[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MONIT - Install shell only ?

From: Andrew Holt
Subject: Re: MONIT - Install shell only ?
Date: Wed, 10 Aug 2011 10:06:00 +0100


If you follow the advice you will have no open port on a physical network.  The 
best test for this is to set it up, and use nmap (or similar) to port scan the 
box.  I have done this with a secure embedded linux system using monit, and the 
result was that nmap, effectively, reported that it could’ see a system to scan.


On 10 Aug 2011, at 09:52, Eric Pailleau wrote:

> Le 10/08/2011 09:23, Martin Pala a écrit :
>> The sample monit configuration file comes with example of "set httpd port 
>> 2812 …" limited to localhost with default admin/password. There are no
>> services configured in the sample config file though (only sample comments) 
>> so no actions are possible and no data presented, even if you'll start it
>> using the sample configuration without changes and somebody will figure out 
>> that monit was started on localhost:2812 with default admin:monit
>> credentials, only local users will be able to access it and they'll see only 
>> the system load and cpu+memory usage (which they can see locally even
>> without accessing monit - using "vmstat", etc.).
> Hello,
> even I think it is not a good idea,
> you can also run monit in crontab and not in daemon mode.
> But this is then dependent to cron (I saw crond up and running, seems to work 
> but not working ...)
> I don't recommand to do this though.
> Generally speaking, monit is very light in whatever (except for usefulness 
> :>)..),
> and other posts tell you how to be safe with the web app : using localhost 
> with a good password is sufficient.
> (I mean not more unsecure than sshd running with simple password access 
> permitted rather than RSA.)
> Personnaly I run Denyhosts for ssh bad login attempts, that work nice, I 
> guess you can also parse the monit log file with
> denyhosts regex extension in order to drop any bad login to the web app.
> (I don't know the format of bad login log for monit web app ... Maybe Martin 
> can help, or read the source)
> Regards.
> --
> To unsubscribe:

Andrew Holt

Email: address@hidden

De Omnibus Dubitandum

reply via email to

[Prev in Thread] Current Thread [Next in Thread]