[hobbit] BB vs Hobbit: How to get rid of displaying the ps output?

Axel Beckert beckert at phys.ethz.ch
Thu Jan 24 11:12:20 CET 2008


Hi,

thanks for the prompt answer.

On Wed, Jan 23, 2008 at 11:47:02PM +0100, Henrik Stoerner wrote:
> On Wed, Jan 23, 2008 at 11:12:00PM +0100, Axel Beckert wrote:
> > Is there a possibility to _not_ show the whole ps output in the procs
> > details CGI? BB only showed the monitored processes. With hobbit this
> > page shows the whole ps output. 
> 
> It can be done for all servers, by adding the "--no-ps-listing" option 
> to the hobbitd_client command in hobbitlaunch.cfg . That should do it
> for data from Hobbit clients.

... which is our main concern. Just tried and it looks exactly as we
wanted it to look, thanks!

> > IMHO this is a privacy issue -- even
> > with a passowrd protection for the CGI scripts -- since the output may
> > get saved permanently in the history.
> 
> That's interesting, I hadn't thought about that.

The data still goes unencypted over the net, but this is less
concerning in a switched and monitored network (as we have it at
work). For the home usage, I'll play around with some SSL tunneling
tools (crywrap, stunnel, etc.) and if that doesn't work out
I'll have a close look at OpenVPN. (Or is there already a SSL support
between client and server?)

We also disabled the listing of ESTABLISHED connections (we don't need
to monitor them) via adding a "-l" option to netstat in
/usr/lib/hobbit/client/bin/hobbitclient-*.sh. Would be nice (but
definitely not urgent), if this could be configurable on the
server-side, too. (A --no-established-ports-listing or
--list-only-listening-ports option in addition to the
--no-port-listing option of hobbitd_client would be cool.)

> If your client reports data from the "top" utility,

Doesn't seem the case here anywhere. Even the Macs are said to do it
with ps although on our BB they do it with top (of which the parsing
seems to be very ugly... :-)

> then a partial ps-listing also appears in the "cpu" status
> column. This cannot be turned off, currently.

With BB neither.

> It sounds as if it might be a good idea to let the --no-ps-listing
> option block this ps listing as well,

Yeah.

> although the "top" display (at least on Linux - not sure about other
> platforms) only shows the basic command, not commandline options.

Ack. And since the commandline options are mainly a concern to
privacy, top hasn't been seen as privacy issue here with the current
BB installation.

A little bit offtopic, but for those who would like to have a top
which shows the command line options, try htop[1][2]. It's also more
colorful, shows memory, swap and cpu usage as bar and as root it evens
shows cpu bars for each single processor (core). :-)

  [1] http://htop.sourceforge.net/
  [2] http://packages.debian.org/htop

	Kind regards and thanks for hobbit, Axel Beckert
-- 
Axel Beckert <beckert at phys.ethz.ch>       support: +41 44 633 2668
IT Support Group, HPR E 86.1              voice:   +41 44 633 4189
Departement Physik, ETH Zurich            fax:     +41 44 633 1239
CH-8093 Zurich, Switzerland		  http://nic.phys.ethz.ch/



More information about the Xymon mailing list