XymonPS upgrade source
list Timothy Williams
In our main 'regular' server environment we have a web server that holds the newest XymonPS client for successful self-upgrading on slow scan. However, in our restrictive PCI environment, the Windows servers are not permitted to access the outside web folder or even other servers in the environment excepting WSUS, antivirus, etc on specific ports. They do send and receive files on port 1984 to Xymon server. 2019-02-05 14:11:23 Main and optional tests finished. 2019-02-05 14:11:23 Sending to server 2019-02-05 14:11:23 Using UTF8 encoding 2019-02-05 14:11:23 Connecting to host 192.168.47.233 2019-02-05 14:11:23 Sent 69413 bytes to server 2019-02-05 14:11:23 Received 107 bytes from server I have tried to use the bb: pseudo-URL to access the download folder on the Xymon (3.28) Linux server. World Read permissions have been verified. From the client logs, it appears to find the file and initiates a download, but the new file has zero bytes. The upgrade process continues to restart the service, but obviously hangs as there is now no script file. I have tried both ASCII and UTF8 encoding. 2019-02-05 14:11:23 Found a command: clientversion:2.35:bb://usr/local/xymon/server/download .. 2019-02-05 14:11:23 Executing XymonCheckUpdate 2019-02-05 14:11:24 Running version 2.28; config version 2.35; attempting upgrade 2019-02-05 14:11:24 XymonDownloadFromServer - Downloading usr/local/xymon/server/download/xymonclient_2.35.ps1 to C:\Utils\xymonclient_2.35.ps1 2019-02-05 14:11:24 Using UTF8 encoding 2019-02-05 14:11:24 Connecting to host 192.168.47.233 2019-02-05 14:11:24 Sent 62 bytes to server 2019-02-05 14:11:24 Wrote 0 bytes from server to C:\Utils\xymonclient_2.35.ps1 2019-02-05 14:11:24 Launching update 2019-02-05 14:11:24 Upgrading C:\Utils\xymonclient.ps1 to C:\Utils\xymonclient_2.35.ps1 2019-02-05 14:11:24 Restarting service... The error message on the XymonD process indicates that the file was not found. Latest error messages: Download file usr/local/xymon/server/xymonclient_2.35.ps1 not found Anybody have ideas about where the fault lies? Using file share or https is beyond where InfoSec wants to go. We currently manually copy in new clients to each PCI server, I'd like to have self-upgrading working. Tim Williams Virginia Commonwealth University Computer Center
list Zak Beck
Hi I’d forgotten we added bb:// style urls, I must admit I don’t use them regularly. From the server side, the manpage<https://www.xymon.com/help/manpages/man1/xymon.1.html>; says: download FILENAME Download a file from the Xymon server’s download directory. Looking at the xymond code (I’m hoping this is the right place): sprintf(fullfn, "%s/download/%s", xgetenv("XYMONHOME"), fn) so I think the download directory should be under your XYMONHOME and the path in the bb: url is relative to that. You will not be able to download from an absolute path per your config currently. I guess you might want to create an updates directory e.g. $XYMONHOME/download/updates/, put your new client files there and your bb url will be bb://updates. Zak
▸
From: Xymon <xymon-bounces at xymon.com> On Behalf Of Timothy Williams
Sent: Wednesday, 6 February 2019 16:54
To: xymon at xymon.com
Subject: [External] [Xymon] XymonPS upgrade source
In our main 'regular' server environment we have a web server that holds the newest XymonPS client for successful self-upgrading on slow scan. However, in our restrictive PCI environment, the Windows servers are not permitted to access the outside web folder or even other servers in the environment excepting WSUS, antivirus, etc on specific ports. They do send and receive files on port 1984 to Xymon server.
2019-02-05 14:11:23 Main and optional tests finished.
2019-02-05 14:11:23 Sending to server
2019-02-05 14:11:23 Using UTF8 encoding
2019-02-05 14:11:23 Connecting to host 192.168.47.233
2019-02-05 14:11:23 Sent 69413 bytes to server
2019-02-05 14:11:23 Received 107 bytes from server
I have tried to use the bb: pseudo-URL to access the download folder on the Xymon (3.28) Linux server. World Read permissions have been verified. From the client logs, it appears to find the file and initiates a download, but the new file has zero bytes. The upgrade process continues to restart the service, but obviously hangs as there is now no script file. I have tried both ASCII and UTF8 encoding.
2019-02-05 14:11:23 Found a command: clientversion:2.35:bb://usr/local/xymon/server/download
..
