[Xymon] Security without FQDN?
John Horne
john.horne at plymouth.ac.uk
Fri May 11 14:29:16 CEST 2012
On Fri, 2012-05-11 at 12:50 +0100, John Horne wrote:
> Hello,
>
> Using Xymon 4.3.7 I have been trying to secure the xymon server, and
> have been looking at the various 'senders' options of xymond. Having set
> these options I then got several purple reports. The xymond logfile
> indicated that messages were being refused from hosts, despite the
> xymond man page saying that status messages would be accepted from the
> hosts to which they relate. Example:
>
> 2012-05-11 12:20:39 Refused message from 141.163.162.11: usermsg
> jhvm2.sec.1336735239123422 add id=1336735239 expire=1336737639
> jhvm2.sec green Fri May 11 12:20:39 BST 2012 \n&green dummy
> 2012-05-11 12:20:39 Invalid user message - sender 141.163.162.11 not
> allowed for host jhvm2.sec.1336735239123422
>
Hmm. Just realised that these are 'usermsg' messages. Since the usermsg
format basically only includes an ID and then whatever else we want,
xymon has no way of knowing what the 'host' is (as evidenced by the
message showing the host as 'jhvm2.sec.1336735239123422' when in fact
this is the ID).
I'm wondering if that in order to use usermsgs, and secure Xymon, we
will have to explicitly list all the IP addresses of our hosts (in
tasks.cfg with the '--status-senders' option.
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
More information about the Xymon
mailing list