I'm trying to securely install the monit on Ubuntu 14.04 Trusty. The default packaged version is 5.6. From what I can see, monit is basically unusable without the httpd service enabled (ie you can't start, restart or stop monitoring a service). Is this right?
Assuming it is, I'd like to enable httpd, but I'm finding difficulty with setting up authentication. The config I want is to allow root to start/stop the services. How can I achieve this?
I dredged up the 5.6 docs from archive.org and started with the following config:
set httpd port 2812 use address localhost allow localhost
This seems to work OK, and I guess this allows any user to connect. Now I want to lock this down and just let root administer the services. How can I achieve this?
I tried the
allow @group syntax with the
root group (which the
root user is a member of):
set httpd port 2812 use address localhost allow localhost allow @root
When I do
monit status, I see
monit: cannot read status from the monit daemon
When I do
monit -v status, I see this:
monit: Debug: Adding host allow 'localhost' monit: Debug: Skipping redundant host 'localhost' monit: Debug: Skipping redundant host 'localhost' monit: Adding PAM group 'root'. <Long list of all runtime constants and service list omitted>
What am I missing here? Is there some additional pam authentication I need to do or something?