[Xymon] Xymon 4.3.19 Released

Galen Johnson Galen.Johnson at sas.com
Tue Mar 31 22:53:32 CEST 2015


Thanks, I'll likely just change the definition in the xymon.conf file to point to the actual physical location when I get a chance to circle back.  I'm just concerned about the security implications for allowing FollowSymLinks for my cgi areas.

=G=

________________________________________
From: J.C. Cleaver <cleaver at terabithia.org>
Sent: Tuesday, March 31, 2015 4:51 PM
To: Galen Johnson
Cc: Xymon Mailinglist; Xymon Development
Subject: Re: [Xymon] Xymon 4.3.19 Released

This was a change in 4.3.18, with "cgiwrap" being a replacement for the
original shell script wrappers to mitigate the Shellshock vulnerability.

One option, if you didn't want to add FollowSymLinks would be to store
bin/cgiwrap directly in the cgi-bin,secure-bin directories under the
original wrapper names. To save space, they could be hardlinked to the
same binary on installation.

-jc


On Tue, March 31, 2015 1:25 pm, Galen Johnson wrote:
> Have the contents of cgi-bin and cgi-secure-bin always been symlinks?  I
> don't think so...which means I had to add "FollowSymLinks" to my apache
> config file to allow it to work.  I would prefer not to have to set this
> on my cgi folders.
>
> =G=
> ________________________________________
> From: Xymon <xymon-bounces at xymon.com> on behalf of J.C. Cleaver
> <cleaver at terabithia.org>
> Sent: Tuesday, March 31, 2015 2:36 AM
> To: Xymon Mailinglist
> Cc: Xymon Development
> Subject: [Xymon] Xymon 4.3.19 Released
>
> Hello,
>
> Xymon 4.3.19 has been released to SF and should be available on a mirror
> near you! It can be downloaded from
> https://sourceforge.net/projects/xymon/
>
>
> 4.3.19 contains a number of bug fixes and improvements, along with a
> several new features.
>
> - a report on all recent acknowledgements is now available
> - a specific time range can now be excluded for analysis or alerting
> purposes with the EXTIME= directive
> - additional filters are available with the "xymondboard" command,
> including searching the full body text of a status report
> - the last position read in a log file is now indicated on the 'msgs'
> status report
> - a new 'deltacount' option for counting recent matching lines in a log
> file
> - improved Windows PowerShell client support
>
> For a full list of changes, see the Changes file inside the tarball.
>
>
> All users of 4.3.x or earlier versions of Xymon are encouraged to upgrade.
>
>
>
> Regards,
>
> -jc
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>





More information about the Xymon mailing list