monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MONIT - Install shell only ?


From: Eric Pailleau
Subject: Re: MONIT - Install shell only ?
Date: Wed, 10 Aug 2011 10:52:54 +0200
User-agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20110620 Thunderbird/5.0b2

Le 10/08/2011 09:23, Martin Pala a écrit :
The sample monit configuration file comes with example of "set httpd port 2812 
…" limited to localhost with default admin/password. There are no
services configured in the sample config file though (only sample comments) so 
no actions are possible and no data presented, even if you'll start it
using the sample configuration without changes and somebody will figure out 
that monit was started on localhost:2812 with default admin:monit
credentials, only local users will be able to access it and they'll see only 
the system load and cpu+memory usage (which they can see locally even
without accessing monit - using "vmstat", etc.).

Hello,
even I think it is not a good idea,
you can also run monit in crontab and not in daemon mode.
But this is then dependent to cron (I saw crond up and running, seems to work 
but not working ...)
I don't recommand to do this though.

Generally speaking, monit is very light in whatever (except for usefulness 
:>)..),
and other posts tell you how to be safe with the web app : using localhost with 
a good password is sufficient.
(I mean not more unsecure than sshd running with simple password access 
permitted rather than RSA.)

Personnaly I run Denyhosts for ssh bad login attempts, that work nice, I guess 
you can also parse the monit log file with
denyhosts regex extension in order to drop any bad login to the web app.
(I don't know the format of bad login log for monit web app ... Maybe Martin 
can help, or read the source)

Regards.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]