OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Anybody had this problem
From: J C Lawrence (clawKANGA.NU)
Date: Wed Oct 04 2000 - 14:17:41 CDT

On Wed, 4 Oct 2000 18:04:25 +0100
Scott Nursten <Scott.NurstenSTREETSONLINE.CO.UK> wrote:

> Personally, I do see a reason for running connection services
> (such as ssh) out if inetd. I've seen daemons hang / crash / freak
> out, and it's great when you can just kill your connection and
> reconnect. There's more then enough reasons to have a lightweight
> "listen, verify and start" daemon.

To handle the same problems (encluding inetd mysteriously and
silently dieing) I've taken the following tack:

  -- I run two copies of SSHd, one on port 22 as per normal, and one
on a high port.
  -- The instance running on a high port runs at a ridiculously high
priority (this is in attempt to duplicate AIX's high priority SysAdm
telnet port so you can still get into the box even when its swamped
by runaway processes/load)
  -- I then have a cronjob that periodically checks for certain
daemons still being running (eg Apache), and if they're not,
restarts them and emails an alert.
    -- (different implementation of same) As I've had problems with
cron silently dieing, and as I think the cronjob hack is tacky,
/and/ as I already have the daemon status exported under UCD's SNMP
daemon for logging by Cricket, I'm playing with the idea of having
Mon watch the daemon stats, and if they mysteriously die, sending an
alert and coming in on the high port SSH to issue a daemon restart. 

--
J C Lawrence                                 Home: clawkanga.nu
---------(*)                               Other: coderkanga.nu
http://www.kanga.nu/~claw/        Keys etc: finger clawkanga.nu
--=| A man is as sane as he is dangerous to his environment |=--