In the ideal, esp. when the client may have a dynamic IP address (DHCP without reserved addresses, or mobile clients, for example), it would IMO also be really good if the client reports could optionally be signed, with a certificate the server could verify, to give some confidence as to their actually coming from the client...not that that assures that the actual client wasn't compromised, but it's better than nothing insofar as it at least gives good odds that misleading (or maliciously crafted) data from elsewhere isn't being provided.
On Mar 8, 2019, at 11:09, Axel Beckert <abe at deuxchevaux.org> wrote:
Hi Ralph,
On Fri, Mar 08, 2019 at 10:40:55AM -0500, Ralph Mitchell wrote:
I'd still like to see encrypted connections for Xymon client messages going to the server.
Yeah, this definitely is a feature which would be very nice to available out of the box.
Nevertheless you can do that already now with stunnel as I mentioned:
(And yes, I'm still hoping and waiting for IPv6 support, too, especially in xymonnet-based checks. Reporting to IPv6-only servers is no issue though, if you anyways use stunnel to encrypt the client-reporting traffic.)
Debian's xymon package ships /usr/share/doc/xymon/README.encryption with hints how to implement encrypted reporting with Xymon.
The current version can be found in our packaging git repository at https://salsa.debian.org/debian/xymon/blob/master/debian/README.encryption although I'm thinking about renaming it to README.encryption.md as I wrote it in Markdown syntax.
It also refers to this more detailed documentation: https://en.wikibooks.org/wiki/System_Monitoring_with_Xymon/Administration_Gu...
HTH!
Kind regards, Axel-- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: abe at noone.org X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon