Hello,
Using Xymon 4.3.7 I have been trying to secure the xymon server, and have been looking at the various 'senders' options of xymond. Having set these options I then got several purple reports. The xymond logfile indicated that messages were being refused from hosts, despite the xymond man page saying that status messages would be accepted from the hosts to which they relate. Example:
2012-05-11 12:20:39 Refused message from 141.163.162.11: usermsg jhvm2.sec.1336735239123422 add id=1336735239 expire=1336737639 jhvm2.sec green Fri May 11 12:20:39 BST 2012 \n&green dummy 2012-05-11 12:20:39 Invalid user message - sender 141.163.162.11 not allowed for host jhvm2.sec.1336735239123422
The hosts.cfg file shows:
141.163.162.11 jhvm2 # testip conn files sec...
The tasks.cfg file for xymond uses the option '--status-senders=$XYMONSERVERIP'.
So according to the xymond man page, because '--status-senders' is set, status reports from 141.163.162.11 for host 'jhvm2' should be accepted (since they are the same host).
My only though here is how xymond is doing the security check. Is it checking the IP address against the name, and/or the name against the IP address? Since we are not using FQDN names, the DNS is not going to be useful, but a host check of the name 'jhvm2' should return the IP address since it is listed in the /etc/hosts file.
Any thoughts?
John.
-- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK Fax: +44 (0)1752 587001