On Fri, 2012-05-11 at 12:50 +0100, John Horne wrote:
Hello,
Using Xymon 4.3.7 I have been trying to secure the xymon server, and
have been looking at the various 'senders' options of xymond. Having set
these options I then got several purple reports. The xymond logfile
indicated that messages were being refused from hosts, despite the
xymond man page saying that status messages would be accepted from the
hosts to which they relate. Example:
2012-05-11 12:20:39 Refused message from 141.163.162.11: usermsg
jhvm2.sec.1336735239123422 add id=1336735239 expire=1336737639
jhvm2.sec green Fri May 11 12:20:39 BST 2012 \n&green dummy
2012-05-11 12:20:39 Invalid user message - sender 141.163.162.11 not
allowed for host jhvm2.sec.1336735239123422
Hmm. Just realised that these are 'usermsg' messages. Since the usermsg
format basically only includes an ID and then whatever else we want,
xymon has no way of knowing what the 'host' is (as evidenced by the
message showing the host as 'jhvm2.sec.1336735239123422' when in fact
this is the ID).
I'm wondering if that in order to use usermsgs, and secure Xymon, we
will have to explicitly list all the IP addresses of our hosts (in
tasks.cfg with the '--status-senders' option.
John.
--
John Horne Tel: +XX (X)XXXX XXXXXX
Plymouth University, UK Fax: +XX (X)XXXX XXXXXX