josh/malp

Fork 0

Go to file

Josh Holtrop a21bf2c215 Handle ssh attempt to VM that is down

2026-05-01 07:18:11 -04:00

assets

Left-align page title; compact vertically a bit

2026-04-20 21:23:12 -04:00

bin

Handle ssh attempt to VM that is down

2026-05-01 07:18:11 -04:00

cgi-bin

Combine file systems into one card

2026-04-20 22:57:31 -04:00

selinux

Add selinux policy for malpd.sock access; update README.md

2026-04-01 22:59:46 -04:00

systemd

Add systemd unit files for malpd and support systemd socket activation

2026-04-01 21:05:57 -04:00

.gitignore

Add bin/setpasswd to set user password

2026-03-28 19:47:20 -04:00

README.md

Rename MALP

2026-04-19 15:14:17 -04:00

README.md

MALP - MALP Assesses a Linux Platform

A lightweight Ruby CGI status page for home server monitoring.

Install

Copy this repository directory to /var/www, so /var/www/malp/cgi-bin exists.

As root:

mkdir /var/www/malp/data
chown apache:apache /var/www/malp/data

Install ruby

As root:

dnf install ruby

If using SELinux (e.g. AlmaLinux)

As root:

chcon -R -t httpd_sys_script_exec_t /var/www/malp/cgi-bin
chcon -R -t httpd_sys_rw_content_t /var/www/malp/data
chcon -t bin_t /var/www/malp/bin/malpd
semodule -i /var/www/malp/selinux/malp_to_malpd.pp

Example Apache HTTPD Setup

Here is my example setup. My server's name is anubis. Replace as desired.

Create self-signed TLS certificate

As root:

mkdir /etc/httpd/tls
cd /etc/httpd/tls
openssl ecparam -name secp384r1 -genkey -noout -out anubis.key
openssl req -new -x509 -key anubis.key -out anubis.crt -days 3650 -sha384

/etc/httpd/conf.d/anubis.conf

<VirtualHost *:80>
    ServerName anubis
    ServerAlias anubis

    # Permanent redirect to the same URI on HTTPS
    Redirect permanent / https://anubis/
</VirtualHost>

<VirtualHost *:443>
    ServerName anubis
    DocumentRoot /var/www/html

    SSLEngine on

    SSLCertificateFile /etc/httpd/tls/anubis.crt
    SSLCertificateKeyFile /etc/httpd/tls/anubis.key

    # Modern TLS Security (Recommended for ECDSA)
    SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder     off
    SSLSessionTickets       off

    ErrorLog /var/log/httpd/anubis-error.log
    CustomLog /var/log/httpd/anubis-access.log combined

    <Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ScriptAlias / /var/www/malp/cgi-bin/malp.rb
</VirtualHost>

Set user name and password

As root:

/var/www/malp/bin/setpasswd

Install systemd units

As root:

cp /var/www/malp/systemd/* /usr/lib/systemd/system
systemctl enable --now malpd.socket
systemctl enable --now malpd.service

Virtual Machine Info

Generate SSH Key

On server host OS, generate an SSH key that will be used to gather information from each running VM. Leave the passphrase empty so it can be used non-interactively.

ssh-keygen -f /root/.ssh/malp-vm-key

malp user

On each VM to gather status information, add a malp user with:

useradd -m malp

Add a /home/malp/.ssh/authorized_keys file with content such as (replacing the SSH key beginning with ssh-ed25519...):

command="/path/to/malp/bin/vm-info",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3Nza...user@example.com

vm-info script

Make the bin/vm-info script available on each VM (via scp/rsync, NFS, etc...)