Web access to sysctl hw.sensors
I'd like to be able to remotely observe my server's hardware health. I'd like to see my motherboard hardware sensors output from sysctl: $sysctl hw.sensors and I'd like to check on my RAID status with $sudo raidctl -s raid0 But... to get an web shell script (/var/www/cgi-bin/sensors.sh) containing sysctl hw.sensors to work, I had to turn off chroot (starting httpd with -u) (BTW using OBSD3.7-amd64) I saw the FAQ about chroot (www.openbsd.org/faq/faq10.html#httpdchroot) so I see the basics of what is required to move things into a chroot. So I was hoping to get opinion on: 1. Is there an easier way to remotely observe such hardware status? 2a. Is NOT chroot such a bad security hole vs. 2b. would converting sysctl to a apache chroot setup be even feasible? (I'm guessing not even possible considering it accesses the kernel) 3. To run raidctl, I have to sudo, since /dev/raid0a* permissions are crw-r- Is there a better way to view the RAID status over the web, vs. what are the security risks of changing the permission of /dev/raid0* Thanks for your thoughts. dmaus
Re: Web access to sysctl hw.sensors
On Fri, Aug 18, 2006 at 01:13:49AM +, Douglas Maus wrote: I'd like to be able to remotely observe my server's hardware health. snip I saw the FAQ about chroot (www.openbsd.org/faq/faq10.html#httpdchroot) so I see the basics of what is required to move things into a chroot. So I was hoping to get opinion on: 1. Is there an easier way to remotely observe such hardware status? 2a. Is NOT chroot such a bad security hole vs. 2b. would converting sysctl to a apache chroot setup be even feasible? (I'm guessing not even possible considering it accesses the kernel) 3. To run raidctl, I have to sudo, since /dev/raid0a* permissions are crw-r- Is there a better way to view the RAID status over the web, vs. what are the security risks of changing the permission of /dev/raid0* There are probably a lot of ways to accomplish this. The first that comes to mind is to schedule a cron job to put the information into the chroot. It wouldn't be real-time, but it could be close. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Web access to sysctl hw.sensors
On Fri, Aug 18, 2006 at 01:13:49AM +, Douglas Maus wrote: 1. Is there an easier way to remotely observe such hardware status? SNMP (for better or worse) or any number of real monitoring products do that for you; nagios and munin are both in ports. If you really want to write your own, consider logging information from hw.sensors to a file available in the chroot and running your CGI on that. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: Web access to sysctl hw.sensors
Douglas Maus wrote: I'd like to be able to remotely observe my server's hardware health. I recently wrote something that might help achieve what you want. It's a bit of a poor-man's SNMP with a slightly different target audience. It's still alpha, but the documentation is complete, making it usable ... I think: http://xsi.kolabore.ath.cx/ Only OpenBSD 3.9 and newer are supported, and it depends on textproc/libxml. Any feedback would be highly appreciated. and I'd like to check on my RAID status with $sudo raidctl -s raid0 XSI can't do that, yet ... looks easy enough to implement, though. For that to work, xsi would have to be a member of the operator group, however. I'll think about this, and how it should show up in the grammar. Moritz