From a6abecc7eed07424b2ed14f83c2d9abf15d0fd72 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 19 Oct 2017 09:49:17 +0200
Subject: [PATCH] sysutils/monit: merge version 1.4 from master

---
 sysutils/monit/Makefile                       |  2 +-
 .../OPNsense/Monit/Api/StatusController.php   |  8 +++
 .../OPNsense/Monit/forms/general.xml          | 72 +++++++++++++++++++
 .../mvc/app/models/OPNsense/Monit/Monit.xml   | 53 +++++++++++++-
 .../mvc/app/views/OPNsense/Monit/index.volt   | 26 ++++++-
 .../scripts/OPNsense/Monit/post-install.php   | 22 ++++--
 .../service/templates/OPNsense/Monit/monitrc  | 44 +++++++++++-
 7 files changed, 217 insertions(+), 10 deletions(-)

diff --git a/sysutils/monit/Makefile b/sysutils/monit/Makefile
index a05e812cd..ef727c4a7 100644
--- a/sysutils/monit/Makefile
+++ b/sysutils/monit/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		monit
-PLUGIN_VERSION=		1.3
+PLUGIN_VERSION=		1.4
 PLUGIN_COMMENT=		Proactive system monitoring
 PLUGIN_MAINTAINER=	frank.brendel@eurolog.com
 PLUGIN_DEPENDS=		monit
diff --git a/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/Api/StatusController.php b/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/Api/StatusController.php
index e124b870d..a9bf4c1ee 100644
--- a/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/Api/StatusController.php
+++ b/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/Api/StatusController.php
@@ -31,6 +31,7 @@
 namespace OPNsense\Monit\Api;
 
 use \OPNsense\Base\ApiControllerBase;
+use \OPNsense\Monit\Monit;
 
 /**
  * Class StatusController
@@ -54,6 +55,13 @@ class StatusController extends ApiControllerBase
 
