There's a clientupdate option:
https://xymon.com/help/manpages/man1/clientupdate.1.html
I've never used it, but it would allow the server to send code updates.
Ralph Mitchell
On Tue, Jun 8, 2021 at 3:49 PM Bruce Ferrell <user-24fbf1912cfe@xymon.invalid> wrote:
Some of those are true... The Xymon server can tell the client to run
something IF the client has been pre-configured for it. I've never seen
a config that allowed sending code to the client (upgrades?) and I've
been using Xymon and it's predecessor, Big Brother, since 2000. Are you
maybe referring to remote logfetch via ssh?
Out of the box, all of those "objections" for Xymon are true for Zabbix
as well.
Zabbix needs a MySQL instance set up to make it run too.
Nagios is just plain "fussy" with the same objections to encryption and
triple A.
I think we all know what happened when the "secure" labyrinth called
Solarwinds was breached.
My point is that simple is good. Simple is in your control.
Your point John?
On 6/8/21 12:17 PM, John Thurston wrote:
It is worth noting that out of the box:
A) the Xymon client <> server communication channel is unencrypted TCP
B) there is neither authentication or authorization of that channel
C) any client may send valid messages for any hostname
D) the Xymon server may send arbitrary code to the client for execution
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska
On 6/8/2021 9:54 AM, Bruce Ferrell wrote:
The "worst", most technical thing I know about installing Xymon is
building from source (my preferred method), but just about any modern
Linux distro has binaries available. The second "worst" thing is
editing text files to configure it. There have been configuration
tools attempted, but to my knowledge, really gone nowhere.