WHOLE LINES, the pattern needs to end with a \n
logfile_exclude_regexes = {
    'syslog': [
        # ENABLE THIS FOR SPARTHERM SYSTEMS!
        # r'.+ dbcached\.py\[(\d+)\]: segfault at (\d+) ip (\w+|\d+) .+\n',
        # ENABLE THIS FOR OTTOKIND SYSTEMS!
        # r'.+Ein Fehler trat beim Verbinden zur Web Service-Applikation auf\. \(10901\).+\n',
        # Happens because IPV6 is not supported, can't change that though..
        r'.*CW: error connecting to .* EADDRNOTAVAIL.*\n',
        r'.*kvm_(get|set)_msr_common: \d+ callbacks suppressed.*\n',
        r'.*vcpu[01] unhandled (rdmsr|wrmsr): .*\n',
        r'.*do_IRQ:.*No irq handler for vector.*\n',
    ],
    'authlog': [
        # Filters standard uncritical messages that would otherwise clutter the log
        r'.*CRON\[(?:\d+)\]: pam_unix\(cron:session\): session (?:closed|opened) for user root.*\n',
        r'.*sshd\[(?:\d+)\]: Connection closed by 127.0.0.1 port (?:\d+).*\n',
        r'.*sshd\[(?:\d+)\]: Accepted publickey for perfact from (?:.+) port (?:\d+).*\n',
        r'.*sshd\[(?:\d+)\]: error: bind: Address already in use.*\n',
        r'.*sshd\[(?:\d+)\]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: (?:4299[6789]).*\n',
        r'.*sudo: pam_unix\(sudo:session\): session opened for user root by perfact(uid=0).*\n',
        r'.*sudo: pam_unix\(sudo:session\): session closed for user root.*\n',
        r'.*sshd\[(?:\d+)\]: Received disconnect from (?:.+) port (?:\d+):(?:\d*):? disconnected by user.*\n',
        r'.*sshd\[(?:\d+)\]: Disconnected from user perfact (?:.+) port (?:\d+).*\n'
    ],
    'monitlog': [
        # ENABLE THESE FOR FRANKENSTOLZ SYSTEMS!
        # Zope instances get unmonitored, restarted, and then monitored again every hour
        # at minute 47
        # r"\[(\w+\s+){2}\d+\s+\d{2}:4[789]:\d{2}\]\s+info\s+:\s+'zope.+' (un)?monitor .+",
        # r'\[(\w+\s+){2}\d+\s+\d{2}:4[789]:\d{2}\]\s+info\s+:\s+Awakened by User defined signal \d+',
        # r'\[(\w+\s+){2}\d+\s+\d{2}:4[789]:\d{2}\]\s+info\s+:\s+monit daemon with PID \d+ awakened',

        # ENABLE THIS FOR froneri-mes-dev-01!
        # Cups gets restarted at minute 32 every hour, so we ignore warnings while the service
        # is temporarily unavailable during that minute
        # r"\[(\w+\s+){2}\d+\s+\d{2}:32:\d{2}\] warning\s+:\s+'cups' failed protocol test.+\n",
    ],
    'measurelog': [],
    # WARN: Use postgres filters WITH CAUTION as they get rid of logged queries
    'postgreslog': [
        r'^.*incomplete startup packet$'
    ],
    'longpsqllog': [
        r'.*vacuum full analyze public\.apperrorlog\n'
    ]
}

# Devices listed here will not be checked in the SystemBackupConfig check
exclude_backup_devs = [
    # /dev/mapper/system-backup is configured by default
    '/dev/mapper/backup-backup',
]

# How many seconds the mailing check should wait before aborting due to connection issues
mailcheck_timeout = 5

# Exclude certain services from being checked by the failed system services quickcheck
exclude_qck_services = []

# Packages to be checked by qck_check_package_monit
# Will check if package is installed and, if so, if a correlating monit file
# is present in /etc/monit/conf-enabled/
qck_monitored_packages = [
    'perfact-assignd',
    'perfact-measure'
]

# The versions of these packages are checked
# for the inventory (mail)
inv_ver_packages = [
    "perfact-measure",
#    "perfact-assignd",
#    "perfact-dbbookd",
#    "perfact-dbutils-zope2",
#    "perfact-dbutils-zope4",
#    "perfact-hatools",
    "pfpyroutinecheck",
    "perfact-phonehome",
#    "perfact-cachetriggerd",
    "perfact-keyring",
#    "perfact-webviewer-servertools",
    "python3-perfact",
]

# Amount of days of a certificate left before it expires
# If the days are equal to or below this value it will be regarded as an ERROR
cert_days_left = 90