             // get monit status page
             $request  = "GET /_status?format=text HTTP/1.0\r\n";
+
+            // get credentials if configured
+            $mdlMonit = new Monit();
+            if ($mdlMonit->general->httpdUsername->__toString() != null && trim($mdlMonit->general->httpdUsername->__toString()) !== "" &&
+                $mdlMonit->general->httpdPassword->__toString() != null && trim($mdlMonit->general->httpdPassword->__toString()) !== "") {
+                   $request .= "Authorization: Basic " . base64_encode($mdlMonit->general->httpdUsername->__toString() . ":" . $mdlMonit->general->httpdPassword->__toString()) . "\r\n";
+            }
             $request .= "\r\n";
             $count = fwrite($socket, $request);
             $result['count'] = $count;
diff --git a/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/forms/general.xml b/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/forms/general.xml
index 36d6c5be6..1f5e476f4 100644
--- a/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/forms/general.xml
+++ b/sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/forms/general.xml
@@ -49,4 +49,76 @@
       <type>checkbox</type>
       <help><![CDATA[Enable encryption.]]></help>
    </field>
+   <field>
+      <id>monit.general.logfile</id>
+      <label>Log File</label>
+      <type>text</type>
+      <help><![CDATA[The log file of the Monit process. This can be the keyword <i>syslog</i> or the path to a file.]]></help>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.statefile</id>
+      <label>State File</label>
+      <type>text</type>
+      <help><![CDATA[The state file of the Monit process.]]></help>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.eventqueuePath</id>
+      <label>Eventqueue Path</label>
+      <type>text</type>
+      <help><![CDATA[The path to the eventqueue directory.]]></help>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.eventqueueSlots</id>
+      <label>Eventqueue Slots</label>
+      <type>text</type>
+      <help><![CDATA[The number of eventqueue slots.]]></help>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.httpdEnabled</id>
+      <label>Enable HTTPD</label>
+      <type>checkbox</type>
+      <help><![CDATA[Start the Monit httpd service.]]></help>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.httpdPort</id>
+      <label>Monit HTTPD Port</label>
+      <type>text</type>
+      <help><![CDATA[The listen port of the Monit httpd service.]]></help>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.httpdAllow</id>
+      <label>Monit HTTPD Access List</label>
+      <type>select_multiple</type>
+      <style>tokenize</style>
+      <allownew>true</allownew>
+      <help><![CDATA[The username:password or host/network etc. for accessing the Monit httpd service.<br>See <a rel="help" target="_blank" href="https://mmonit.com/monit/documentation/monit.html#Authentication">Monit Authentication</a>]]></help>
+      <advanced>true</advanced>
+      <hint>user:password, @group... Finish with TAB.</hint>
+   </field>
+   <field>
+      <id>monit.general.mmonitUrl</id>
+      <label>M/Monit URL</label>
+      <type>text</type>
+      <help><![CDATA[The M/Monit URL.<br><i>https://user:pass@192.168.1.10:8443/collector</i><br>If you want to control Monit services from your M/Monit instance you have to configure the Monit Port too and add corresponding firewall rules as well.]]></help>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.mmonitTimeout</id>
+      <label>M/Monit Timeout</label>
+      <type>text</type>
+      <advanced>true</advanced>
+   </field>
+   <field>
+      <id>monit.general.mmonitRegisterCredentials</id>
+      <label>M/Monit Register Credentials</label>
+      <type>checkbox</type>
+      <help><![CDATA[Automatically register in M/Monit by sending Monit credentials (see Monit Access List above).]]></help>
+      <advanced>true</advanced>
+   </field>
 </form>
diff --git a/sysutils/monit/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml b/sysutils/monit/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml
index c0f8dd7d2..18eb7b10f 100644
--- a/sysutils/monit/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml
+++ b/sysutils/monit/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml
@@ -1,6 +1,6 @@
 <model>
    <mount>//OPNsense/monit</mount>
-   <version>1.0.0</version>
+   <version>1.0.1</version>
    <description>Monit settings</description>
    <items>
       <general>
@@ -46,6 +46,57 @@
             <default>0</default>
             <Required>Y</Required>
          </ssl>
+         <logfile type="TextField">
+            <Required>N</Required>
+            <default>syslog facility log_daemon</default>
+            <mask>/^(\/[^\/ ]*)+\/?|syslog.*$/</mask>
+            <ValidationMessage>Should be a valid absolute path to the log file or the keyword "syslog".</ValidationMessage>
+         </logfile>
+         <statefile type="TextField">
+            <Required>N</Required>
+            <mask>/^(\/[^\/ ]*)+\/?$/</mask>
+            <ValidationMessage>Should be a valid absolute path to the state file.</ValidationMessage>
+         </statefile>
+         <eventqueuePath type="TextField">
+            <Required>N</Required>
+            <mask>/^(\/[^\/ ]*)+\/?$/</mask>
+            <ValidationMessage>Should be a valid absolute path to the eventqueue directory.</ValidationMessage>
+         </eventqueuePath>
+         <eventqueueSlots type="IntegerField">
+            <Required>N</Required>
+            <ValidationMessage>Eventqueue Slots must be a numeric value.</ValidationMessage>
+         </eventqueueSlots>
+         <httpdEnabled type="BooleanField">
+            <default>0</default>
+            <Required>Y</Required>
+         </httpdEnabled>
+         <httpdUsername type="TextField"/>
+         <httpdPassword type="TextField"/>
+         <httpdPort type="IntegerField">
+            <default>2812</default>
+            <Required>Y</Required>
+            <MinimumValue>1</MinimumValue>
+            <MaximumValue>65535</MaximumValue>
+            <ValidationMessage>Local Monit Port needs to be an integer value between 0 and 65535</ValidationMessage>
+         </httpdPort>
+         <httpdAllow type="CSVListField">
+            <Required>N</Required>
+            <multiple>Y</multiple>
+         </httpdAllow>
+         <mmonitUrl type="TextField">
+            <Required>N</Required>
+         </mmonitUrl>
+         <mmonitTimeout type="IntegerField">
+            <default>5</default>
+            <Required>Y</Required>
+            <MinimumValue>0</MinimumValue>
+            <MaximumValue>86400</MaximumValue>
+            <ValidationMessage>M/Monit Timeout needs to be an integer value between 0 and 86400</ValidationMessage>
+         </mmonitTimeout>
+         <mmonitRegisterCredentials type="BooleanField">
+            <default>1</default>
+            <Required>Y</Required>
+         </mmonitRegisterCredentials>
       </general>
       <alert type="ArrayField">
          <enabled type="BooleanField">
diff --git a/sysutils/monit/src/opnsense/mvc/app/views/OPNsense/Monit/index.volt b/sysutils/monit/src/opnsense/mvc/app/views/OPNsense/Monit/index.volt
index df1107c90..338c3d849 100644
--- a/sysutils/monit/src/opnsense/mvc/app/views/OPNsense/Monit/index.volt
+++ b/sysutils/monit/src/opnsense/mvc/app/views/OPNsense/Monit/index.volt
@@ -68,6 +68,30 @@ POSSIBILITY OF SUCH DAMAGE.
             updateServiceStatusUI(data['status']);
          });
       });
+
+      // show/hide httpd/mmonit options
+      function ShowHideGeneralFields(){
+         if ($('#monit\\.general\\.httpdEnabled')[0].checked) {
+            $('tr[for="monit.general.httpdPort"]').removeClass('hidden');
+            $('tr[for="monit.general.httpdAllow"]').removeClass('hidden');
+            $('tr[for="monit.general.mmonitUrl"]').removeClass('hidden');
+            $('tr[for="monit.general.mmonitTimeout"]').removeClass('hidden');
+            $('tr[for="monit.general.mmonitRegisterCredentials"]').removeClass('hidden');
+         } else {
+            $('tr[for="monit.general.httpdPort"]').addClass('hidden');
+            $('tr[for="monit.general.httpdAllow"]').addClass('hidden');
+            $('tr[for="monit.general.mmonitUrl"]').addClass('hidden');
+            $('tr[for="monit.general.mmonitTimeout"]').addClass('hidden');
+            $('tr[for="monit.general.mmonitRegisterCredentials"]').addClass('hidden');
+         }
+      };
+      $('#monit\\.general\\.httpdEnabled').unbind('click').click(function(){
+         ShowHideGeneralFields();
+      });
+      $('#show_advanced_frm_GeneralSettings').click(function(){
+         ShowHideGeneralFields();
+      });
+
       $('#btn_ApplyGeneralSettings').unbind('click').click(function(){
          $("#frm_GeneralSettings_progress").addClass("fa fa-spinner fa-pulse");
          var frm_id = 'frm_GeneralSettings';
@@ -257,7 +281,7 @@ POSSIBILITY OF SUCH DAMAGE.
 </ul>
 <div class="tab-content content-box tab-content">
    <div id="general" class="tab-pane fade in active">
-      <!-- monit geral settings -->
+      <!-- monit general settings -->
       {{ partial("layout_partials/base_form",['fields':formGeneralSettings,'id':'frm_GeneralSettings','apply_btn_id':'btn_ApplyGeneralSettings'])}}
    </div>
    <div id="alerts" class="tab-pane fade in">
diff --git a/sysutils/monit/src/opnsense/scripts/OPNsense/Monit/post-install.php b/sysutils/monit/src/opnsense/scripts/OPNsense/Monit/post-install.php
index f0d11aa2a..25d7450fa 100755
--- a/sysutils/monit/src/opnsense/scripts/OPNsense/Monit/post-install.php
+++ b/sysutils/monit/src/opnsense/scripts/OPNsense/Monit/post-install.php
@@ -37,16 +37,29 @@ use OPNsense\Monit\Monit;
 
