localhost, clamd, rights
John GALLET
john.gallet at wanadoo.fr
Thu Aug 17 10:56:48 CEST 2006
Hi there,
This is my first Hobbit install, I am still fumbling around on lots of
things. Great software, after installing it I wonder how I survived
without it.
I have 3 totally distinct questions.
1) I am running as many daemons as possible on 127.0.0.1 in case I make a
mistake in my iptables rules and as a general security rule anyway. I
added a 127.0.0.1 localhost line in etc/bb-hosts to monitor them. Is this
the correct/preferred way to do it or can I monitor them on a single line
with the public ip of the host ?
2) I configured clamd so that it uses /tmp/clamd for communications. Can I
still monitor it with Hobbit ? I can't check the process (see question 3).
I tried /tmp/clamd as a port in bb-services and saw an atoi() must be
called on it ;-)
The reason I am using a local socket is that clamassassin looks for it to
know whether to call the clamscan binary on each and every mail or to use
clamdscan daemon. I could force it to use the daemon, but I don't know if
it'll still call the binary in cas the daemon is down.
3) Not directly Hobbit related but might need a turnaround.
My kernel is patched with -grsec, which implies only root can access /proc
or see other user's processes in a "ps" command. The result is that the
hobbit-client log is filled with "access denied" on /proc/net/snmp (which
I don't really mind) but also that the stats about users and especially
number of processes is totally and utterly wrong, and I'd need this
information (I have some random load peaks to diagnose). Do I need to run
parts of hobbit as root ? Which ones ? What's the risk involved ?
Or are there other solutions ? (the grsec documentation is non-existant or
very well hidden).
I might have some further questions about mysql monitoring, but
http://www.hswn.dk/hobbiton/2006/06/msg00016.html looks promising, so I'll
give it a try.
Thanks in advance for any help.
Sincerely,
JG
More information about the Xymon
mailing list