This may help someone, or it may already be a FAQ that I didn't find.

I have a 4.3.3 client prototype running on a RHEL 5.6 platform hardened to about 90% of the Center for Internet Security RHEL5 benchmark (customer standard). In /etc/default/xymon-client, XYMONSERVERS was correctly set, but the client kept trying to connect to 127.0.0.1. After much head-banging, I realized that clientlaunch.log was griping about not being unable to READ /var/run/xymonclient-runtime.cfg, which after all was being correctly updated with the XYMSRV setting from XYMONSERVERS at every launch. Found that it was root:adm with 640 perms, apparently root startup could write it but xymon child daemon could not read. chowned to root:xymon and all is well even after multiple restarts.

CIS umask setting for root is 0077, so it looks like whatever creates this explicitly sets the perms. I installed via rpm built from current Sourceforge 4.3.3 tarball using Francois Herbert's March instructions for fixing the broken spec file, in case that has any bearing. I don't see anything in the spec or init files setting perms on the file.