[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The day I lost my job due to monit
|
From: |
address@hidden |
|
Subject: |
Re: The day I lost my job due to monit |
|
Date: |
Tue, 8 Dec 2020 20:48:42 +0100 |
We can extend the certificate verification to the whole chain.
Best regards,
Martin
> On 8 Dec 2020, at 19:11, rexkogitans@gmx.at wrote:
>
> Sure, I admit I sought for a kind of a sensational headline. Monit is a
> great tool which surveils the services of this company since many years
> and alarmed us for many serious problems.
>
> The more important line is the last sentence: There is room for
> improvement. Since I wasn't into C since more than a decade, I am sorry
> that I cannot really contribute to Monit, otherwise I would. I remember
> that it was roughly 400 lines of PHP code which made a reliable check of
> the TLS certificate chain and against the trust store in /etc/ssl/certs.
> What I want to give to the developers of Monit is this idea so they may
> improve this great tool even more.
>
> Kind regards,
>
> rex kogitans
>
> Am 04.12.20 um 20:03 schrieb Paul Theodoropoulos:
>> You did not lose your job due to Monit, and you know that - you
>> clearly described what the proximate cause was of your losing your
>> job. It makes for a 'sensational' headline, but blaming it on Monit is
>> absurd.
>>
>> On 12/4/2020 7:52 AM, rexkogitans@gmx.at wrote:
>>> I configured monit to monitor the TLS certificate validity of all of our
>>> highly productive websites. To all websites, the unnecessary full
>>> certificate (without root CA) was installed. However, on 30th of May
>>> 2020 one of the chain certificates (COMODO) ran out of its validity
>>> period. Obviously monit only checks for the server certificate, that's
>>> why the check did not notice this, and such a check is completely
>>> pointless. It led to a massive damage to my company, and since I was to
>>> deal with monitoring as well as TLS certificates, I had to move on to
>>> find a new job.
>>>
>>> During the notice period, I implemented an own check in PHP and let
>>> monit execute this PHP program to check TLS certificates. This PHP
>>> program did not just check the entire chain, but also the chain against
>>> the system's own trust store (in /etc/ssl/certs). I think it would be an
>>> interesting feature to deal with TLS certificates like this in monit in
>>> order to avoid more people losing the jobs.
>>>
>>>
>>
>
- The day I lost my job due to monit, address@hidden, 2020/12/04
- Re: The day I lost my job due to monit, Paul Theodoropoulos, 2020/12/04
- Re: The day I lost my job due to monit, Paul Theodoropoulos, 2020/12/04
- Re: The day I lost my job due to monit, SZÉPE Viktor, 2020/12/04
- Re: The day I lost my job due to monit, Werner Flamme, 2020/12/06
- Re: The day I lost my job due to monit, SZÉPE Viktor, 2020/12/06
- Re: The day I lost my job due to monit, Werner Flamme, 2020/12/09
- Re: The day I lost my job due to monit, SZÉPE Viktor, 2020/12/09
- Re: The day I lost my job due to monit, Phil Townes, 2020/12/10
- Re: The day I lost my job due to monit, Werner Flamme, 2020/12/11
- Re: The day I lost my job due to monit, SZÉPE Viktor, 2020/12/11
- Re: The day I lost my job due to monit, Phil Townes, 2020/12/11