Re: [monit] A couple of general questions after setting up monit, daemon, binary checksum, restarting services

[Jake Conk]

On Dec 11, 2007 5:22 AM, Jan-Henrik Haukeland <address@hidden> wrote:
>
> On Dec 11, 2007, at 11:43 AM, Jake Conk wrote:
>
> > I don't know why this is if I can load the monit server page and
> > according to "/etc/init.d/monit status" its running. Just for kicks
> > `ps aux` also shows monit running so I don't know why monit can't find
> > it's daemon process running and reload its config?
>
> You have probably started monit as a different user. Remember that
> sudo switch to the root user. Monit save its configuration and lock
> file in the home directory of the user starting monit. That is,
> $HOME/.monit.pid or for the root user it is usually /var/run/monit.pid
>
> > My next question is regarding checking the checksum files of binary
> > files. Looking at the examples what's the point of checking if the
> > checksum of lets say httpd binary is still the same and if not then
> > unmonitor it? Here is an example that I'm talking about:
> >
> > check file httpd with path /usr/local/apache/bin/httpd
> >   if failed checksum then unmonitor
>
> This example is just a simple security test. For instance if someone
> hacked into your machine and switch your httpd with their own version,
> you would probably like to know if you are running a compromised
> version of httpd and not have monit automatically restart it,
> particularly if monit runs as the root user.  A more common usage of
> the checksum statement though, is to use it for notification,
> replacing unmonitor with alert or exec to issue an action if httpd was
> automatically updated by your system. For instance restart httpd and
> make it reread its configuration.
>
>
> > Lastly, I tried restarting all services with "sudo monit restart all"
> > and all I currently have configured is apache2 and a check system.
> > When I invoked the command it stopped apache and brought it back up
> > but it added " -D NOSSL" which it never does when I start it up
> > manually or with chkconfig when the server starts. Here is the output:
> >
> >
> > # sudo monit restart all
> > 'incommming.myserv.net' trying to restart
> > 'httpd2-prefork' trying to restart
> > 'apache' stop: /etc/init.d/apache2
> > Shutting down httpd2 (waiting for all children to terminate) ..done
> > 'apache' start: /etc/init.d/apache2
> > 'apache' failed to start
> > Sendmail error: 571 Remote sending only allowed with authentication!
> > Starting httpd2 (prefork) [Tue Dec 11 02:29:21 2007] [warn] module
> > deflate_module is already loaded, skipping
> > [Tue Dec 11 02:29:21 2007] [warn] module headers_module is already
> > loaded, skipping
> > address@hidden:/srv/www/htdocs>
> >
> > An SSL passphrase has not been entered within 2 seconds.
> > To increase this timeout, adjust APACHE_START_TIMEOUT in
> > /etc/sysconfig/apache2 .
> > Trying to start the server without SSL (-D NOSSL).
> > Starting httpd2 (prefork) [Tue Dec 11 02:29:24 2007] [warn] module
> > deflate_module is already loaded, skipping
> > [Tue Dec 11 02:29:24 2007] [warn] module headers_module is already
> > loaded, skipping
> > ..done
> >
> >
> > Here is the output I get from apache when I start it up myself
> > manually and when I check it with "ps aux" it doesn't have " -D NOSSL"
> > appended to the end of it.
>
> If you read the log output above you will see why this happen. Update
> the script starting apache to submit the SSL pass phrase and you
> should be fine.
>

Thanks for your reply Jan. I don't have a monit pid file in my root's
home directory,  I only have a pid in /var/run/monit/monit.pid and I
did try to reload the monit configuration as root but yet I still get
the same error.

And regarding the apache with SSL, I don't have SSL configured for
apache so I don't have anything to put in the SSL area, why can't
monit just start apache the way it normally starts with chkconfig by
the init.d script?

Thanks,
- Jake