Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984?
Thanks so much
Kris Springer
Le Wed, Feb 14, 2024 at 09:48:12PM -0700, Kris Springer a ?crit :
Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984?
Thanks so much
Hello
Since the xymon-client is not TLS aware, the only solution is to use a stunnel.
On the remote box, you run the stunnel client listenning on localhost:1984 (and point client to it). On the xymon server, you ran the stunnel server and configure the output to localhost:1984.
It is the only solution I know wihout modification of xymon.
The other way is to made the xymon client TLS aware like I did on xython https://github.com/xython-monitoring/xython/blob/master/client/xython-client... By either having a proxy TLS daemon (and client send data though openssl s_client). Or the best way is to having a HTTPS proxy CGI and pipe xymon-client though curl (https://github.com/xython-monitoring/xython/blob/master/cgi/proxy.py)
Regards
Hi Kris,
On Thu, Feb 15, 2024 at 07:20:03AM +0100, Corentin Labbe wrote:
Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984?
Since the xymon-client is not TLS aware, the only solution is to use a stunnel.
Currently yes, but release 4.4 (currently at 4.4alpha1) will have builtin TLS support.
On the remote box, you run the stunnel client listenning on localhost:1984 (and point client to it). On the xymon server, you ran the stunnel server and configure the output to localhost:1984.
Yes, I usually use 1983 (pun intended as well) for it.
Relevant part my server config (bbs = big brother + ssl):
[bbs] accept = :::1983 connect = 1984
(Docs say for "connect": "If no host is specified, the host defaults to localhost.)
This also adds IPv6 support as well.
Client side config:
[bbs] accept = 127.0.0.1:1984 connect = <xymon-server-address>:1983 client = yes
HTH.
Kind regards, Axel-- PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/ Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet Mail+Jabber: abe at noone.org X https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
Hi,
This will send the data over https + protect it with username/password:
Create server/cgi-binpas directory
Copy or symlink xymoncgimsg.cgi in that directory
Create etc/htpasswd file with the htpasswd command
Add this to xymon-apache.conf (replace <installdir> with the correct full path) and restart apache: ScriptAlias /xymon-cgipas/ "<installdir>/server/cgi-binpas/" <Directory "<installdir>/server/cgi-binpas"> Options ExecCGI Includes FollowSymLinks AuthType Basic AuthName "Monitoring Client' AuthUserFile "<installdir>/server/etc/htpasswd" Require valid-user </Directory>
Use this in the xml configiration file on the windows client: <serverUrl>https://x.x.x.x/xymon-cgipas/xymoncgimsg.cgi</serverUrl> <serverHttpUsername>client</serverHttpUsername> <serverHttpPassword>client</serverHttpPassword>
For Linux or AIX, I have some scripts and config files as drop-in replacement for the xymon binary based on wget or curl. If you are interested, I can send it off-list.
Stef
On 2024-02-15 05:48, Kris Springer wrote:
Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984?
Thanks so much
Kris Springer
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
For systems that don't have curl or wget, it may be possible to use openssl to achieve the same result. This works for me:
XYMONSERVER=xymon.example.com
MSG="status hostname.example.com.linux red date bogon check has failed"
MSG="$MSG\r\n"
MSGLEN=${#MSG}
printf "POST /xymon-cgi/xymoncgimsg.cgi HTTP/1.0\r\nHost:
$XYMONSERVER\r\nContent-Length: $MSGLEN\r\n\r\n${MSG}\r\n"; } | openssl
s_client -quiet -connect $XYMONSERVER:443 2>/dev/null | sed '1,/^\r$/d'
J
On Thu, 15 Feb 2024 at 18:17, Stef Coene <stef.coene at docum.org> wrote:
Hi,
This will send the data over https + protect it with username/password:
Create server/cgi-binpas directory
Copy or symlink xymoncgimsg.cgi in that directory
Create etc/htpasswd file with the htpasswd command
Add this to xymon-apache.conf (replace <installdir> with the correct full path) and restart apache: ScriptAlias /xymon-cgipas/ "<installdir>/server/cgi-binpas/" <Directory "<installdir>/server/cgi-binpas"> Options ExecCGI Includes FollowSymLinks AuthType Basic AuthName "Monitoring Client' AuthUserFile "<installdir>/server/etc/htpasswd" Require valid-user </Directory>
Use this in the xml configiration file on the windows client: <serverUrl>https://x.x.x.x/xymon-cgipas/xymoncgimsg.cgi</serverUrl> <serverHttpUsername>client</serverHttpUsername> <serverHttpPassword>client</serverHttpPassword>
For Linux or AIX, I have some scripts and config files as drop-in replacement for the xymon binary based on wget or curl. If you are interested, I can send it off-list.
Stef
On 2024-02-15 05:48, Kris Springer wrote:
Can anyone advise on the method to have the Debian xymon-client send its data to the Server using SSL instead of port 1984?
Thanks so much
Kris Springer
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
participants (5)
-
abe@deuxchevaux.org
-
clabbe.montjoie@gmail.com
-
jeremy@laidman.org
-
kspringer@innovateteam.com
-
stef.coene@docum.org