2019-02-05 14:11:23 Executing XymonCheckUpdate
2019-02-05 14:11:24 Running version 2.28; config version 2.35; attempting upgrade
2019-02-05 14:11:24 XymonDownloadFromServer - Downloading usr/local/xymon/server/download/xymonclient_2.35.ps1 to C:\Utils\xymonclient_2.35.ps1
2019-02-05 14:11:24 Using UTF8 encoding
2019-02-05 14:11:24 Connecting to host 192.168.47.233
2019-02-05 14:11:24 Sent 62 bytes to server
2019-02-05 14:11:24 Wrote 0 bytes from server to C:\Utils\xymonclient_2.35.ps1
2019-02-05 14:11:24 Launching update
2019-02-05 14:11:24 Upgrading C:\Utils\xymonclient.ps1 to C:\Utils\xymonclient_2.35.ps1
2019-02-05 14:11:24 Restarting service...
The error message on the XymonD process indicates that the file was not found.
Latest error messages:
Download file usr/local/xymon/server/xymonclient_2.35.ps1 not found
Anybody have ideas about where the fault lies? Using file share or https is beyond where InfoSec wants to go. We currently manually copy in new clients to each PCI server, I'd like to have self-upgrading working.
Tim Williams
Virginia Commonwealth University Computer Center
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy. www.accenture.com
list Timothy Williams
Thanks! So for us it is just the bb:// which points to the default /download folder. It works! We may make a XymonPS subfolder down the road. Tim On Wed, Feb 6, 2019 at 12:43 PM Andy Smith <user-982f5f6d4d28@xymon.invalid> wrote:
All, Spot on Zak, we use the bb:// urls for our upgrades, we have ~xymon/server/download/XymonPS/ populated with for example xymonclient_2.28.ps1 and the client configured with lines such as :- clientversion:2.28:bb://XymonPS:SHA1:0737ef113b23f1994c21495e678eaa04bfd1e1c7 -- Andy
▸
On Wed, Feb 06, 2019 at 05:15:40PM +0000, Beck, Zak wrote:I???d forgotten we added bb:// style urls, I must admit I don???t use them regularly.
From the server side, the manpage< https://www.xymon.com/help/manpages/man1/xymon.1.html>; says:
▸
download FILENAME Download a file from the Xymon server???s download directory. Looking at the xymond code (I???m hoping this is the right place): sprintf(fullfn, "%s/download/%s", xgetenv("XYMONHOME"), fn) so I think the download directory should be under your XYMONHOME and the path in the bb: url is relative to that. You will not be able to download from an absolute path per your config currently. I guess you might want to create an updates directory e.g.$XYMONHOME/download/updates/, put your new client files there and your bb url will be bb://updates.Zak From: Xymon <xymon-bounces at xymon.com> On Behalf Of Timothy Williams Sent: Wednesday, 6 February 2019 16:54 To: xymon at xymon.com Subject: [External] [Xymon] XymonPS upgrade source In our main 'regular' server environment we have a web server that holds the newest XymonPS client for successful self-upgrading on slow scan.However, in our restrictive PCI environment, the Windows servers are not permitted to access the outside web folder or even other servers in the environment excepting WSUS, antivirus, etc on specific ports. They do send and receive files on port 1984 to Xymon server.2019-02-05 14:11:23 Main and optional tests finished. 2019-02-05 14:11:23 Sending to server 2019-02-05 14:11:23 Using UTF8 encoding 2019-02-05 14:11:23 Connecting to host 192.168.47.233 2019-02-05 14:11:23 Sent 69413 bytes to server 2019-02-05 14:11:23 Received 107 bytes from server I have tried to use the bb: pseudo-URL to access the download folder on the Xymon (3.28) Linux server. World Read permissions have been verified.From the client logs, it appears to find the file and initiates a download, but the new file has zero bytes. The upgrade process continues to restart the service, but obviously hangs as there is now no script file. I have tried both ASCII and UTF8 encoding.2019-02-05 14:11:23 Found a command:clientversion:2.35:bb://usr/local/xymon/server/download.. 2019-02-05 14:11:23 Executing XymonCheckUpdate 2019-02-05 14:11:24 Running version 2.28; config version 2.35; attempting upgrade 2019-02-05 14:11:24 XymonDownloadFromServer - Downloading usr/local/xymon/server/download/xymonclient_2.35.ps1 toC:\Utils\xymonclient_2.35.ps12019-02-05 14:11:24 Using UTF8 encoding 2019-02-05 14:11:24 Connecting to host 192.168.47.233 2019-02-05 14:11:24 Sent 62 bytes to server 2019-02-05 14:11:24 Wrote 0 bytes from server toC:\Utils\xymonclient_2.35.ps12019-02-05 14:11:24 Launching update 2019-02-05 14:11:24 Upgrading C:\Utils\xymonclient.ps1 toC:\Utils\xymonclient_2.35.ps12019-02-05 14:11:24 Restarting service... The error message on the XymonD process indicates that the file was not found. Latest error messages: Download file usr/local/xymon/server/xymonclient_2.35.ps1 not found Anybody have ideas about where the fault lies? Using file share or https is beyond where InfoSec wants to go. We currently manually copy in new clients to each PCI server, I'd like to have self-upgrading working. Tim Williams Virginia Commonwealth University Computer Center