[sysmon-help] Re: Sysmon - root required for icmp
jared at sysmon.org
Wed Aug 24 21:21:45 EDT 2005
On Wed, Aug 24, 2005 at 04:01:08PM -0700, David Ski wrote:
> Thank you for a great program, I have been using it
> for over a year now to assist in monitoring
> I would like to run sysmon from a FreeBSD jail system.
> In this scenario I would not be using any ICMP checks.
> In fact the jail "virtual" system can not use ICMP at
Well, yes they can, my machine "puck" runs inside a FreeBSD
> iron# ping localhost
> ping: socket: Operation not permitted
> My issue is the sysmon program stops on a check for
> root access to ICMP. The jail root user doesn't have
> rights to create ICMP packets in a jail system.
> Can this be modified to skip with a sysmon.conf switch
> or turned off ?
puck:~/sysmon/sysmon> src/sysmond -h
Usage: src/sysmond [ -f config-file ] [ -n ] [ -d ] [ -v ] [ -t ]
[ -p port ] [ reload ]
-b : IP Address to listen on
-f config-file : Alternate config file location
-n : Don't do notifies
-d : Don't fork
-i : Disable ICMP
You can also use this sysctl to allow raw sockets
within a Jail:
If you're running FreeBSD 4.x, you can use this
> I would like to use UDP and TCP based checks on this
> jail sysmon system only.
if you use '-i' it will have the desired result.
> I am able to run the program from the main FreeBSD
> system, but I wanted to customize the checks for
> different teams and create redundancy without a huge
> hardware investment which is why I am using jails.
> Also, I can let users create monitors and test them
> without impacing or restarting the main sysmon.
> >From a jail system the program does not run.
> sysmond: 15:06:47 Starting sysmon v0.92
> /usr/local/bin/sysmond started on iron.fcmc1.com
> forked process as pid 48541
> iron# sysmond: 15:06:47 We are not root, unable to
> perform icmp check, exiting
> My intent was to use
> TCP 135, TCP 22, or UDP 161 checks instead of ICMP for
> my jail system to know network equpiment is up.
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the Sysmon-help