NTP — alert when system clock drifts
The clock drifts (timesync hung, the NTP provider went down) — TOTP starts failing, JWTs with iat in the future get rejected, logs go out of order.
Recipe
#!/usr/bin/env bash
# /etc/cron.d/ntp-drift
# */5 * * * * root /opt/ntp-drift.sh
THRESH_MS=${THRESH_MS:-500} # alert above 500ms
# chrony exposes drift in seconds via 'tracking' command (CSV mode)
OFFSET=$(chronyc -c tracking | awk -F, '{print $5}')
ABS_MS=$(awk -v v="$OFFSET" 'BEGIN{print int((v < 0 ? -v : v)*1000)}')
if [ "$ABS_MS" -gt "$THRESH_MS" ]; then
echo "ntp-drift: ${ABS_MS}ms (threshold ${THRESH_MS}ms)"
curl -fsS "$HEARTBEAT_URL?status=fail&drift_ms=$ABS_MS"
exit 2
fi
echo "OK (${ABS_MS}ms drift)"Same thing in Enterno.io
Set up an Enterno heartbeat on a 5-minute schedule — drift history + alerts without standing up a separate NTP-monitoring stack (Prometheus + node-exporter + alertmanager).
Related recipes
docker info hangs >30 s — the daemon is in a split-brain state. Containers keep running (kernel holds the namespaces), but you cannot deploy a new release. systemctl status shows active.
Ensure your site returns 2xx every minute, alert to Slack/Telegram on failure.
Minimal script that checks an SSL certificate and alerts 14 days before expiry.