On Thursday 17 August 2006 10:56, John GALLET wrote:
Hi there,
This is my first Hobbit install, I am still fumbling around on lots of things. Great software, after installing it I wonder how I survived without it.
I have 3 totally distinct questions.
I am running as many daemons as possible on 127.0.0.1 in case I make a mistake in my iptables rules and as a general security rule anyway. I added a 127.0.0.1 localhost line in etc/bb-hosts to monitor them. Is this the correct/preferred way to do it or can I monitor them on a single line with the public ip of the host ?
I configured clamd so that it uses /tmp/clamd for communications. Can I still monitor it with Hobbit ? I can't check the process (see question 3). I tried /tmp/clamd as a port in bb-services and saw an atoi() must be called on it ;-)
The reason I am using a local socket is that clamassassin looks for it to know whether to call the clamscan binary on each and every mail or to use clamdscan daemon. I could force it to use the daemon, but I don't know if it'll still call the binary in cas the daemon is down.
Just compile clamassassin with --enable-clamdscan, looking for a specific named socket to determine the availability of a a service which can run on either a port or a socket is quite weird ...
- Not directly Hobbit related but might need a turnaround.
My kernel is patched with -grsec, which implies only root can access /proc or see other user's processes in a "ps" command. The result is that the hobbit-client log is filled with "access denied" on /proc/net/snmp (which I don't really mind) but also that the stats about users and especially number of processes is totally and utterly wrong, and I'd need this information (I have some random load peaks to diagnose). Do I need to run parts of hobbit as root ? Which ones ? What's the risk involved ? Or are there other solutions ? (the grsec documentation is non-existant or very well hidden).
Seems you should be able to allow a specific user to get a full process listing via gradm ...
Regards, Buchan
-- Buchan Milne ISP Systems Specialist B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)