[Xymon] Is Xymon Alive?
John Thurston
john.thurston at alaska.gov
Tue Jun 8 22:12:44 CEST 2021
On 6/8/2021 11:49 AM, Bruce Ferrell wrote:
> Are you
> maybe referring to remote logfetch via ssh?
I am referring to logfetch, which is part of the standard client
package, and which does not default to -noexec (and which does not use ssh).
Per the man page:
Logfetch can be requested to execute arbitrary commands to generate a
list of log files to examine dynamically, but this can present a
security risk in some environments. Set this option to prevent logfetch
from executing requested commands
Let's pass arbitrary code, unencrypted across the network, for it to be
run by a daemon on a remote machine. What could possibly go wrong?
Why would anyone want to permit this?
Do you still use 'telnet' for production job control?
> My point is that simple is good. Simple is in your control.
>
> Your point John?
My point is that a 'simple solution' may not include some things which
have become standard and expected between 1998 and 2021.
I still run Xymon, and have been running its predecessors since the late
90s. But this _is_ 2021. Encrypted network communication, or at least
the _capability_ to encrypt network communication is pretty much normal.
When my users come to me asking me to make Xymon do things for them, I
must continually remind them of its 1990's roots, and clarify which of
their base assumptions may not be valid.
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
More information about the Xymon
mailing list