 $mdlMonit = new OPNsense\Monit\Monit;
 
+$cfg = Config::getInstance();
+$cfgObj = $cfg->object();
+$shellObj = new OPNsense\Core\Shell;
+$generalNode = $mdlMonit->getNodeByReference('general');
+
+// generate password for local Monit plugin user
+if (empty($cfgObj->general->httpdUsername) && empty($cfgObj->general->httpdPassword)) {
+   srand();
+   $generalNode->setNodes(array(
+         "httpdUsername" => "root",
+         "httpdPassword" => substr(str_shuffle(str_repeat('0123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz', 32)), rand(0, 16), rand(17, 32))
+      )
+   );
+   $mdlMonit->serializeToConfig(false, true);
+   $cfg->save();
+}
+
 $nodes = $mdlMonit->getNodes();
 // test if Monit is already configured
 if (count($nodes['service']) != 0 || count($nodes['test']) != 0) {
     exit;
 }
 
-$cfg = Config::getInstance();
-$cfgObj = $cfg->object();
-$shellObj = new OPNsense\Core\Shell;
-
 // get number of cpus and calculate load average limits
 $nCPU = array();
 $shellObj->exec('/sbin/sysctl -n kern.smp.cpus', false, $nCPU);
@@ -130,7 +143,6 @@ $systemService['tests'] = substr($systemService['tests'], 0, -1);
 $rootFsService['tests'] = substr($rootFsService['tests'], 0, -1);
 
 // set general properties
-$generalNode = $mdlMonit->getNodeByReference('general');
 $generalNode->setNodes($generalSettings);
 
