In xymond.8.html is written:
--maint-senders=IP[/MASK][,IP/MASK]
Controls which hosts may send maintenance commands to xymond. Maintenance commands are the "enable", "disable", "ack" and "notes" commands. Format of this option is as for the --status-senders option. It is strongly recommended that you use this to restrict access to these commands, so that monitoring of a host cannot be disabled by a rogue user - e.g. to hide a system compromise from the monitoring system.
I am able to make '--status-senders' work as advertised, but I am unable to make '--maint-senders' work the way I think it should.
The xmond segment of my tasks.cfg is:
CMD xymond --pidfile=$XYMONSERVERLOGS/xymond.pid \
--restart=$XYMONTMP/xymond.chk --checkpoint-file=$XYMONTMP/xymond.chk --checkpoint-interval=600 \
--log=$XYMONSERVERLOGS/xymond.log \
--maint-senders=$XYMONSERVERIP \
--no-download \
--store-clientlogs=!msgs
but I can still send disable-messages for an arbitrary hosts-test combination from an arbitrary windows machine with:
BBWinCmd.exe xymon.example.com disable foo.example.com ssh 10 Text
When I change the tasks.cfg to contain an arbitrary ip address (of a non-existent host):
--maint-senders=10.10.10.10 \
I am still able to send disable-messages from arbitrary machines. But, my log file then shows errors for attempts by the xymon server to handle alerts:
2013-10-14 12:34:27 Refused message from 10.200.10.24: notify foo,example,com.ssh
So I see --maint-senders being evaluated by the alert-handling process, but ignored by the client-listener.
Does anyone else have --main-senders working correctly?
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Enterprise Technology Services
Department of Administration
State of Alaska