In terms of security ... I have the whole "set httpd port ..." section commented in the configuration file and monit is not listening on any network port.
ena On Wed, Aug 10, 2011 at 12:06 PM, Andrew Holt <[email protected] > wrote: > Hi, > > If you follow the advice you will have no open port on a physical network. > The best test for this is to set it up, and use nmap (or similar) to port > scan the box. I have done this with a secure embedded linux system using > monit, and the result was that nmap, effectively, reported that it could’ > see a system to scan. > > Andrrew > > > > On 10 Aug 2011, at 09:52, Eric Pailleau wrote: > > > Le 10/08/2011 09:23, Martin Pala a écrit : > >> The sample monit configuration file comes with example of "set httpd > port 2812 …" limited to localhost with default admin/password. There are no > >> services configured in the sample config file though (only sample > comments) so no actions are possible and no data presented, even if you'll > start it > >> using the sample configuration without changes and somebody will figure > out that monit was started on localhost:2812 with default admin:monit > >> credentials, only local users will be able to access it and they'll see > only the system load and cpu+memory usage (which they can see locally even > >> without accessing monit - using "vmstat", etc.). > > > > Hello, > > even I think it is not a good idea, > > you can also run monit in crontab and not in daemon mode. > > But this is then dependent to cron (I saw crond up and running, seems to > work but not working ...) > > I don't recommand to do this though. > > > > Generally speaking, monit is very light in whatever (except for > usefulness :>)..), > > and other posts tell you how to be safe with the web app : using > localhost with a good password is sufficient. > > (I mean not more unsecure than sshd running with simple password access > permitted rather than RSA.) > > > > Personnaly I run Denyhosts for ssh bad login attempts, that work nice, I > guess you can also parse the monit log file with > > denyhosts regex extension in order to drop any bad login to the web app. > > (I don't know the format of bad login log for monit web app ... Maybe > Martin can help, or read the source) > > > > Regards. > > > > -- > > To unsubscribe: > > https://lists.nongnu.org/mailman/listinfo/monit-general > > > > ============================= > Andrew Holt > > Email: [email protected] > > De Omnibus Dubitandum > ============================= > > > > > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general >
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