 // add an alert with (almost) default settings
diff --git a/sysutils/monit/src/opnsense/service/templates/OPNsense/Monit/monitrc b/sysutils/monit/src/opnsense/service/templates/OPNsense/Monit/monitrc
index f98a69a18..1fa8bc96e 100644
--- a/sysutils/monit/src/opnsense/service/templates/OPNsense/Monit/monitrc
+++ b/sysutils/monit/src/opnsense/service/templates/OPNsense/Monit/monitrc
@@ -2,12 +2,52 @@
 
 {% from 'OPNsense/Macros/interface.macro' import physical_interface %}
 {% if helpers.exists('OPNsense.monit.general') %}
+{%  if helpers.exists('OPNsense.monit.general.httpdEnabled') and OPNsense.monit.general.httpdEnabled|default('0') == '1' %}
+{%  set httpdCredentials = OPNsense.monit.general.httpdUsername ~ ':"' ~ OPNsense.monit.general.httpdPassword ~ '"' %}
+{%    set httpdport = "port " ~ OPNsense.monit.general.httpdPort %}
+set httpd unixsocket /var/run/monit.sock {{ httpdport }}
+    allow localhost
+    allow {{  httpdCredentials }}
+{%    if helpers.exists('OPNsense.monit.general.httpdAllow') %}
+{%      for allow in OPNsense.monit.general.httpdAllow.split(",") %}
+{%        set cred = allow.split(":") %}
+{%        if cred[1] %}
+{%          set pass = cred[1].split() %}
+{%          set allow = cred[0] ~ ':"' ~ pass[0] ~ '" ' ~ pass[1] %}
+{%        endif %}
+    allow {{ allow }}
+{%      endfor %}
+{%    endif %}
+{%    if helpers.exists('OPNsense.monit.general.mmonitUrl') and OPNsense.monit.general.mmonitUrl|default('') != '' %}
+{%      set mregister = 'register without credentials' if OPNsense.monit.general.mmonitRegisterCredentials|default('1') == '0' %}
+
+set mmonit {{ OPNsense.monit.general.mmonitUrl }} timeout {{ OPNsense.monit.general.mmonitTimeout }} seconds {{ mregister }}
+{%    endif %}
+{%  else %}
 set httpd unixsocket /var/run/monit.sock
-     allow localhost
+    allow localhost
+{%  endif %}
 
 set daemon {{ OPNsense.monit.general.interval }} with start delay {{ OPNsense.monit.general.startdelay }}
 
+{%  if helpers.exists('OPNsense.monit.general.logfile') and OPNsense.monit.general.logfile|default('') != '' %}
+set logfile {{ OPNsense.monit.general.logfile }}
+{%  else %}
 set logfile syslog facility log_daemon
+{%  endif %}
+
+{%  if helpers.exists('OPNsense.monit.general.statefile') and OPNsense.monit.general.statefile|default('') != '' %}
+set statefile {{ OPNsense.monit.general.statefile }}
+{%  endif %}
+
+{%  if helpers.exists('OPNsense.monit.general.eventqueuePath') and OPNsense.monit.general.eventqueuePath|default('') != '' %}
+{%    set slots = '' %}
+{%    if helpers.exists('OPNsense.monit.general.eventqueueSlots') %}
+{%      set slots = "slots " ~ OPNsense.monit.general.eventqueueSlots %}
+{%    endif %}
+
+set eventqueue basedir {{ OPNsense.monit.general.eventqueuePath }} {{ slots }}
+{%  endif %}
 
 {%  if helpers.exists('OPNsense.monit.general.mailserver') %}
 {%    set port = "port " ~ OPNsense.monit.general.port if OPNsense.monit.general.port|default('') != '' %}
@@ -15,7 +55,7 @@ set logfile syslog facility log_daemon
 {%    set password = '' %}
 {%    if helpers.exists('OPNsense.monit.general.username') and helpers.exists('OPNsense.monit.general.password') %}
 {%      set username = "username " ~ OPNsense.monit.general.username %}
-{%      set password = "password " ~ OPNsense.monit.general.password %}
+{%      set password = "password " ~ '"' ~ OPNsense.monit.general.password ~ '"' %}
 {%    endif %}
 {%    set ssl = 'using ssl' if OPNsense.monit.general.ssl|default('0') == '1' %}
 set mailserver {{ OPNsense.monit.general.mailserver }} {{ port }} {{ username }} {{ password }} {{ ssl }}