RFE: message encryption
Yes, we have 443 and 22 open so this will just work, if you figure
out how todo it that is...
but this approach will let almost all OS flavors use it as almost all have SSH by default, or at least easily installed.
- Roland
On 11/10/11 08:40 AM, Ralph Mitchell wrote:
but this approach will let almost all OS flavors use it as almost all have SSH by default, or at least easily installed.
- Roland
On 11/10/11 08:40 AM, Ralph Mitchell wrote:
That's close to what I am doing using curl to post to a secure web server. Secure http over port 443 is already blessed by management and security. Opening another port requires paperwork...
Ralph Mitchell
On Oct 10, 2011 5:34 PM, "Roland Soderstrom" <user-0cec9512a49f@xymon.invalid> wrote:
This feature would please my managers a lot, getting all traffic encrypted.
To me it seems like all the stones are there like SSL, xymond isn't that just an RPC?
Just need to put it together. (sounds easy doesn't it)
I had another thought that I haven't played around with yet.
Could you create an ssh tunnel and just pipe all xymon traffic through it?
client % ssh -N -g -f -L 1984:xymonserver.local:1984 xymonserver.local -l roland
And let XYMSRV be localhost:1984
or something similar...
I don't have a test rig to test it out right now.
- Roland
On 11/10/11 08:07 AM, Ralph Mitchell wrote:On Mon, Oct 10, 2011 at 4:53 PM, Rob Munsch <user-d560979fab41@xymon.invalid> wrote:
> At present, I have a work-around. Instead of usingActually....
> bin/xymon to send
> > messages, I'm using curl to post the message file to
> > https://server.domain.com/xymon/upload.php. On the server
> side, the
> > upload.php script simply drops the message file into
> xymon's incoming
> > stream, just as if it were delivered over the net by bin/xymon.
>
> Good idea. I almost can copy this approach.
>
> > The client side has the server's CA cert to validate the connection
> > and the data flow is encrypted in transit. I could use
> client certificates as well.
>
> But I think this approach only works for Linux xymon client,
> since curl is readily available.
> Preparing curl for other Unix(say HP-UX) and Windows will be
> a big challenge.
http://curl.haxx.se/download.html
Wanna run it on Haiku? How about an Amiga? :)
Beat me to it... :-) We've got the script running on some IBM AIX boxes here. I think the curl version is something ridiculous, like curl-7.9, but it still delivers. That particular version is not built with SSL, so it won't do secure connections. We have HP-UX as well, but no Xymon client on that (yet).
I've lost *some* functionality, because I'm only installing the shell scripts, not any compiled binaries. That way, if I have to, I can show that it's just a script using utilities supplied along with the OS, same as anyone can type in to discover machine status. Plus it's easier for other people to maintain.
Ralph MitchellXymon@xymon.com
Xymon@xymon.com