xymon-client for linux over ssl
list Kris Springer
Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984? Thanks so much --- Kris Springer
list Corentin Labbe
Le Wed, Feb 14, 2024 at 09:48:12PM -0700, Kris Springer a ?crit :
▸
Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984? Thanks so much
Hello Since the xymon-client is not TLS aware, the only solution is to use a stunnel. On the remote box, you run the stunnel client listenning on localhost:1984 (and point client to it). On the xymon server, you ran the stunnel server and configure the output to localhost:1984. It is the only solution I know wihout modification of xymon. The other way is to made the xymon client TLS aware like I did on xython https://github.com/xython-monitoring/xython/blob/master/client/xython-client.sh By either having a proxy TLS daemon (and client send data though openssl s_client). Or the best way is to having a HTTPS proxy CGI and pipe xymon-client though curl (https://github.com/xython-monitoring/xython/blob/master/cgi/proxy.py) Regards
list Stef Coene
Hi,
This will send the data over https + protect it with username/password:
- Create server/cgi-binpas directory
- Copy or symlink xymoncgimsg.cgi in that directory
- Create etc/htpasswd file with the htpasswd command
- Add this to xymon-apache.conf (replace <installdir> with the correct
full path) and restart apache:
ScriptAlias /xymon-cgipas/ "<installdir>/server/cgi-binpas/"
<Directory "<installdir>/server/cgi-binpas">
Options ExecCGI Includes FollowSymLinks
AuthType Basic
AuthName "Monitoring Client'
AuthUserFile "<installdir>/server/etc/htpasswd"
Require valid-user
</Directory>
- Use this in the xml configiration file on the windows client:
<serverUrl>https://x.x.x.x/xymon-cgipas/xymoncgimsg.cgi</serverUrl>;
<serverHttpUsername>client</serverHttpUsername>
<serverHttpPassword>client</serverHttpPassword>
For Linux or AIX, I have some scripts and config files as drop-in
replacement for the xymon binary based on wget or curl. If you are
interested, I can send it off-list.
Stef
▸
On 2024-02-15 05:48, Kris Springer wrote:Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984? Thanks so much --- Kris Springer
list Jeremy Laidman
For systems that don't have curl or wget, it may be possible to use openssl
to achieve the same result. This works for me:
XYMONSERVER=xymon.example.com
MSG="status hostname.example.com.linux red `date` bogon check has failed"
MSG="$MSG\r\n"
MSGLEN=${#MSG}
printf "POST /xymon-cgi/xymoncgimsg.cgi HTTP/1.0\r\nHost:
$XYMONSERVER\r\nContent-Length: $MSGLEN\r\n\r\n${MSG}\r\n"; } | openssl
s_client -quiet -connect $XYMONSERVER:443 2>/dev/null | sed '1,/^\r$/d'
J
▸
On Thu, 15 Feb 2024 at 18:17, Stef Coene <user-dbffe946c0f4@xymon.invalid> wrote:
Hi, This will send the data over https + protect it with username/password: - Create server/cgi-binpas directory - Copy or symlink xymoncgimsg.cgi in that directory - Create etc/htpasswd file with the htpasswd command - Add this to xymon-apache.conf (replace <installdir> with the correct full path) and restart apache: ScriptAlias /xymon-cgipas/ "<installdir>/server/cgi-binpas/" <Directory "<installdir>/server/cgi-binpas"> Options ExecCGI Includes FollowSymLinks AuthType Basic AuthName "Monitoring Client' AuthUserFile "<installdir>/server/etc/htpasswd" Require valid-user </Directory> - Use this in the xml configiration file on the windows client: <serverUrl>https://x.x.x.x/xymon-cgipas/xymoncgimsg.cgi</serverUrl>; <serverHttpUsername>client</serverHttpUsername> <serverHttpPassword>client</serverHttpPassword> For Linux or AIX, I have some scripts and config files as drop-in replacement for the xymon binary based on wget or curl. If you are interested, I can send it off-list. Stef On 2024-02-15 05:48, Kris Springer wrote:Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984? Thanks so much --- Kris Springer
list Axel Beckert
Hi Kris,
▸
On Thu, Feb 15, 2024 at 07:20:03AM +0100, Corentin Labbe wrote:Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984?Since the xymon-client is not TLS aware, the only solution is to use a stunnel.
Currently yes, but release 4.4 (currently at 4.4alpha1) will have builtin TLS support.
▸
On the remote box, you run the stunnel client listenning on localhost:1984 (and point client to it). On the xymon server, you ran the stunnel server and configure the output to localhost:1984.
Yes, I usually use 1983 (pun intended as well) for it. Relevant part my server config (bbs = big brother + ssl): [bbs] accept = :::1983 connect = 1984 (Docs say for "connect": "If no host is specified, the host defaults to localhost.) This also adds IPv6 support as well. Client side config: [bbs] accept = 127.0.0.1:1984 connect = <xymon-server-address>:1983 client = yes HTH. Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/