Mon
目次- 0.1.0 Location
- 0.2.0 Usage
- 0.3.0 Description
- 0.3.1 Options
- 0.4.0 Others
- 0.5.0 Changes from previous version.
- 0.6.0 Example
- 0.6.1 Security confirmation
- 0.6.2 Invocation
- 0.7.0 Bugs
Mon monitors execution of httpd. If the httpd exits, mon rerun it. The mon bundled in Pegasus 2.1 does not require password even if option "
-u user
" is specified.Location
/usr/local/bin/$objtype/mon
Note: old version mon might be in /usr/web/bin/$objtype
Usage
mon [-d] [-u user] [-r req] command argument ...
Description
- Mon is a program that is designed to be used with Pegasus httpd to protect against malicious cgi programs that attempt to kill httpd.
- Mon invokes httpd to run as "
user
" and monitors the httpd to invoke subsequenthttpd
if it is killed by someone.
- Mon should be executed by host owner.
command
is the path to Pegasus httpd, and arguments are those of httpd.
Options
-d
-
run as a daemon
-u user
-
run as user "
user
". usually "web
". If "user
" is ".
" mon runs as the uid who invoked mon. Without this option, mon runs as user "none
".
-r req
-
factotum format of X.509 certificate signing request
command
-
path to the command
argument ...
-
arguments for the command
Others
Mon makes logs in/sys/log/mon
. Mon terminates if the command exits in 5 seconds; this is a protection in case of error. If you want to terminate mon, send "kill note" to the mon.Changes from previous version.
Password option for "-u user
" is discarded. If mon is executed by bootes (default hostowner of cpu servers), password is not required. If you want to run mon on terminals, change /lib/ndb/auth
of auth server. Mine is:hostid=bootes uid=!sys uid=!adm uid=* hostid=arisawa uid=web
Example
Security confirmation
You should confirm that mon is running as userweb
.term% mon -u web me web 123 0:00 0:00 180K Pread ps --rw-rw-rw- M 53 web none 0 Dec 15 22:21 /usr/none/tmp/me term%where "
me
" is a program:#!/bin/rc # note: chmod 777 /usr/none/tmp f=/usr/none/tmp/me ps|grep ' ps$' if(test -e $f) rm $f touch $f; ls -l $fand locate "
me
" at /usr/local/bin/rc
and change /lib/namespace.local
to:bind -a /usr/local/bin/386 /bin bind -a /usr/local/bin/rc /binand then confirm
. /lib/namespace.localis included in your
/lib/namespace
.
Invocation
Mine is:b=/usr/local/bin/$objtype $b/mon -du web $b/httpd -suM