[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MONIT - Install shell only ?
|
From: |
Andrew Holt |
|
Subject: |
Re: MONIT - Install shell only ? |
|
Date: |
Wed, 10 Aug 2011 10:06:00 +0100 |
Hi,
If you follow the advice you will have no open port on a physical network. The
best test for this is to set it up, and use nmap (or similar) to port scan the
box. I have done this with a secure embedded linux system using monit, and the
result was that nmap, effectively, reported that it could’ see a system to scan.
Andrrew
On 10 Aug 2011, at 09:52, Eric Pailleau wrote:
> Le 10/08/2011 09:23, Martin Pala a écrit :
>> The sample monit configuration file comes with example of "set httpd port
>> 2812 …" limited to localhost with default admin/password. There are no
>> services configured in the sample config file though (only sample comments)
>> so no actions are possible and no data presented, even if you'll start it
>> using the sample configuration without changes and somebody will figure out
>> that monit was started on localhost:2812 with default admin:monit
>> credentials, only local users will be able to access it and they'll see only
>> the system load and cpu+memory usage (which they can see locally even
>> without accessing monit - using "vmstat", etc.).
>
> Hello,
> even I think it is not a good idea,
> you can also run monit in crontab and not in daemon mode.
> But this is then dependent to cron (I saw crond up and running, seems to work
> but not working ...)
> I don't recommand to do this though.
>
> Generally speaking, monit is very light in whatever (except for usefulness
> :>)..),
> and other posts tell you how to be safe with the web app : using localhost
> with a good password is sufficient.
> (I mean not more unsecure than sshd running with simple password access
> permitted rather than RSA.)
>
> Personnaly I run Denyhosts for ssh bad login attempts, that work nice, I
> guess you can also parse the monit log file with
> denyhosts regex extension in order to drop any bad login to the web app.
> (I don't know the format of bad login log for monit web app ... Maybe Martin
> can help, or read the source)
>
> Regards.
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
>
=============================
Andrew Holt
Email: address@hidden
De Omnibus Dubitandum
=============================
- MONIT - Install shell only ?, Phillip Isaacs, 2011/08/09
- Re: MONIT - Install shell only ?, Igor Homyakov, 2011/08/09
- Re: MONIT - Install shell only ?, Kevin Chadwick, 2011/08/09
- Re: MONIT - Install shell only ?, Phillip Isaacs, 2011/08/09
- Re: MONIT - Install shell only ?, Darhl Thomason, 2011/08/09
- Re: MONIT - Install shell only ?, Martin Pala, 2011/08/10
- Re: MONIT - Install shell only ?, Eric Pailleau, 2011/08/10
- Re: MONIT - Install shell only ?,
Andrew Holt <=
- Re: MONIT - Install shell only ?, Emil Natan, 2011/08/10
- Re: MONIT - Install shell only ?, Eric Pailleau, 2011/08/10
- Re: MONIT - Install shell only ?, Kevin Chadwick, 2011/08/10
- Re: MONIT - Install shell only ?, Eric Pailleau, 2011/08/11