[Xymon] Recommendations for how I should set maint-senders ?
Henrik Størner
henrik at hswn.dk
Mon Mar 10 10:42:27 CET 2014
Den 2014-03-06 21:44, John Thurston skrev:
> the --maint-senders option for xymond is explained as:
>> Controls which hosts may send maintenance commands to xymond.
>> Maintenance commands are the "enable", "disable", "ack" and "notes"
>> commands. Format of this option is as for the --status-senders
>> option. It is strongly recommended that you use this to restrict
>> access to these commands, so that monitoring of a host cannot be
>> disabled by a rogue user - e.g. to hide a system compromise from the
>> monitoring system.
>
> But while exploring some unexpected client behavior today, it appears
> that --maint-senders is only enforced for hosts in hosts.cfg which
> are
> defined with explicit addresses.
>
> On line 71 of lib/ipaccess.c I found this:
>> if (strcmp(targetip, "0.0.0.0") == 0) return 1; /* DHCP hosts can
>> report from any address */
>
> It looks like regardless of how I set --maint-senders, anyone can
> send a 'disable' message for any host defined with 0.0.0.0 Since
> 90%
> of my 500 hosts are dynamically defined in hosts.cfg, it feels like
> trying to clamp down --maint-senders is kind of pointless for me.
This is a bug. In most cases, the IP access check with the
--maint-senders option will not hit this piece of the code in
lib/ipaccess.c (because the 'targetip' parameter is NULL). But exactly
for the enable/disable case, it is set to the IP from hosts.cfg.
The idea behind this is to permit a host to send a "disable" status for
itself, e.g. when shutting down a service for maintenance.
I'll get a fix for this into 4.3.18.
Regards,
Henrik
More information about the Xymon
mailing list