- changed version to 5.18
httpd socket is not created
Hello! I've just realized all users may "remote control" monit thus the whole server through the open by default HTTP port.
When switching to a unix socket monit does not create it
set httpd unixsocket /run/monit.sock
Message: error : Unix socket /run/monit.sock error -- No such file or directory
I must manually issue: mkfifo --mode=0600 /run/monit.sock
Please advise. Would it be possible to automatically do it?
Comments (11)
-
reporter -
reporter - changed title to httpd socket is not created
-
reporter - edited description
-
repo owner - changed status to closed
The unix socket is created automatically, but the "set httpd" statement always requires at least one "allow" option.
If it is missing (like in the reported configuration), the following error is displayed, the http interface is not started and the socket is not created:
monit: monit httpd not started since no connect allowed
-
reporter Thanks.
Could you please tell me what should i set in "allow" when I am using a unix socket?
-
reporter ...and I'd like to avoid local access. For me HTTP auth is not really a protection, I'd like to keep the HTTP port closed. Is there a solution for unix socket-only?
-
reporter https://mmonit.com/monit/documentation/monit.html#MONIT-HTTPD
set httpd unixsocket /var/run/monit.sock allow username:password
Is there such a thing as socket authentication? I thought it is based on permissions of the socket file.
-
repo owner Yes, the authentication is required for unix socket too - monit enforces the authentication at application level
-
reporter Thank you.
So I have to set 0600 on monit config to hide username/pwd.
-
repo owner Yes, monit also enforces 0600 on its config file for the same reason (otherwise it won't start)
-
repo owner - changed version to 5.18.0
- Log in to comment