[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access Control Problem

From: Kevin Chadwick
Subject: Re: Access Control Problem
Date: Wed, 5 Feb 2014 14:46:11 +0000

previously on this list Udo Eckhardt contributed:

> Hi Guys, the last 5 hours I tried to get the access control work properly

Personally I have no need to trust monit to run as root?

Have you considered sudo and running monit as it's own user?

Also an easy and the most secure way that will work for other services
too whilst preventing brute force attacks is to use a public key ssh
tunnel to punch through the firewall to whatever port monit is
listening on. So you connect over ssh to the ssh port that isn't
firewalled and sshd forwards your connection to the localhost port that
monit is listening to and firewall all connections from the internet
directly to monit. Then you don't need a password on monit.

If you have trouble working it out from the man pages, check out the
book ssh-mastery by Michael Lucas


'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd

reply via email to

[Prev in Thread] Current Thread [Next in Thread]