[Xymon] Is Xymon Alive?

John Thurston john.thurston at alaska.gov
Tue Jun 8 22:12:44 CEST 2021


On 6/8/2021 11:49 AM, Bruce Ferrell wrote:
>  Are you
> maybe referring to remote logfetch via ssh?

I am referring to logfetch, which is part of the standard client 
package, and which does not default to -noexec (and which does not use ssh).

Per the man page:
Logfetch can be requested to execute arbitrary commands to generate a 
list of log files to examine dynamically, but this can present a 
security risk in some environments. Set this option to prevent logfetch 
from executing requested commands

Let's pass arbitrary code, unencrypted across the network, for it to be 
run by a daemon on a remote machine. What could possibly go wrong?
Why would anyone want to permit this?
Do you still use 'telnet' for production job control?


> My point is that simple is good.  Simple is in your control.
> 
> Your point John?

My point is that a 'simple solution' may not include some things which 
have become standard and expected between 1998 and 2021.

I still run Xymon, and have been running its predecessors since the late 
90s. But this _is_ 2021. Encrypted network communication, or at least 
the _capability_ to encrypt network communication is pretty much normal. 
When my users come to me asking me to make Xymon do things for them, I 
must continually remind them of its 1990's roots, and clarify which of 
their base assumptions may not be valid.


--
Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska


More information about the Xymon mailing list