monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [monit] A couple of general questions after setting up monit, daemon


From: Jan-Henrik Haukeland
Subject: Re: [monit] A couple of general questions after setting up monit, daemon, binary checksum, restarting services
Date: Tue, 11 Dec 2007 14:22:23 +0100


On Dec 11, 2007, at 11:43 AM, Jake Conk wrote:

I don't know why this is if I can load the monit server page and
according to "/etc/init.d/monit status" its running. Just for kicks
`ps aux` also shows monit running so I don't know why monit can't find
it's daemon process running and reload its config?

You have probably started monit as a different user. Remember that sudo switch to the root user. Monit save its configuration and lock file in the home directory of the user starting monit. That is, $HOME/.monit.pid or for the root user it is usually /var/run/monit.pid

My next question is regarding checking the checksum files of binary
files. Looking at the examples what's the point of checking if the
checksum of lets say httpd binary is still the same and if not then
unmonitor it? Here is an example that I'm talking about:

check file httpd with path /usr/local/apache/bin/httpd
  if failed checksum then unmonitor

This example is just a simple security test. For instance if someone hacked into your machine and switch your httpd with their own version, you would probably like to know if you are running a compromised version of httpd and not have monit automatically restart it, particularly if monit runs as the root user. A more common usage of the checksum statement though, is to use it for notification, replacing unmonitor with alert or exec to issue an action if httpd was automatically updated by your system. For instance restart httpd and make it reread its configuration.

Lastly, I tried restarting all services with "sudo monit restart all"
and all I currently have configured is apache2 and a check system.
When I invoked the command it stopped apache and brought it back up
but it added " -D NOSSL" which it never does when I start it up
manually or with chkconfig when the server starts. Here is the output:


# sudo monit restart all
'incommming.myserv.net' trying to restart
'httpd2-prefork' trying to restart
'apache' stop: /etc/init.d/apache2
Shutting down httpd2 (waiting for all children to terminate) ..done
'apache' start: /etc/init.d/apache2
'apache' failed to start
Sendmail error: 571 Remote sending only allowed with authentication!
Starting httpd2 (prefork) [Tue Dec 11 02:29:21 2007] [warn] module
deflate_module is already loaded, skipping
[Tue Dec 11 02:29:21 2007] [warn] module headers_module is already
loaded, skipping
address@hidden:/srv/www/htdocs>

An SSL passphrase has not been entered within 2 seconds.
To increase this timeout, adjust APACHE_START_TIMEOUT in
/etc/sysconfig/apache2 .
Trying to start the server without SSL (-D NOSSL).
Starting httpd2 (prefork) [Tue Dec 11 02:29:24 2007] [warn] module
deflate_module is already loaded, skipping
[Tue Dec 11 02:29:24 2007] [warn] module headers_module is already
loaded, skipping
..done


Here is the output I get from apache when I start it up myself
manually and when I check it with "ps aux" it doesn't have " -D NOSSL"
appended to the end of it.

If you read the log output above you will see why this happen. Update the script starting apache to submit the SSL pass phrase and you should be fine.

Best regards






reply via email to

[Prev in Thread] Current Thread [Next in Thread]