Hi,
thanks for the prompt answer.
On Wed, Jan 23, 2008 at 11:47:02PM +0100, Henrik Stoerner wrote:
On Wed, Jan 23, 2008 at 11:12:00PM +0100, Axel Beckert wrote:
Is there a possibility to _not_ show the whole ps output in the procs
details CGI? BB only showed the monitored processes. With hobbit this
page shows the whole ps output.
It can be done for all servers, by adding the "--no-ps-listing" option
to the hobbitd_client command in hobbitlaunch.cfg . That should do it
for data from Hobbit clients.
... which is our main concern. Just tried and it looks exactly as we
wanted it to look, thanks!
IMHO this is a privacy issue -- even
with a passowrd protection for the CGI scripts -- since the output may
get saved permanently in the history.
That's interesting, I hadn't thought about that.
The data still goes unencypted over the net, but this is less
concerning in a switched and monitored network (as we have it at
work). For the home usage, I'll play around with some SSL tunneling
tools (crywrap, stunnel, etc.) and if that doesn't work out
I'll have a close look at OpenVPN. (Or is there already a SSL support
between client and server?)
We also disabled the listing of ESTABLISHED connections (we don't need
to monitor them) via adding a "-l" option to netstat in
/usr/lib/hobbit/client/bin/hobbitclient-*.sh. Would be nice (but
definitely not urgent), if this could be configurable on the
server-side, too. (A --no-established-ports-listing or
--list-only-listening-ports option in addition to the
--no-port-listing option of hobbitd_client would be cool.)
If your client reports data from the "top" utility,
Doesn't seem the case here anywhere. Even the Macs are said to do it
with ps although on our BB they do it with top (of which the parsing
seems to be very ugly... :-)
then a partial ps-listing also appears in the "cpu" status
column. This cannot be turned off, currently.
With BB neither.
It sounds as if it might be a good idea to let the --no-ps-listing
option block this ps listing as well,
Yeah.
although the "top" display (at least on Linux - not sure about other
platforms) only shows the basic command, not commandline options.
Ack. And since the commandline options are mainly a concern to
privacy, top hasn't been seen as privacy issue here with the current
BB installation.
A little bit offtopic, but for those who would like to have a top
which shows the command line options, try htop[1][2]. It's also more
colorful, shows memory, swap and cpu usage as bar and as root it evens
shows cpu bars for each single processor (core). :-)
[1] http://htop.sourceforge.net/
[2] http://packages.debian.org/htop
Kind regards and thanks for hobbit, Axel Beckert
--
Axel Beckert <user-96d9963fe797@xymon.invalid> support: +41 44 633 2668
IT Support Group, HPR E 86.1 voice: +41 44 633 4189
Departement Physik, ETH Zurich fax: +XX XX XXX XXXX
CH-8093 Zurich, Switzerland http://nic.phys.ethz.ch/