On 10 Aug 2011, at 09:52, Eric Pailleau wrote:
> Le 10/08/2011 09:23, Martin Pala a écrit :
>> The sample monit configuration file comes with example of "set httpd port 2812 …" limited to localhost with default admin/password. There are no
>> services configured in the sample config file though (only sample comments) so no actions are possible and no data presented, even if you'll start it
>> using the sample configuration without changes and somebody will figure out that monit was started on localhost:2812 with default admin:monit
>> credentials, only local users will be able to access it and they'll see only the system load and cpu+memory usage (which they can see locally even
>> without accessing monit - using "vmstat", etc.).
>
> Hello,
> even I think it is not a good idea,
> you can also run monit in crontab and not in daemon mode.
> But this is then dependent to cron (I saw crond up and running, seems to work but not working ...)
> I don't recommand to do this though.
>
> Generally speaking, monit is very light in whatever (except for usefulness :>)..),
> and other posts tell you how to be safe with the web app : using localhost with a good password is sufficient.
> (I mean not more unsecure than sshd running with simple password access permitted rather than RSA.)
>
> Personnaly I run Denyhosts for ssh bad login attempts, that work nice, I guess you can also parse the monit log file with
> denyhosts regex extension in order to drop any bad login to the web app.
> (I don't know the format of bad login log for monit web app ... Maybe Martin can help, or read the source)
>
> Regards.
>
> --
> To unsubscribe:
>
https://lists.nongnu.org/mailman/listinfo/monit-general
>