Xymon Mailing List Archive search

RFE: message encryption

list Ralph Mitchell
Mon, 10 Oct 2011 17:40:26 -0400
Message-Id: <user-312a40114ccd@xymon.invalid>

That's close to what I am doing using curl to post to a secure web server.
Secure http over port 443 is already blessed by management and security.
Opening another port requires paperwork...

Ralph Mitchell
On Oct 10, 2011 5:34 PM, "Roland Soderstrom" <user-0cec9512a49f@xymon.invalid>
wrote:

 This feature would please my managers a lot, getting all traffic
encrypted.
To me it seems like all the stones are there like SSL, xymond isn't that
just an RPC?
Just need to put it together. (sounds easy doesn't it)

I had another thought that I haven't played around with yet.
Could you create an ssh tunnel and just pipe all xymon traffic through it?

client % ssh -N -g -f -L 1984:xymonserver.local:1984 xymonserver.local -l
roland
And let XYMSRV be localhost:1984
or something similar...

I don't have a test rig to test it out right now.

- Roland


On 11/10/11 08:07 AM, Ralph Mitchell wrote:

On Mon, Oct 10, 2011 at 4:53 PM, Rob Munsch <user-d560979fab41@xymon.invalid>wrote:

At present, I have a work-around.  Instead of using
bin/xymon to send
messages, I'm using curl to post the message file to
https://server.domain.com/xymon/upload.php.  On the server
side, the
upload.php script simply drops the message file into
xymon's incoming
stream, just as if it were delivered over the net by bin/xymon.
Good idea.  I almost can copy this approach.

The client side has the server's CA cert to validate the connection
and the data flow is encrypted in transit.  I could use
client certificates as well.
But I think this approach only works for Linux xymon client,
since curl is readily available.
Preparing curl for other Unix(say HP-UX) and Windows  will be
a big challenge.
 Actually....

http://curl.haxx.se/download.html

Wanna run it on Haiku? How about an Amiga? :)

Beat me to it...  :-)    We've got the script running on some IBM AIX boxes
here.  I think the curl version is something ridiculous, like curl-7.9, but
it still delivers.  That particular version is not built with SSL, so it
won't do secure connections.  We have HP-UX as well, but no Xymon client on
that (yet).

I've lost *some* functionality, because I'm only installing the shell
scripts, not any compiled binaries.  That way, if I have to, I can show that
it's just a script using utilities supplied along with the OS, same as
anyone can type in to discover machine status.  Plus it's easier for other
people to maintain.

Ralph Mitchell


Xymon mailing user-d459c9d661b6@xymon.invalid