[Xymon] Encrypted Xymon reporting over SSL using stunnel (was: RES: Is the xymon Dead? Future)

Richard L. Hamilton rlhamil2 at gmail.com
Fri Mar 8 20:28:43 CET 2019


In the ideal, esp. when the client may have a dynamic IP address (DHCP without reserved addresses, or mobile clients, for example), it would IMO also be really good if the client reports could optionally be signed, with a certificate the server could verify, to give some confidence as to their actually coming from the client...not that that assures that the actual client wasn't compromised, but it's better than nothing insofar as it at least gives good odds that misleading (or maliciously crafted) data from elsewhere isn't being provided.

> On Mar 8, 2019, at 11:09, Axel Beckert <abe at deuxchevaux.org> wrote:
> 
> Hi Ralph,
> 
> On Fri, Mar 08, 2019 at 10:40:55AM -0500, Ralph Mitchell wrote:
>> I'd still like to see encrypted connections for Xymon client messages going
>> to the server.
> 
> Yeah, this definitely is a feature which would be very nice to
> available out of the box.
> 
> Nevertheless you can do that already now with stunnel as I mentioned:
> 
>>> (And yes, I'm still hoping and waiting for IPv6 support, too,
>>> especially in xymonnet-based checks. Reporting to IPv6-only servers is
>>> no issue though, if you anyways use stunnel to encrypt the
>>> client-reporting traffic.)
> 
> Debian's xymon package ships /usr/share/doc/xymon/README.encryption
> with hints how to implement encrypted reporting with Xymon.
> 
> The current version can be found in our packaging git repository at
> https://salsa.debian.org/debian/xymon/blob/master/debian/README.encryption
> although I'm thinking about renaming it to README.encryption.md as I
> wrote it in Markdown syntax.
> 
> It also refers to this more detailed documentation:
> https://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Administration_Guide#Encryption_and_Tunnelling
> 
> HTH!
> 
> 		Kind regards, Axel
> -- 
> PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
> Mail: abe at deuxchevaux.org  \ /  Say No to HTML in E-Mail and Usenet
> Mail+Jabber: abe at noone.org  X
> https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon



More information about the Xymon mailing list