[hobbit] Current development plans

Adam Goryachev mailinglists at websitemanagers.com.au
Thu Jun 9 14:34:47 CEST 2005


On Thu, 2005-06-09 at 07:18 -0500, Daniel J McDonald wrote:
> On Thu, 2005-06-09 at 15:58 +1000, Adam Goryachev wrote:
> > On Thu, 2005-06-09 at 07:41 +0200, Henrik Stoerner wrote:
> 
> > 
> > Personally, I'd most like to see a 'free' client (ie, GPL, without the
> > BB license issue),
> 
> Ditto, but I'd really like the bb-central approach.  Most of the status
> information can be grabbed from non-privileged accounts on all unix-like
> platforms.  I concede that a client is necessary in the windows world.

While I can see that some people might like this approach, I would think
that the overhead of this method is significantly higher than the
bbclient method... Also, you probably don't want to be 'giving' a user
level account to people (ie, if they manage to hack your BB central box,
then they get free access to your entire network.... As opposed to being
able to screw-over your monitoring setup but not really affect much
else...

> >  and I'd also like to see *much* better SNMP support.
> > ie, point it at a router, and it will automatically (or some tool) setup
> > the various values to monitor (interfaces, byte counter thresholds, cpu,
> > temperature, etc) or a switch, or firewall, or UPS, or whatever
> > thingamabob you have lying around.
> 
> Although I'd love to see a "better mrtg", I'd hate to re-invent the
> wheel on that one.  It would be nice if the mrtg folks would add
> snmp-v3, but that's not in the offing today.

Well, I don't really know what is needed, but since hobbit includes rrd,
really all you need is to integrate some snmp library which can handle
retreiving the snmp values for you. The hobbit can do it's normal
alerting/trending the same as it does for everything else. Finally, once
the various config file formats for this are done, then someone can
create a nice search/discover/configure tool to create the config files.

> > Finally, what about some sort of compression/encryption protocol, 
> 
> If we are building an extended protocol, we should support
> authentication as well.  That's been a serious hole in bb for a long
> time - any hacker who sees that you are trusting bb for monitoring can
> simply send spoofed status messages to either distract you from the real
> mischief or hide it from obvious view. 

Yes, authentication should be included as well, but perhaps it should be
server-side as opposed to client-side.

eg, xyz IP address can send reports for abc hostname + a and b status,
etc...

This simple option would solve most of the security issues, once they
hack the machine, all bets are off anyway (ie, they can see/find the
username/password you have configured, use the standard bb tools to send
the status/etc...)

Regards,
Adam

-- 
 -- 
Adam Goryachev
Website Managers
Ph:  +61 2 9345 4395                        adam at websitemanagers.com.au
Fax: +61 2 9345 4396                        www.websitemanagers.com.au




More information about the Xymon mailing list