• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home /
  • Public Forums /
  • Application Monitoring & UEM /
  • AppMon & UEM Open Q&A /
avatar image
Question by Chris G. · Jan 10, 2015 at 02:38 AM ·

Apache agent in chroot environment

 

I have the following linux environment for a poc. On one machine we have 2 chroot environments

/chroot1/

/chroot2/

In each chroot there is an apache.

We installed the master agent services in /opt/dynaTrace/

Take as example chroot1. We copied the master agent directory to the chroot1. In config file of the master agent we tell the agent to use the shared memory file in the /chroot1/ The loadmodule of the apache uses as well the shared memory file in the /chroot1/ The master agents listens correctly on port 8001. When we start apache the apache crashes. Last line is that module is loaded in apache.

Version dynaTrace: 6.1.

Is this the right approach for a chroot environment? We do not want to install in each chroot a master agent service because to do that they also need to copy a lot of files to the chroot environments which they want to avoid of course.

 Chris

 

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

3 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Reinhard W. · Jan 12, 2015 at 11:48 PM

The purpose of a chroot is not to interfere with the contents outside of the chroot. If executables, libraries etc are required by services in that chroot they have to be inside the chroot. There is no advice we can give here, it's standard chroot administration.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Chris G. · Jan 12, 2015 at 11:23 PM

Hi Reinhard,

But the downside to this is that you need to install more libraries in the chroot environment which makes it again less secure...

That's why I am wondering if we have experience or recommendations for this? Also later on for having support on these environments....

 

Chris

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Reinhard W. · Jan 12, 2015 at 10:42 PM

Chris,

without beeing 100% certain but the intention of chroots is that no process in the chroot is able to write outside of the chroot. So if the shared memory file that the dynatrace agent and the apache module use for communication lies outside the chroot this would be a violation of that principle. I think securitywise it makes sense to have the master agent also running in the chroot of each apache. Also it should be a snap to modify chrooted environments to provide additional files.

Reinhard

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

1 Person is following this question.

avatar image

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api dashboard framework 7.0 appmon 7 health monitoring adk log monitoring services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window java hybris javascript appmon sensors good to know extensions search 6.3+ server documentation easytravel web dashboard kibana system profile purelytics docker splunk 6.1 process groups account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow technologies diagnostics user session monitoring unique users continuous delivery sharing configuration alerting NGINX splitting business transaction client 6.3 installation database scheduler apache mobileapp RUM php dashlet azure purepath agent 7.1 appmonsaas messagebroker nodejs 6.2 android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A