[Xymon] RFE: message encryption
Ralph Mitchell
ralphmitchell at gmail.com
Mon Oct 10 23:40:26 CEST 2011
That's close to what I am doing using curl to post to a secure web server.
Secure http over port 443 is already blessed by management and security.
Opening another port requires paperwork...
Ralph Mitchell
On Oct 10, 2011 5:34 PM, "Roland Soderstrom" <rolands at logicaltech.com.au>
wrote:
> This feature would please my managers a lot, getting all traffic
> encrypted.
> To me it seems like all the stones are there like SSL, xymond isn't that
> just an RPC?
> Just need to put it together. (sounds easy doesn't it)
>
> I had another thought that I haven't played around with yet.
> Could you create an ssh tunnel and just pipe all xymon traffic through it?
>
> client % ssh -N -g -f -L 1984:xymonserver.local:1984 xymonserver.local -l
> roland
> And let XYMSRV be localhost:1984
> or something similar...
>
> I don't have a test rig to test it out right now.
>
> - Roland
>
>
> On 11/10/11 08:07 AM, Ralph Mitchell wrote:
>
> On Mon, Oct 10, 2011 at 4:53 PM, Rob Munsch <Munsch at phillycarshare.org>wrote:
>
>> > At present, I have a work-around. Instead of using
>> > bin/xymon to send
>> > > messages, I'm using curl to post the message file to
>> > > https://server.domain.com/xymon/upload.php. On the server
>> > side, the
>> > > upload.php script simply drops the message file into
>> > xymon's incoming
>> > > stream, just as if it were delivered over the net by bin/xymon.
>> >
>> > Good idea. I almost can copy this approach.
>> >
>> > > The client side has the server's CA cert to validate the connection
>> > > and the data flow is encrypted in transit. I could use
>> > client certificates as well.
>> >
>> > But I think this approach only works for Linux xymon client,
>> > since curl is readily available.
>> > Preparing curl for other Unix(say HP-UX) and Windows will be
>> > a big challenge.
>>
>> Actually....
>>
>> http://curl.haxx.se/download.html
>>
>> Wanna run it on Haiku? How about an Amiga? :)
>>
>
> Beat me to it... :-) We've got the script running on some IBM AIX boxes
> here. I think the curl version is something ridiculous, like curl-7.9, but
> it still delivers. That particular version is not built with SSL, so it
> won't do secure connections. We have HP-UX as well, but no Xymon client on
> that (yet).
>
> I've lost *some* functionality, because I'm only installing the shell
> scripts, not any compiled binaries. That way, if I have to, I can show that
> it's just a script using utilities supplied along with the OS, same as
> anyone can type in to discover machine status. Plus it's easier for other
> people to maintain.
>
> Ralph Mitchell
>
>
>
> _______________________________________________
> Xymon mailing listXymon at xymon.comhttp://lists.xymon.com/mailman/listinfo/xymon
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20111010/55e84fec/attachment.html>
More information about the Xymon
mailing list