[Xymon] [bug report] logfetch: disable executing arbitrary commands
Christoph Zechner
zechner at vrvis.at
Fri Oct 15 16:10:29 CEST 2021
Hi,
I was surprised to learn that executing arbitrary commands via logfetch
is the default in xymon and I think it shouldn't be. Overall it would
make xymon a little bit more secure and if needed, it could be easily
activated.
Attached is the necessary patch for this, please let me know if this
suits the general idea of xymon or if there are arguments against this
measure.
Thanks in advance!
Cheers,
Christoph
patch:
--- xymonclient.cfg.DIST
+++ xymonclient.cfg.NEW
@@ -15,7 +15,7 @@
XYMONCLIENTLOGS="$XYMONHOME/logs" # Where we store the client logfiles
# Options to logfetch, the xymon binary which examines log files for
recent changes.
-LOGFETCHOPTS=""
+LOGFETCHOPTS="--noexec"
# Local Mode (Only) Options
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xymonclient.cfg.patch
Type: text/x-patch
Size: 306 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20211015/4b68af87/attachment.bin>
More information about the Xymon
mailing list