Re: FreeBSD and monit status

monit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FreeBSD and monit status

From:	Jan-Henrik Haukeland
Subject:	Re: FreeBSD and monit status
Date:	12 Sep 2002 17:15:43 +0200
User-agent:	Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Civil Service)

Christian Hopp <address@hidden> writes:

> And now for something completely different... I asked before if we
> should include a check for the permissions of the monitrc file.  IMO
> monit must not start if the permissions are not 0600, 0400, 0500.
> Opinions?

Agree. We can put the test in env.c since this code runs early.

> Maybe we should think about a different way of saving the password.
> We could use the htpasswd program of apache or we directly store it in
> monit as md5, et al, like this
> 
> set httpd port 2812
>         allow admin:md5:6af286f0509e7c166abf710850f44fc4
>         allow foo:nis:monituser
>         allow foo:htpasswd:/opt/monit/htpasswd

Nah, since monit does not utilize ssl or other encryption at the http
level the user will have to provide a password in cleartext from
within the browser (for Basic Auth), which could easily be sniffed. In
other words this does not solve the fundamental problem. Besides md5
will not work since monit implements Basic Authentication by comparing
cleartext base64 encoded passwords.

-- 
Jan-Henrik Haukeland

[Prev in Thread]

Current Thread

[Next in Thread]

FreeBSD and monit status, Rory Toma, 2002/09/11
- Re: FreeBSD and monit status, Christian Hopp, 2002/09/12
  - Re: FreeBSD and monit status, Jan-Henrik Haukeland <=
    - Re: FreeBSD and monit status, Christian Hopp, 2002/09/12
  - Re: FreeBSD and monit status, rory, 2002/09/12
- Re: FreeBSD and monit status, Jan-Henrik Haukeland, 2002/09/12

Prev by Date: Re: FreeBSD and monit status
Next by Date: monit/web propaganda.html
Previous by thread: Re: FreeBSD and monit status
Next by thread: Re: FreeBSD and monit status
Index(es):
- Date
- Thread