[Xymon] Security without FQDN?

John Horne john.horne at plymouth.ac.uk
Fri May 11 13:50:45 CEST 2012


Hello,

Using Xymon 4.3.7 I have been trying to secure the xymon server, and
have been looking at the various 'senders' options of xymond. Having set
these options I then got several purple reports. The xymond logfile
indicated that messages were being refused from hosts, despite the
xymond man page saying that status messages would be accepted from the
hosts to which they relate. Example:

  2012-05-11 12:20:39 Refused message from 141.163.162.11: usermsg
  jhvm2.sec.1336735239123422 add id=1336735239 expire=1336737639
  jhvm2.sec green Fri May 11 12:20:39 BST 2012 \n&green dummy
  2012-05-11 12:20:39 Invalid user message - sender 141.163.162.11 not
  allowed for host jhvm2.sec.1336735239123422

The hosts.cfg file shows:

  141.163.162.11  jhvm2   # testip conn files sec...

The tasks.cfg file for xymond uses the option
'--status-senders=$XYMONSERVERIP'.

So according to the xymond man page, because '--status-senders' is set,
status reports from 141.163.162.11 for host 'jhvm2' should be accepted
(since they are the same host).

My only though here is how xymond is doing the security check. Is it
checking the IP address against the name, and/or the name against the IP
address? Since we are not using FQDN names, the DNS is not going to be
useful, but a host check of the name 'jhvm2' should return the IP
address since it is listed in the /etc/hosts file.

Any thoughts?



John.

-- 
John Horne                   Tel: +44 (0)1752 587287
Plymouth University, UK      Fax: +44 (0)1752 587001



More information about the Xymon mailing list