[Xymon] Xymon security concern raised

Henrik Størner henrik at hswn.dk
Wed Dec 5 21:57:10 CET 2012


On 05-12-2012 21:04, Steve Holmes wrote:
> I tried that and started getting a lot of refused messages referencing
> the monitored systems.
> I forgot to mention that this is release 4.2.3. If it is different in
> 4.3.x then I will have to wait a couple of months.

In --status-senders, you should list

1) the Xymon server itself
2) any hosts running network tests

The reason for 1) is somewhat obscure, but basically boils down to the 
Xymon client data triggering status-messages sent locally from the 
xymond_client daemon.


This behaviour is unchanged from 4.2.x to 4.3.x.

In 5.0, you can implement SSL client certificate checks for complete 
control of who is allowed to send status updates.


Regards,
Henrik




More information about the Xymon mailing list