Xymon 4.3.30 Released
list Japheth Cleaver
Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver
list James Louis
Japheth, Will 4.3.31 be out soon or will it jump to 4.4? Thanks, Jim On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid>
▸
wrote:
Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver
--
*Jim Louis \\\\||//// \ ~ ~ / | @ @ |*
*--oOo---(_)---oOo--*
?It does me no injury for my neighbor to say there are twenty gods, or no
God. It neither picks my pocket nor breaks my leg.?
~ Thomas Jefferson
list Japheth Cleaver
Hi Jim, I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate. -jc
▸
On 7/31/2020 7:15 AM, James Louis wrote:Japheth,
Will 4.3.31 be out soon or will it jump to 4.4?
Thanks,
Jim
On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid <mailto:user-87556346d4af@xymon.invalid>> wrote:
Xymon 4.3.30 has been released and is now available for download.
4.3.30 is mostly a bug-fix release, quashing issues stemming from the
security fixes in 4.3.29, including improperly-tight restrictions on
allowed characters in hostname for browsing along with several other
parsing errors. Thanks in particular to Tom Schmidt for his assistance
in tracking these down.
Xymon should also now be more easily buildable on older GCC versions
without the diagnostics pragma available.
Xymon 4.3.30 is available from the Xymon SourceForge page at
https://sourceforge.net/projects/xymon/
As always, thank you to all who have contributed code, ideas, and
features
to the project!
Regards,
Japheth "J.C." Cleaver
--
*Jim Louis
\\\\||////
? ? ? ? ? \ ~ ~? /
? ? ? ? ? | @ @ |
• *--oOo---(_)---oOo--
• ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.?
~ Thomas Jefferson
list James Louis
Thanks for the update Japheth! On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <user-87556346d4af@xymon.invalid>
▸
wrote:
Hi Jim, I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate. -jc On 7/31/2020 7:15 AM, James Louis wrote: Japheth, Will 4.3.31 be out soon or will it jump to 4.4? Thanks, Jim On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson
-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ |* *--oOo---(_)---oOo--* ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson
list Greg Earle
▸
On 31 Jul 2020, at 7:27, Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:
Japheth, Will 4.3.31 be out soon or will it jump to 4.4?I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate.
We haven't yet gotten a formal 4.3.30 Terabithia RPM release for Fedora 31 (it's still in "testing") much less Fedora 32 (not even one in "testing"). Could you get those out to production before moving on to doing a 4.3.31? - Greg
list Ralph Mitchell
Is the 4.4 release going to have encrypted communications? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to xymoncgimsg on port 443. It would be really nice to get port 1984 opened and do it properly. Thanks, Ralph Mitchell
▸
On Fri, Jul 31, 2020 at 11:33 AM James Louis <user-518fefde45bd@xymon.invalid> wrote:
Thanks for the update Japheth! On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Hi Jim, I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate. -jc On 7/31/2020 7:15 AM, James Louis wrote: Japheth, Will 4.3.31 be out soon or will it jump to 4.4? Thanks, Jim On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ |* *--oOo---(_)---oOo--* ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson
list Japheth Cleaver
Hi Ralph, For direct SSL wrapping of client submission to xymond, yes. For authentication of source messages via proxy or intermediary, no. For high-volume situations, or where a reply is not needed, cgimsg will still be a useful mechanism. SSL setup, teardown, and decryption in the core daemon still has an impact, so offloading that to a receiver for termination would be recommended depending on your scale. Regards, -jc On 8/14/2020 7:30 PM, Ralph M wrote:
Is the 4.4 release going to have?encrypted communications?? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to?xymoncgimsg?on port 443.? It would be really nice
▸
to get port 1984 opened and do it properly. Thanks, Ralph Mitchell On Fri, Jul 31, 2020 at 11:33 AM James Louis <user-518fefde45bd@xymon.invalid <mailto:user-518fefde45bd@xymon.invalid>> wrote: Thanks for the update Japheth! On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <user-87556346d4af@xymon.invalid <mailto:user-87556346d4af@xymon.invalid>> wrote: Hi Jim, I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate. -jc On 7/31/2020 7:15 AM, James Louis wrote:Japheth, Will 4.3.31 be out soon or will it jump to 4.4? Thanks, Jim On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid <mailto:user-87556346d4af@xymon.invalid>> wrote: Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver -- *Jim Louis \\\\||//// ? ? ? ? ? \ ~ ~? / ? ? ? ? ? | @ @ | • *--oOo---(_)---oOo-- • ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson-- *Jim Louis \\\\||//// ? ? ? ? ? \ ~ ~? / ? ? ? ? ? | @ @ | • *--oOo---(_)---oOo-- • ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson
list Ralph Mitchell
