Hi, If you follow the advice you will have no open port on a physical network. The best test for this is to set it up, and use nmap (or similar) to port scan the box. I have done this with a secure embedded linux system using monit, and the result was that nmap, effectively, reported that it could’ see a system to scan.
Andrrew On 10 Aug 2011, at 09:52, Eric Pailleau wrote: > Le 10/08/2011 09:23, Martin Pala a écrit : >> The sample monit configuration file comes with example of "set httpd port >> 2812 …" limited to localhost with default admin/password. There are no >> services configured in the sample config file though (only sample comments) >> so no actions are possible and no data presented, even if you'll start it >> using the sample configuration without changes and somebody will figure out >> that monit was started on localhost:2812 with default admin:monit >> credentials, only local users will be able to access it and they'll see only >> the system load and cpu+memory usage (which they can see locally even >> without accessing monit - using "vmstat", etc.). > > Hello, > even I think it is not a good idea, > you can also run monit in crontab and not in daemon mode. > But this is then dependent to cron (I saw crond up and running, seems to work > but not working ...) > I don't recommand to do this though. > > Generally speaking, monit is very light in whatever (except for usefulness > :>)..), > and other posts tell you how to be safe with the web app : using localhost > with a good password is sufficient. > (I mean not more unsecure than sshd running with simple password access > permitted rather than RSA.) > > Personnaly I run Denyhosts for ssh bad login attempts, that work nice, I > guess you can also parse the monit log file with > denyhosts regex extension in order to drop any bad login to the web app. > (I don't know the format of bad login log for monit web app ... Maybe Martin > can help, or read the source) > > Regards. > > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general > ============================= Andrew Holt Email: [email protected] De Omnibus Dubitandum ============================= -- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
