I installed the monit addon any also configured a file to check the correct running of
unbound.
I created a folder monit.d
and place a file
-rw-r–r-- 1 root root 325 May 23 17:46 checkunbound
the file includes the following lines
IPFire - monit control file - unbound
check process unbound with pidfile “/var/run/unbound.pid”
not every “40-50 2 * * 1”
start program = “/etc/init.d/unbound start”
stop program = “/etc/init.d/unbound stop”
if not exist then alert
if not exist for 2 cycles then restart
if 3 restarts within 3 cycles then alert
After this i restarted the monit again.
How can I check, if the monit configuration really works.
I stopped the /unbound task and was waiting for the restart of the task ?
I try to access the webinterface of the monit, which should on http://ipfire:2812
I tried http and https and did not get the interface.
I released the port 2812 in the firewall and in the web proxy .
root@ipfire: / # /etc/init.d/monit status
monit is running with Process ID(s) 21454.
Check if monit is “monitoring” and which services it is looking for:
root@ipfire: / # monit summary
Monit 5.28.0 uptime: 6d 1h 4m
┌─────────────────────────────────┬────────────────────────────┬───────────────┐
│ Service Name │ Status │ Type │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ ipfire.localdomain │ OK │ System │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ unbound │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ suricata │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ squid │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ privoxy │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ ntpd │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ httpd │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ hostapd │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ dhcpd │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ collectd │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ clamd │ OK │ Process │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ hp5652 │ OK │ Remote Host │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ brother5350 │ OK │ Remote Host │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ red0 │ OK │ Network │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ green0 │ OK │ Network │
├─────────────────────────────────┼────────────────────────────┼───────────────┤
│ blue0 │ OK │ Network │
└─────────────────────────────────┴────────────────────────────┴───────────────┘
Or, if you want this output in detail, use:
root@ipfire: / # monit status
And check contents of /etc/monitrc - this file might need adjustments.
E.g.:
Is the line include /etc/monit.d/* uncommented?
Check the settings of the web server.
Example:
...
set httpd port [CHOOSE_YOUR_PORT]
allow [IP_ADDRESS_OF_MY_PC]/32
ssl enable
pemfile /etc/httpd/server.pem
# use address localhost # only accept connection from localhost
allow localhost # allow localhost to connect to the server and
# allow md5 /var/ipfire/auth/users
allow [CHOOSE_A_USERNAME]:[CHOOSE_PASSWORD] # require user 'admin' with password 'monit'
...
You don’t need to open ports in the firewall or in the web proxy.
Just read the comments in /etc/monitrc and take your picks.
thanks for the detailed description.
The monit task is running and it will check the “unbound” process.
I still did not get the web interface to run (first only http and then https)
I may have to check the permissions and the access range as well.
I guess it will not run without ssl, because the main website for ipfire is running with
ssl.
Here is the important part for the monitrc file
set httpd port 2812
use address localhost
allow < ip address of ipfire > allow localhost
allow < ip address of pc1 > # desk top pc
allow < ip address of pc2 > # my handy
ssl enable
pemfile /var/ipfire/ovpn/certs/serverkey.pem
When I try to start the service, I always the the message,
that the permission of the file is wrong.
But the file is chown with 700 or less.
When I try to use a connection without ssl, I always get the message,
that the service could not connect the main ip address.
the web interface is now running.
change to
set httpd port 2812
use address < ip Adress of IPfire >
allow < ipaddress of ipfire >
allow localhost
allow < ip address of PC 1 > # desk top pc
allow < ip address of pc 2 > # my handy
I did not get the ssl connection to run.
Question to backup
What files are included within the backup done in the backup of the add on ?