I think direct SSL wrapping is what I need, thanks. Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon. The problem I've been living with is, I have a bunch of near-identical clients that all reboot at 1:30am to deal with a memory-leaking Java program. This means that their Xymon clients all start up at pretty much the same time and deliver messages fairly close together. From time to time a message storm prevents some clients getting through, and sometimes it seems like status messages are being merged. At least, I get clients reporting filesystems they don't have, and graphs that shows max values equal to the lifetime of the Universe measured in femtoseconds... Ralph Mitchell On Fri, Aug 14, 2020 at 10:56 PM Japheth Cleaver <user-87556346d4af@xymon.invalid>
▸
wrote:
Hi Ralph, For direct SSL wrapping of client submission to xymond, yes. For authentication of source messages via proxy or intermediary, no. For high-volume situations, or where a reply is not needed, cgimsg will still be a useful mechanism. SSL setup, teardown, and decryption in the core daemon still has an impact, so offloading that to a receiver for termination would be recommended depending on your scale. Regards, -jc On 8/14/2020 7:30 PM, Ralph M wrote: Is the 4.4 release going to have encrypted communications? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to xymoncgimsg on port 443. It would be really nice to get port 1984 opened and do it properly. Thanks, Ralph Mitchell On Fri, Jul 31, 2020 at 11:33 AM James Louis <user-518fefde45bd@xymon.invalid> wrote:Thanks for the update Japheth! On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Hi Jim, I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate. -jc On 7/31/2020 7:15 AM, James Louis wrote: Japheth, Will 4.3.31 be out soon or will it jump to 4.4? Thanks, Jim On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson
list Sebastian Auriol
That's interesting Ralph. We sometimes get the same issue with client's status reports getting assigned to the wrong host in the Xymon server too (and this is just using the normal xymond receiver). I thought it might be related to one or two very big message senders though. It's difficult to track down and can happen briefly, trigger an alert and vanish into the mist within a minute when the next report comes in (though some evidence is left behind in the history). But perhaps you are getting big message senders are a reboot as it's sending quite a lot of data in the msg column? Kind regards, SebA
▸
On Sat, 15 Aug 2020 at 05:21, Ralph M <user-00a5e44c48c0@xymon.invalid> wrote:
I think direct SSL wrapping is what I need, thanks. Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon. The problem I've been living with is, I have a bunch of near-identical clients that all reboot at 1:30am to deal with a memory-leaking Java program. This means that their Xymon clients all start up at pretty much the same time and deliver messages fairly close together. From time to time a message storm prevents some clients getting through, and sometimes it seems like status messages are being merged. At least, I get clients reporting filesystems they don't have, and graphs that shows max values equal to the lifetime of the Universe measured in femtoseconds... Ralph Mitchell On Fri, Aug 14, 2020 at 10:56 PM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Hi Ralph, For direct SSL wrapping of client submission to xymond, yes. For authentication of source messages via proxy or intermediary, no. For high-volume situations, or where a reply is not needed, cgimsg will still be a useful mechanism. SSL setup, teardown, and decryption in the core daemon still has an impact, so offloading that to a receiver for termination would be recommended depending on your scale. Regards, -jc On 8/14/2020 7:30 PM, Ralph M wrote: Is the 4.4 release going to have encrypted communications? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to xymoncgimsg on port 443. It would be really nice to get port 1984 opened and do it properly. Thanks, Ralph Mitchell On Fri, Jul 31, 2020 at 11:33 AM James Louis <user-518fefde45bd@xymon.invalid> wrote:Thanks for the update Japheth! On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Hi Jim, I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate. -jc On 7/31/2020 7:15 AM, James Louis wrote: Japheth, Will 4.3.31 be out soon or will it jump to 4.4? Thanks, Jim On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson
list Ralph Mitchell
I think I saw something in one of the patches to fix the client report munging. I'm currently in the Dark Ages, with 4.3.12, on hardware that should have been life-cycled about 10 years ago... I'm supposed to be getting new hardware sometime soon. When I get that, I'll pick up the latest release. One problem I have with upgrading is making sure I carry over a few patches I've made, some of which have already been rolled into mainstream Xymon. I may just let the other changes go and run with vanilla 4.3.31. Ralph Mitchell
▸
On Tue, Aug 18, 2020 at 10:40 AM SebA <user-4631430d620a@xymon.invalid> wrote:
