[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MONIT - Install shell only ?

From: Martin Pala
Subject: Re: MONIT - Install shell only ?
Date: Wed, 10 Aug 2011 09:23:56 +0200

The sample monit configuration file comes with example of "set httpd port 2812 …" limited to localhost with default admin/password. There are no services configured in the sample config file though (only sample comments) so no actions are possible and no data presented, even if you'll start it using the sample configuration without changes and somebody will figure out that monit was started on localhost:2812 with default admin:monit credentials, only local users will be able to access it and they'll see only the system load and cpu+memory usage (which they can see locally even without accessing monit - using "vmstat", etc.). 

On Aug 10, 2011, at 3:20 AM, Phillip Isaacs wrote:

Thanks Kevin. Maybe I'm mistaken, but after installing monit, aren't the web reports publicly accessible, and someone can guess the URL? I feel like that's a security vulnerability...

From: Kevin Chadwick <address@hidden>
To: address@hidden
Sent: Tuesday, August 9, 2011 8:00 PM
Subject: Re: MONIT - Install shell only ?

On Tue, 9 Aug 2011 09:51:06 -0700 (PDT)
Phillip Isaacs <address@hidden> wrote:

> For Monit, is it possible to install only the command line/shell version (without the website setup/reporting)?
> I would like to keep my installation as light as possible.

I believe yes and no. Unless you enable the web server part then it
won't be listening etc.. Of course the code is still in the binary and I
don't believe you can build without it in order to make it lighter.

I could be wrong with recent versions though (mmonit etc.) and It was
said that monit was undergoing a redevelopment in it's server
relationship recently.

I don't see why it matters on centos though I certainly looked to see
if it was possible too. I guess it would matter a little more to save
memory if ported to meego etc..

To unsubscribe:

To unsubscribe:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]