In xymond.8.html is written:

--maint-senders=IP[/MASK][,IP/MASK] Controls which hosts may send maintenance commands to xymond. Maintenance commands are the "enable", "disable", "ack" and "notes" commands. Format of this option is as for the --status-senders option. It is strongly recommended that you use this to restrict access to these commands, so that monitoring of a host cannot be disabled by a rogue user - e.g. to hide a system compromise from the monitoring system.

I am able to make '--status-senders' work as advertised, but I am unable to make '--maint-senders' work the way I think it should.

The xmond segment of my tasks.cfg is:

CMD xymond --pidfile=$XYMONSERVERLOGS/xymond.pid
--restart=$XYMONTMP/xymond.chk --checkpoint-file=$XYMONTMP/xymond.chk --checkpoint-interval=600
--log=$XYMONSERVERLOGS/xymond.log
--maint-senders=$XYMONSERVERIP
--no-download
--store-clientlogs=!msgs

but I can still send disable-messages for an arbitrary hosts-test combination from an arbitrary windows machine with: BBWinCmd.exe xymon.example.com disable foo.example.com ssh 10 Text

When I change the tasks.cfg to contain an arbitrary ip address (of a non-existent host):

--maint-senders=10.10.10.10 \

I am still able to send disable-messages from arbitrary machines. But, my log file then shows errors for attempts by the xymon server to handle alerts:

2013-10-14 12:34:27 Refused message from 10.200.10.24: notify foo,example,com.ssh

So I see --maint-senders being evaluated by the alert-handling process, but ignored by the client-listener.

Does anyone else have --main-senders working correctly?

-- Do things because you should, not just because you can.

John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska