Monit sshd binary Checksum Check and Restart

Question

I'm going over a monit config file and something doesn't seem right. I'm using monit to monitor the checksum of the sshd binary, if its different from whats expected it should reload a known binary. Is the below section correct for checking the checksum on the ssh binary? What does the monit daemon compare the current checksum with? No where in the file do I see any other mention of the checksum or outside tool to check the checksum.

check process ssh
    with pidfile "/var/run/sshd.pid"
    start program = "/sbin/service sshd start"
    stop program = "/sbin/service sshd stop"
    depends on sshd_binary

check file sshd_binary
    with path /usr/sbin/sshd
    if failed checksum then alert

score 2 · Accepted Answer · answered Feb 25 '16 at 07:11

To check a file for any changes, use:

IF CHANGED [MD5|SHA1] CHECKSUM THEN action

Or if you've already computed the checksum on a file you expect to be static:

IF FAILED [MD5|SHA1] CHECKSUM [EXPECT checksum] THEN action

The EXPECT directive is optional. If you don't specify the expected checksum, then it uses the checksum of the file as of when the monitoring started.

For more details, check out monit's documentation: https://mmonit.com/monit/documentation/monit.html#FILE-CHECKSUM-TESTING

Monit sshd binary Checksum Check and Restart

1 Answers1