|
From: | Jan-Henrik Haukeland |
Subject: | Re: [monit] A couple of general questions after setting up monit, daemon, binary checksum, restarting services |
Date: | Tue, 11 Dec 2007 14:22:23 +0100 |
On Dec 11, 2007, at 11:43 AM, Jake Conk wrote:
I don't know why this is if I can load the monit server page and according to "/etc/init.d/monit status" its running. Just for kicks `ps aux` also shows monit running so I don't know why monit can't find it's daemon process running and reload its config?
You have probably started monit as a different user. Remember that sudo switch to the root user. Monit save its configuration and lock file in the home directory of the user starting monit. That is, $HOME/.monit.pid or for the root user it is usually /var/run/monit.pid
My next question is regarding checking the checksum files of binary files. Looking at the examples what's the point of checking if the checksum of lets say httpd binary is still the same and if not then unmonitor it? Here is an example that I'm talking about: check file httpd with path /usr/local/apache/bin/httpd if failed checksum then unmonitor
This example is just a simple security test. For instance if someone hacked into your machine and switch your httpd with their own version, you would probably like to know if you are running a compromised version of httpd and not have monit automatically restart it, particularly if monit runs as the root user. A more common usage of the checksum statement though, is to use it for notification, replacing unmonitor with alert or exec to issue an action if httpd was automatically updated by your system. For instance restart httpd and make it reread its configuration.
Lastly, I tried restarting all services with "sudo monit restart all" and all I currently have configured is apache2 and a check system. When I invoked the command it stopped apache and brought it back up but it added " -D NOSSL" which it never does when I start it up manually or with chkconfig when the server starts. Here is the output: # sudo monit restart all 'incommming.myserv.net' trying to restart 'httpd2-prefork' trying to restart 'apache' stop: /etc/init.d/apache2 Shutting down httpd2 (waiting for all children to terminate) ..done 'apache' start: /etc/init.d/apache2 'apache' failed to start Sendmail error: 571 Remote sending only allowed with authentication! Starting httpd2 (prefork) [Tue Dec 11 02:29:21 2007] [warn] module deflate_module is already loaded, skipping [Tue Dec 11 02:29:21 2007] [warn] module headers_module is already loaded, skipping address@hidden:/srv/www/htdocs> An SSL passphrase has not been entered within 2 seconds. To increase this timeout, adjust APACHE_START_TIMEOUT in /etc/sysconfig/apache2 . Trying to start the server without SSL (-D NOSSL). Starting httpd2 (prefork) [Tue Dec 11 02:29:24 2007] [warn] module deflate_module is already loaded, skipping [Tue Dec 11 02:29:24 2007] [warn] module headers_module is already loaded, skipping ..done Here is the output I get from apache when I start it up myself manually and when I check it with "ps aux" it doesn't have " -D NOSSL" appended to the end of it.
If you read the log output above you will see why this happen. Update the script starting apache to submit the SSL pass phrase and you should be fine.
Best regards
[Prev in Thread] | Current Thread | [Next in Thread] |