previously on this list Udo Eckhardt contributed: > Hi Guys, the last 5 hours I tried to get the access control work properly
Personally I have no need to trust monit to run as root? Have you considered sudo and running monit as it's own user? Also an easy and the most secure way that will work for other services too whilst preventing brute force attacks is to use a public key ssh tunnel to punch through the firewall to whatever port monit is listening on. So you connect over ssh to the ssh port that isn't firewalled and sshd forwards your connection to the localhost port that monit is listening to and firewall all connections from the internet directly to monit. Then you don't need a password on monit. If you have trouble working it out from the man pages, check out the book ssh-mastery by Michael Lucas -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ -- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