That's interesting Ralph. We sometimes get the same issue with client's status reports getting assigned to the wrong host in the Xymon server too (and this is just using the normal xymond receiver). I thought it might be related to one or two very big message senders though. It's difficult to track down and can happen briefly, trigger an alert and vanish into the mist within a minute when the next report comes in (though some evidence is left behind in the history). But perhaps you are getting big message senders are a reboot as it's sending quite a lot of data in the msg column? Kind regards, SebA On Sat, 15 Aug 2020 at 05:21, Ralph M <user-00a5e44c48c0@xymon.invalid> wrote:I think direct SSL wrapping is what I need, thanks. Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon. The problem I've been living with is, I have a bunch of near-identical clients that all reboot at 1:30am to deal with a memory-leaking Java program. This means that their Xymon clients all start up at pretty much the same time and deliver messages fairly close together. From time to time a message storm prevents some clients getting through, and sometimes it seems like status messages are being merged. At least, I get clients reporting filesystems they don't have, and graphs that shows max values equal to the lifetime of the Universe measured in femtoseconds... Ralph Mitchell On Fri, Aug 14, 2020 at 10:56 PM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Hi Ralph, For direct SSL wrapping of client submission to xymond, yes. For authentication of source messages via proxy or intermediary, no. For high-volume situations, or where a reply is not needed, cgimsg will still be a useful mechanism. SSL setup, teardown, and decryption in the core daemon still has an impact, so offloading that to a receiver for termination would be recommended depending on your scale. Regards, -jc On 8/14/2020 7:30 PM, Ralph M wrote: Is the 4.4 release going to have encrypted communications? I'm not supposed to send plain text over the network, so I've been faking it with curl posting to xymoncgimsg on port 443. It would be really nice to get port 1984 opened and do it properly. Thanks, Ralph Mitchell On Fri, Jul 31, 2020 at 11:33 AM James Louis <user-518fefde45bd@xymon.invalid> wrote:Thanks for the update Japheth! On Fri, Jul 31, 2020 at 9:27 AM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Hi Jim, I'm looking at the XSS report and sorting through a variety of the patches since this release now. There will be a 4.3.31 release with this as well as other updates, as well as a 4.4 pre-release. Due to there being a longish gap, a maintenance release is appropriate. -jc On 7/31/2020 7:15 AM, James Louis wrote: Japheth, Will 4.3.31 be out soon or will it jump to 4.4? Thanks, Jim On Thu, Sep 5, 2019 at 5:29 PM Japheth Cleaver <user-87556346d4af@xymon.invalid> wrote:Xymon 4.3.30 has been released and is now available for download. 4.3.30 is mostly a bug-fix release, quashing issues stemming from the security fixes in 4.3.29, including improperly-tight restrictions on allowed characters in hostname for browsing along with several other parsing errors. Thanks in particular to Tom Schmidt for his assistance in tracking these down. Xymon should also now be more easily buildable on older GCC versions without the diagnostics pragma available. Xymon 4.3.30 is available from the Xymon SourceForge page at https://sourceforge.net/projects/xymon/ As always, thank you to all who have contributed code, ideas, and features to the project! Regards, Japheth "J.C." Cleaver-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson-- *Jim Louis \\\\||//// \ ~ ~ / | @ @ | * *--oOo---(_)---oOo-- * ?It does me no injury for my neighbor to say there are twenty gods, or no God. It neither picks my pocket nor breaks my leg.? ~ Thomas Jefferson
list Axel Beckert
Hi,
▸
On Sat, Aug 15, 2020 at 12:21:24AM -0400, Ralph M wrote:I think direct SSL wrapping is what I need, thanks. Would it be unreasonable to suggest that the SSL setup, decryption, etc be offloaded to a standalone program that then delivers the message to the core daemon in the same manner as cgimsg? I'd like to get Apache out of the loop, and just have an SSL-enabled message receiver funneling status messages to the core daemon.
That's easy: I use stunnel (Debian package "stunnel4") for that. Also gives you instant IPv6 reachability for the Xymond. Server setup (relevant snippet from my /etc/stunnel/stunnel.conf): [bbs6] accept = :::1983 connect = 1984 Since it's encrypted and has better privacy, I use port 1983 for that with the mnemonic "before 1984". :-) Client (relevant snippets from my /etc/stunnel/stunnel.conf and /etc/default/xymon-client): [bbs] accept = 127.0.0.1:1984 connect = <your-xymon-server>:1983 client = yes and XYMONSERVERS="127.0.0.1" The client snippets are from a host which has no IPv4 connectivity (besides localhost). Kind regards, Axel -- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: user-bc188e45dae4@xymon.invalid \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: user-0064bde8d49d@xymon.invalid X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/