josh/malp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
malp/README.md
Josh Holtrop e6d2945b7b Rename MALP
2026-04-19 15:14:17 -04:00

139 lines
2.8 KiB
Markdown
Raw Blame History

# MALP - MALP Assesses a Linux Platform
A lightweight Ruby CGI status page for home server monitoring.
## Install
Copy this repository directory to `/var/www`, so `/var/www/malp/cgi-bin` exists.
As root:
```
mkdir /var/www/malp/data
chown apache:apache /var/www/malp/data
```
### Install ruby
As root:
```
dnf install ruby
```
### If using SELinux (e.g. AlmaLinux)
As root:
```
chcon -R -t httpd_sys_script_exec_t /var/www/malp/cgi-bin
chcon -R -t httpd_sys_rw_content_t /var/www/malp/data
chcon -t bin_t /var/www/malp/bin/malpd
semodule -i /var/www/malp/selinux/malp_to_malpd.pp
```
### Example Apache HTTPD Setup
Here is my example setup.
My server's name is `anubis`.
Replace as desired.
#### Create self-signed TLS certificate
As root:
```
mkdir /etc/httpd/tls
cd /etc/httpd/tls
openssl ecparam -name secp384r1 -genkey -noout -out anubis.key
openssl req -new -x509 -key anubis.key -out anubis.crt -days 3650 -sha384
```
#### /etc/httpd/conf.d/anubis.conf
```
<VirtualHost *:80>
ServerName anubis
ServerAlias anubis
# Permanent redirect to the same URI on HTTPS
Redirect permanent / https://anubis/
</VirtualHost>
<VirtualHost *:443>
ServerName anubis
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/httpd/tls/anubis.crt
SSLCertificateKeyFile /etc/httpd/tls/anubis.key
# Modern TLS Security (Recommended for ECDSA)
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
ErrorLog /var/log/httpd/anubis-error.log
CustomLog /var/log/httpd/anubis-access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ScriptAlias / /var/www/malp/cgi-bin/malp.rb
</VirtualHost>
```
### Set user name and password
As root:
```
/var/www/malp/bin/setpasswd
```
### Install systemd units
As root:
```
cp /var/www/malp/systemd/* /usr/lib/systemd/system
systemctl enable --now malpd.socket
systemctl enable --now malpd.service
```
### Virtual Machine Info
#### Generate SSH Key
On server host OS, generate an SSH key that will be used to gather information
from each running VM.
Leave the passphrase empty so it can be used non-interactively.
```
ssh-keygen -f /root/.ssh/malp-vm-key
```
#### malp user
On each VM to gather status information, add a `malp` user with:
```
useradd -m malp
```
Add a /home/malp/.ssh/authorized_keys file with content such as (replacing the
SSH key beginning with `ssh-ed25519`...):
```
command="/path/to/malp/bin/vm-info",no-port-forwarding,no-x11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3Nza...user@example.com
```
#### vm-info script
Make the `bin/vm-info` script available on each VM (via scp/rsync, NFS, etc...)
Reference in New Issue View Git Blame Copy Permalink