[Xymon] Recommendations for how I should set maint-senders ?
John Thurston
john.thurston at alaska.gov
Thu Mar 6 21:44:53 CET 2014
the --maint-senders option for xymond is explained as:
> Controls which hosts may send maintenance commands to xymond.
> Maintenance commands are the "enable", "disable", "ack" and "notes"
> commands. Format of this option is as for the --status-senders
> option. It is strongly recommended that you use this to restrict
> access to these commands, so that monitoring of a host cannot be
> disabled by a rogue user - e.g. to hide a system compromise from the
> monitoring system.
But while exploring some unexpected client behavior today, it appears
that --maint-senders is only enforced for hosts in hosts.cfg which are
defined with explicit addresses.
On line 71 of lib/ipaccess.c I found this:
> if (strcmp(targetip, "0.0.0.0") == 0) return 1; /* DHCP hosts can report from any address */
It looks like regardless of how I set --maint-senders, anyone can send a
'disable' message for any host defined with 0.0.0.0 Since 90% of my
500 hosts are dynamically defined in hosts.cfg, it feels like trying to
clamp down --maint-senders is kind of pointless for me.
Can anyone suggest reasons why I shouldn't just blow that setting wide open?
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska
More information about the Xymon
mailing list