IF checksum /usr/bin/httpd and expect the sum
4e5309d1956f003bcdff168748bea647 FAILED THEN [ALERT | STOP | RESTART | EXEC]
I have a few thoughts about the checksum statement. Thinking about it,
the checksum was originally a security thingy and for catching
unwanted changes. In this case it could be dangerous to run the STOP
or RESTART program (i.e. monit may execute a possible cracked program,
this may be dangerous, especially if monit is running as root). The
function today, will upon a checksum event send an alert and *not*
monitor the program anymore (to avoid executing the program). This
behavior is reasonable.
On the other hand, and also mentioned in the monit-general list, if
checksum is used to watch a configuration file, for instance,
httpd.conf, it could also be reasonable to do both a RESTART and EXEC.
One solution could be that if the ALERT action was used the old
behavior is used (i.e. alert + not monitor anymore) but for the other
action choices the behavior is; alert, do STOP, RESTART or EXEC *and*
keep on monitoring. Do you see the difference? What do you think, will
it be to complicated to understand for regular users?
Anyway, I want to know what you guys think about this before I
eventually change the checksum statement:
1) Do not change checksum and keep it as is
2) Change it as outlined above