RE: Feature request for config file checking?

[Kevin Robert Casey]

I don't know about anybody else, but this would make me a little nervous.  I
know that we all live in fairly secured server environments, but what if
somebody manages to change the config file for a running process?

Maybe I'm just be paranoid, because if they manage to change the config file
there's no reason they can't manage to reload the server in question.

Kevin

-----Original Message-----
From: address@hidden
[mailto:address@hidden Behalf Of
Jan-Henrik Haukeland
Sent: Thursday, June 05, 2003 4:00 PM
To: This is the general mailing list for monit
Subject: Re: Feature request for config file checking?


Mark Ferlatte <address@hidden> writes:

> Jan-Henrik Haukeland said on Thu, Jun 05, 2003 at 03:31:23AM +0200:
> [gibberish]
>
> That's not quite what I had in mind...

Ahhum, right. I misunderstod that one.

> What I would like (and admittedly, this is a pretty niche feature, so it
may
> not be worth integrating), is for monit to notice changes in the
configuration
> files of software that monit is monitoring, and reload them if their
config
> file has changed.  This could, of course, apply to monit itself.
>
> So, for example:
>
> monit is watching apache on a cluster of webservers.  I push an update to
those
> webservers using rsync (so, new configs).  I want monit to notice that the
> config file for the webserver has changed, and to take an action (ie, run
> /etc/init.d/apache reload).
>
> Perhaps the webserver cluster is a bad example... I'm in an environment
where I
> have ~100 machines that are running an identical image, and while
deploying new
> software is easy, deploying config file changes still requires logging
into
> each machine with a script and reloading/restarting services.  I want the
> machines to do it themselves.
>
> It seemed like monit was a good choice for this; however, if this isn't
> something that "fits", I will just write a tool to do the same thing.

No, this seems like a cool idea at least in my book and you're right
about monit almost having this function already, that is, some minor
extensions to the TIMESTAMP statement [1] should do the trick as in:

check apache with pidfile /var/run/apache.pid
  start program = /etc/init.d/apache start
  stop program = /etc/init.d/apache stop
  if timestamp "/local/apache/conf/httpd.conf" was changed then restart

It's probably easier to implement this if we only check the last-
modified-timestamp of a config file, but of course a changed timestamp
does not necessarily imply that the content of a file was changed and
to check for actual changes a checksum of the file is needed, as you
mentioned previously. Still, would just checking the last modified
timestamp be sufficient do you think?



[1] The timestamp statement:
    <URL:http://www.tildeslash.com/monit/monit.html#timestamp%20testing>


--
Jan-Henrik Haukeland


--
To unsubscribe:
http://mail.nongnu.org/mailman/listinfo/monit-general