[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [monit] A couple of general questions after setting up monit, daemon

From: Jake Conk
Subject: Re: [monit] A couple of general questions after setting up monit, daemon, binary checksum, restarting services
Date: Tue, 11 Dec 2007 19:18:07 -0800

On Dec 11, 2007 5:22 AM, Jan-Henrik Haukeland <address@hidden> wrote:
> On Dec 11, 2007, at 11:43 AM, Jake Conk wrote:
> > I don't know why this is if I can load the monit server page and
> > according to "/etc/init.d/monit status" its running. Just for kicks
> > `ps aux` also shows monit running so I don't know why monit can't find
> > it's daemon process running and reload its config?
> You have probably started monit as a different user. Remember that
> sudo switch to the root user. Monit save its configuration and lock
> file in the home directory of the user starting monit. That is,
> $HOME/ or for the root user it is usually /var/run/
> > My next question is regarding checking the checksum files of binary
> > files. Looking at the examples what's the point of checking if the
> > checksum of lets say httpd binary is still the same and if not then
> > unmonitor it? Here is an example that I'm talking about:
> >
> > check file httpd with path /usr/local/apache/bin/httpd
> >   if failed checksum then unmonitor
> This example is just a simple security test. For instance if someone
> hacked into your machine and switch your httpd with their own version,
> you would probably like to know if you are running a compromised
> version of httpd and not have monit automatically restart it,
> particularly if monit runs as the root user.  A more common usage of
> the checksum statement though, is to use it for notification,
> replacing unmonitor with alert or exec to issue an action if httpd was
> automatically updated by your system. For instance restart httpd and
> make it reread its configuration.
> > Lastly, I tried restarting all services with "sudo monit restart all"
> > and all I currently have configured is apache2 and a check system.
> > When I invoked the command it stopped apache and brought it back up
> > but it added " -D NOSSL" which it never does when I start it up
> > manually or with chkconfig when the server starts. Here is the output:
> >
> >
> > # sudo monit restart all
> > '' trying to restart
> > 'httpd2-prefork' trying to restart
> > 'apache' stop: /etc/init.d/apache2
> > Shutting down httpd2 (waiting for all children to terminate) ..done
> > 'apache' start: /etc/init.d/apache2
> > 'apache' failed to start
> > Sendmail error: 571 Remote sending only allowed with authentication!
> > Starting httpd2 (prefork) [Tue Dec 11 02:29:21 2007] [warn] module
> > deflate_module is already loaded, skipping
> > [Tue Dec 11 02:29:21 2007] [warn] module headers_module is already
> > loaded, skipping
> > address@hidden:/srv/www/htdocs>
> >
> > An SSL passphrase has not been entered within 2 seconds.
> > To increase this timeout, adjust APACHE_START_TIMEOUT in
> > /etc/sysconfig/apache2 .
> > Trying to start the server without SSL (-D NOSSL).
> > Starting httpd2 (prefork) [Tue Dec 11 02:29:24 2007] [warn] module
> > deflate_module is already loaded, skipping
> > [Tue Dec 11 02:29:24 2007] [warn] module headers_module is already
> > loaded, skipping
> > ..done
> >
> >
> > Here is the output I get from apache when I start it up myself
> > manually and when I check it with "ps aux" it doesn't have " -D NOSSL"
> > appended to the end of it.
> If you read the log output above you will see why this happen. Update
> the script starting apache to submit the SSL pass phrase and you
> should be fine.

Thanks for your reply Jan. I don't have a monit pid file in my root's
home directory,  I only have a pid in /var/run/monit/ and I
did try to reload the monit configuration as root but yet I still get
the same error.

And regarding the apache with SSL, I don't have SSL configured for
apache so I don't have anything to put in the SSL area, why can't
monit just start apache the way it normally starts with chkconfig by
the init.d script?

- Jake

reply via email to

[Prev in Thread] Current Thread [Next in Thread]