[Savannah-hackers-public] Re: monitoring

[Dave Love]

Sorry I didn't respond to this while getting myself on the list.

Sylvain Beucler <address@hidden> writes:

> Knowing about what is running or down is not a big issue - users will
> probably notice it before the monitoring tool and tell us about
> it.

Yes, but at least in the past, things often seemed to be down for
quite a long time with no indication of what was going on, and I
suspect people typically didn't report problems correctly.  My
experience is that monitoring can help in preventing problems and
often in indicating what's actually caused a problem, but I know your
mileage probably varies.

Sorry I'm talking without knowing how things actually run.

> It would be interesting, though, to setup some security checks, such
> as: is the /home directory well ready-only when accessed through the
> arch sftp service?

Cfengine can probably help with things like directory permissions and
cleaning up lock files etc.  I'm not sure about something like
viewcvs, but cfengine can take action depending on running or
non-running processes.

> Is it possible for a project member to commit to
> CVSROOT/?  etc.

Yes, I had that sort of thing in mind, but I haven't thought how to do
it sensibly.

> I'm also concerned about usage statistics. For example, the other day
> the load went to 20 and I have about no clue what it was due
> to.

Cfengine has some support for that sort of thing -- alerts and
monitoring based on process and resource statistics, but I'm not sure
it's terribly useful in practice.

> Mathieu Roy from Gna! told me about heavy SSH robot attacks that
> could be more lightly rejected using dynamic IP-based restrictions and
> inetd.

Don't you do rate-limiting with iptables to combat that?  I did try to
look at the firewalling, but that needs more privilege.

> Users may also be interested in SCM-related stats.

What does SCM stand for here and elsewhere?  `Software configuration
management' or something else?